My past weekend started with what seemed to be a burly hit to my information & privacy which appeared have been compromised. The part of the fact more amusing was the realisation that these two were probably the largest firms in global information space & had the best mechanisms in place for security of data.
Let’s delve into what happened & what can we learn of it.
The what!
1st problem – a charge on my credit card of 1k stating that was put because I bought a handheld device but didn’t trade in my previous device, when I accurately remembered giving it in hands of an employee of the official outlet of that firm.
2nd problem – receiving an email, that somebody modified my online account information, precisely my email address was changed, and phone number was modified, the only issue was that might have probably contained my payment card information. When I tried to login into the account, I wasn’t able to as the site said account did not exist, the email address sent in my email notification for the change - which was used to login was not mine and I had no access for using any backup phone to send the reset instructions as the phone number info was changed as well.
I tried to deal with the above 2 issues – sequentially measuring the potential impact..
The how! – 1st problem – I rushed over to the store which had placed the charge on my account and subsequently called my bank. Since the charges were already put on the account they couldn’t be reversed, so I started querying with the store staff and asked them to investigate what had happened. The staff was co-operative and asked me for a bunch of information which included the order details and the email which said that my trade-in never reached the store and had to be cancelled. It took some time for them to locate the order and after about 30 minutes of waiting, I got someone asking me for the phone details which I turned in. The funny part about all this was that the previous phone was bought from the same store earlier and my online account should have the history but anyways I was able to do some search. Finally, I was asked for IMEI number of the phone, which was a hard thing to find out but I probably got lucky by looking at my old emails and pulling out the IMEI from one of them. Then the wait started again, this time it was around 45 mins but I did receive some pieces of update from the staff after 25 minutes stating they had trouble locating their database and figuring out what had gone wrong and I might need to just wait some more time. No breakfast and it was already lunch time so the wait was wearing on me gradually but I was hopeful.
At last, after about an hour an half I got the notification from the staff that my phone was not considered a trade-in as it was an upgrade and I had been charged for the pending amount on that phone, a concession was given towards the cost & no charges were to be applied going further on the old phone & new phone, which seemed to make sense. The only thing that didn’t make any sense was –
· The long wait to get it..
· The information was already there in the order..
· The order didn’t have sufficient instructions which gave details about what would be given back to me as a proof once my phone was turned in.
The fun part! Intelligent tools ..
Here’s where I think an artificially intelligent assistant on the entire software suite of the firm would have helped – just given the order number, it would have been able to pull up the details, ascertain the exact issue based on the sequence of events happening on that order using the cause and effect model and the staff would have been more focused on attending to other customers instead of running around to get these details. Augmentation of AI is a crucial step towards assisting any employee to get the work done fast and not replace them, it is important as it saves me time as a customer, it saves the staff time and it improves the process by providing recommendations back to the company what to include in its information section for customers. Although everything comes under the banner of one firm but many a times a lot of partners are involved, layers which make it difficult to get the information fast. This kind of assistant can query and report quickly bypassing the need for a handshake turnaround every-time.
The how! - 2nd problem –
A typical hacker pattern is to attack in a way that the comprise has little to no chances of getting reversed by the affected user, the buy-out is always the time, which gives the hacker to exploit the information in ways possible to cause maximum damage. That’s what was running on my mind as I saw that I cannot access my account and whatever I provide to recover it would not be sufficient – if the phone was changed then the information would be directly going to the hacker. Two step verification is an important activity, but artificially intelligent mechanisms can be used to exploit it quicker.
I tried to reach the site manual for reporting the issue, the site asked me more questions on when I did the purchase and when I last accessed the account, which again I had to dig in into and then provide but that didn’t resolve the problem, so I thought I would go ahead and chat with someone who can assist.
It took me sometime to explain the problem to them as I was thinking the nature of events was looking like a compromise in transit. The person assisting me asked me the same set of questions which were asked in the site manual. Now since I was doing the same process over again, my mind started to think, I saw the company sends a verification email so if there is an event which triggered my email getting changed, I should have a verification email (important learning- never delete a verification email, serves a lot), although to my dismay, I couldn’t find one. Then I checked all the emails for that service and I could just find 2 of them – one which contained the fact that my email was changed & other which was my attempt to report it. Then I checked my other emails and saw few emails on my other email account - finally I could figure out what had gone wrong here. It seemed somebody opened an account but used my email and then realized and changed it. The good part – the ticket was raised, and the firm was notified.
The fun part! – intelligent tools, again – here the assistant if it was intelligent could predict the pattern and avoid a mistake which caused this event in first place by looking at the timeline and customer profile information and suggesting what went wrong instantaneously. Further it could suggest method to the company of such patterns in order for them to provide a better means to handle them in future.
The good thing from both events was that both the companies had staff which did their best at assisting with the available tools they had.
(well, if anyone is still interested in the details of the firms & not guessed by now, first one was the mobile giant, 2nd one was software giant, both competitors ;-)).
No comments:
Post a Comment