Social Conversations: Using Messaging to Protect Private Data

Amid public concerns over Cambridge Analytica’s use of Facebook data, the enforcement of new data privacy regulations under GDPR, and headlines about social media data breaches (like these from Twitter and Facebook), we’re reminded that exchanges between brands and customers sent through social networks can pose security risks.

Brand protection on social requires maintenance. It’s important to make sure that team members from marketing to care to IT to PR are following your company’s guidelines for protecting customer data, especially while exchanging information over third-party networks like Twitter, Facebook, or WeChat. Even if you’re using private messages or direct messages (DMs) on those networks, you’re not entirely in the clear; since mitigating security risks is the responsibility of the social networks and data is subject to their Terms of Service, brands have very little control over data exchanged on social networks. If you work in a regulated industry or have a customer base that may be more sensitive to data breaches, it might be time to consider adding a secure brand-owned channel into your digital repertoire.

Brand protection on social media requires maintenance.

When team members are discussing issues without any personal data with customers, such as steps to reset a password or hours of operation, public communication is ideal, especially if other customers would benefit from seeing the content. DMs are a great way for brands to take customer conversations to a private destination when necessary — for example, when you need more than 140 characters to resolve the issue, or when you need to share details that the brand or customer may not want the world to see.

If a customer reaches out to your brand with a public Tweet and it’s clear that personal information might be exchanged, you can ask them to send a DM instead; it’s simple for a moderator to add a link to a public response which will take the customer directly to where they can compose a DM and work with an agent to resolve an issue. From there, the agent can interact privately with the customer to work towards a resolution.

DMs are a great way for brands to take customer conversations to a private destination when necessary.

For many brands, this method of moving to private social messages allows their agents to have more in-depth conversations and collect more detailed information from customers, such as a product description. But if the brand or the customer needs to share more personal information, such as an email address, phone number, or birth date, the conversation should be transferred to a more secure channel to protect that data.

While this may sound simple, it’s important to get it right. Too often, brands must deflect customers from social to phone or email in order to authenticate the customer’s identity and securely discuss personal data. This raises support costs for the brand and creates a frustrating and fragmented experience for the customer. As one study found, getting passed around is one of the top three most annoying customer service issues consumers encounter.

Getting passed around is one of the top three most annoying customer service issues.

1. Train agents on various data types
   Make sure agents know when a public inquiry needs to be moved to DMs and make it as easy as possible for agents and customers to transfer into that channel. Better yet, equip agents with a list of the specific data types that can and cannot be exchanged, even in DMs. Cross reference this list with any industry specific or local regulations, like GDPR.
2. Authenticate customers
   If your customer hasn’t already been authenticated, confirm the customer is who they say they are via secure authentication. Ideally, you should authenticate customers digitally — their chosen communication style — and then either return them back to their original channel or transfer them to a secure brand-owned messaging channel to resolve the issue.
3. Transfer to a more secure, digital channel
   Add a secure, brand-owned messaging channel to your customer care mix so that you can easily move conversations into an encrypted space where your brand is in control of the data. To reduce costs, go live more quickly, and scale more effectively, make sure this channel is integrated with your existing social care platform rather than a standalone technology.
4. Transfer to phone as a last resort
   If for some reason you’re unable to implement a secure, brand-owned conversation channel, it’s critical you have a workflow established for transferring conversations to phone. It’s important to also minimize customer frustration as much as possible, but customer privacy should always be your top priority.

Social media networks are an effective and preferred way for brands to engage with their customers, and breaches shouldn’t deter you from leveraging social as a care channel. While your first instinct may be to create tighter guidelines around when to transfer conversations to your call center, first consider whether brand-owned messaging might be a good fit for your customer care department.

Up until recently, Sprint had a policy to deflect social inquiries involving account data to the phone in order to authenticate customers’ identity and securely discuss personal data. But recently, Sprint implemented a brand-owned, secure messaging solution through Khoros to safely engage customers in digital conversations without the inconvenience of diverting to a different channel. The implementation has resulted in a 77% reduction in calls back to a customer and a significant increase in positive customer sentiment.

If you’re a Khoros customer, adding brand-owned messaging is just like adding any other channel into your mix; all conversations continue to get routed, prioritized, and analyzed in the same interface. To learn more about how you can use messaging to securely support customers the way they want to be supported, download our whitepaper The Superhero of Customer Support: Messaging.