Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

They can do this in the existing tool. Moving to the Admin tool, they would like to keep this feature.

Current flow in Homeria:

...

image (13).pngImage Added

Request link:

Jira Legacy
serverSystem Jira
serverId255417eb-03fa-3e2f-a6ba-05d325fec50d
keyIREQ-1494

...

  • Sometimes, the employees register customers transactions in a single account (not the customer’s account) in order to get points and benefit from discounts/rewards.

  • The restaurant identifies a customer that only have joke orders (placed orders without payment and then cancel / do not show up)

  • The restaurant identifies that the same customer always open a incidence saying he didn't receive the entire order or has problem with the quality. Because the customer expects a refund.

These fraudulent behaviors may jeopardize the company’s financials and it’s important to have controls in place to avoid this type of issue. On average, 10 accounts are blocked per month in Iberia (most of them are restaurant employees).

One of the existing implemented controls is: to allow the customer support team to block a suspicious fraudulent account, to “stop the bleeding” and to avoid this continuous behavior.

...

Info

What are the goals the opportunity is going to address

  • Due to GDPR, it’s recommended to use two difference storage instances: one for customer data and another one for user data. The admin tool already has a customer data repository. To store and show the user tracking historical data, it’s necessary to create a new service to save this type of information. As this requires additional scope/ effort, which was not considered during Q2 planning, we decided to move forward splitting this deliverable into different milestones.
  • Milestone 1 (end of Q2): Be able to block and unblock customer accounts, without tracking on support/ admin tool. We will only keep technical logs to be consulted if necessary. This is the scope of this first deliverable and will be developed by the Iberia dedicated team
  • Next milestones: 2- Be able to change email addresses associated to a customer account (INTL team - Users; ETA: end of Q3); 3 - Create a new service to store the users data, including the email changes (INTL team - Users; ETA: mid of Q4); 4- Be able to track the user data related with (un)blocking customer accounts and show it on Admin/support tool ( Iberia dedicated team; ETA: end of Q4).

Image Added

Scope for 1st deliverable:

ADMIN TOOL

  • Be able to block the account. This account won’t be able to place any more orders this brand. Blocks the account only for one brand. Blocking the account means that: the customer can’t place more orders, can't access the account, can’t use the loyalty benefits and all other features that might be available when they were logged in.

  • Blocking reason: to block the account, the customer support agent must choose include the blocking reason.

    • List of blocking reasons (mandatory field)

      • fraude cliente

      • fraude empleado

      • incidencia

    • add an open text box (optional field)

      • if the agent wants to explain more details, there will be an open box text to add those details.

  • Confirmation page: to avoid human error, a confirmation page must be shown to the agent, to validate that this is the action that s/he wants to perform.

  • Only the customer support team will be able to block customer accounts.

    Status
    colourGreen
    titlenew

  • Be able to unblock the account. If there was a mistake or if the customer requests to unblock the account, the agent must be able to undue it.

EMAIL NOTIFICATION

  • When the account is blocked the customer receives an email notification message.

    • Email message: “Estimado cliente

      Le informamos que su cuenta ha sido bloqueada temporalmente al detectar un posible uso fraudulento . Si cree que ha sido un error o desea más información por favor póngase en contacto con Atención al Cliente a través de nuestra web www.burgerking  o nuestra App.”

The message should always include the form to redirect to the contact form.

  • The blocking is visible on the admin tool and data logs, for visibility and traceability:

    • When it was blocked: day and hour.

    • Who blocked: identify the customer support agent who performed the action.

    • Blocking reasons and open text comments.

  • Be able to unblock the account. If there was a mistake or if the customer requests to unblock the account, the agent must be able to undue it.

    • Unblocking reason (mandatory field)

      • This is an open text box, so the agent can explain the unblocking reason. As there are many different reasons, there won’t be a predefined list.

  • When the account is unblocked the customer receives an email notification message.

    • Email message: “Estimado cliente

      Le informamos que una vez revisado el posible uso fraudulento se ha procedido a desbloquear su cuenta.

      Para cualquier información por favor póngase en contacto con Atención al Cliente a través de nuestra web www.burgerking  o nuestra App.”

The

...

  • When it was unblocked: day and hour.

  • Who unblocked: identify the customer support agent who performed the action.

  • Unblocking reason.

OTHER APPS:

...

WL

...

Kiosk

...

POS

...

message should always include the form to redirect to the contact form

OTHER APPS:

  • WL

  • Kiosk: as customers must use OTP to be able to login on kiosk. If the account is blocked on WL (where the OTP is generated), the customer can’t get the OTP and won’t be able to login on Kiosk. No development is required for this channel.

  • POS: as customers must use OTP to be able to login on POS. If the account is blocked on WL (where the OTP is generated), the customer can’t get the OTP and won’t be able to login on POS. No development is required for this channel.

  • Call center: there will be an exception as we can’t block customer account through call center.

  • Braze

  • When the customer/ agent tries to sign in /sign up to this account to place a new order, a message should be shown to let them know that the account exists but it’s blocked. This message should be visible to all types of logins (inclusive through social networks)

...

  • When the account is blocked, all active sessions for this account should be logged out.

  • If the account is blocked, the customer shouldn’t receive any marketing campaigns.

AMPLITUDE:

  • The customer account blocking information should be tracked.

  • There should be a tracking applied to the blocking message, so we can register that the customer actually got the blocking message notification.

Scenarios details

1.1. Guest account is blocked and the account is logged off

Steps

Expected Outcome

Comments

Customer support compliance agent blocks customer account on Admin tool

  • Customer support compliance agent searches by customer on admin tool using the loyalty id code

  • Then blocks the customer, choosing the blocking option.

  • The customer account is logged off (this process can take up to one hour).

  • An email notification is sent to the customer to let them know that the account has been blocked.

  • Braze communications will be temporarily suspended.

  • Events on mParticle and Amplitude will be kept.

  • New role with permission to block customer accounts.

  • New blocking button available on admin tool.

  • Force customer account logoff process.

  • Email notifications configured on sanity.

  • Braze communications are automatically blocked.

Customer opens the WL app or web, to Sign-in/ Sign-up

  • When the customer tries to log in, they will receive an error message to let them know that the account has been blocked.

  • Sign-in/ Sign-up page: new error flow (and event) to let the customer know that the account has been blocked.

1.2. Guest account is blocked and the account is logged in

1.2.1. And the customer tries to place an order online (WL)

Steps

Expected Outcome

Comments

Customer support compliance agent blocks customer account on Admin tool

Same as 1.1. scenario

Same as 1.1. scenario

Customer opens the WL app to place an order

If the account is still logged in, the customer can use the app regularly:

  • when the customer tries to place the order, on checkout page, the account will be logged off and the customer can’t place the order. The customer will be redirected to Sign-in/ Sign-up page and will receive the error message.

  • when the customer tries to change profile information, on profile page, the customer won’t be able to complete the action. The customer will be redirected to Sign-in/ Sign-up page and will receive the error message.

  • After 1 hour, the customer will be automatically logged off.

  • Sign-in/ Sign-up page: new error flow (and event) to let the customer know that the account has been blocked.

  • Refresh account to force logoff

1.2.2. And the customer tries to place an order in-store (Kiosk or POS)

Steps

Expected Outcome

Comments

Customer support compliance agent blocks customer account on Admin tool

Same as 1.1. scenario

Same as 1.1. scenario

Customer places an order on Kiosk or directly on POS

  • To link the purchase to the customer account, the customer must open the WL app to generate the OTP code.

  • No changes, this is the current behavior.

Customer opens the WL app to generate the OTP code to access the account

  • If the account is still logged in, the customer tries to generate the OTP code, on that page, the account will be logged off and the customer can’t generate the code. The customer will be redirected to Sign-in/ Sign-up page and will receive the error message.

  • After 1 hour, the customer will be automatically logged off.

  • Sign-in/ Sign-up page: new error flow (and event) to let the customer know that the account has been blocked.

  • Refresh account to force logoff

Customer proceeds to place the order

  • Without the OTP code, the customer cannot link this transaction to the customer account. The order can be placed, but without this customer account associated to it.

1.3. Guest account is blocked and the customer places an order through the call center

Steps

Expected Outcome

Comments

Customer support compliance agent blocks customer account on Admin tool

Same as 1.1. scenario

  • Same as 1.1. scenario

Customer places an order on call-center

  • There’s no way to check whether the account is blocked and the customer will be able to place the order and use their account information.

  • This is an exception that cannot be controlled, as call-center doesn’t access account blocking information.

1.4. Guest account is unblocked

Steps

Expected Outcome

Comments

Customer support compliance agent unblocks customer account on Admin tool

  • Customer support compliance agent searches by customer on admin tool using the loyalty id code

  • Then unblocks the customer, choosing the blocking option.

  • An email notification is sent to the customer to let them know that the account has been unblocked.

  • The braze communications will be sent again (remove suspension). The communications preferences will be kept the same to the ones configured before account blocking.

  • New role with permission to block customer accounts.

  • New blocking button available on admin tool.

  • Email notifications configured on sanity.

  • Braze communications are automatically unblocked and get back to previous configurations.

As the account was necessarily logged-off, when the customer opens the WL app or web must log-in

  • The customer can log-in again and all transactions and profile information is available, as before account blocking.

  • No changes

Scope for the 4th deliverable:

  • Blocking reason: to block the account, the customer support agent must choose include the blocking reason.

    • List of blocking reasons (mandatory field)

      • fraude cliente

      • fraude empleado

      • incidencia

    • add an open text box (optional field)

      • if the agent wants to explain more details, there will be an open box text to add those details.

  • The blocking is visible on the admin tool and data logs, for visibility and traceability:

    • When it was blocked: day and hour.

    • Who blocked: identify the customer support agent who performed the action.

    • Blocking reasons and open text comments.

  • Unblocking reason (mandatory field)

    • This is an open text box, so the agent can explain the unblocking reason. As there are many different reasons, there won’t be a predefined list.

  • The unblocking is visible on the admin tool and data logs, for visibility and traceability:

    • When it was unblocked: day and hour.

    • Who unblocked: identify the customer support agent who performed the action.

    • Unblocking reason.

📈 Success Metrics

Info

List here which are the metrics to look at to define success for the solution implemented. Use those KPIs to define the current status

...

  • Should the account be blocked for all brands or only for the brand that identified the fraud? (Example: if the fraud was identified for BK ES, should we block this account only for BK ES, even if there is a similar account for PLK ES?) NoOnly for one brand at a time.

    Status
    colourGreen
    titleanswered

  • In which systems should the account be blocked? The account is blocked and it’s not possible to login in any system.

    Status
    colourGreen
    titleanswered

  • Should we block the user to create a new account with the same email? Is this part of the scope? the account won’t be deleted; only blocked. So the customer always gets the blocking message.

    Status
    colourGreen
    titleanswered

  • What is the email confirmation message? Details above.

    Status
    colourGreen
    titleanswered

  • Should we send a notification message when the account is unblocked? Yes

    Status
    colourGreen
    titleanswered

  • Is it possible to track blocked accounts on amplitude?

  • How to ensure that we can block customers who are using a previously generated OTP (KIOSK and POS)

  • What is the connection with the DMP (ex: Homeria)?

  • How the blocked user request their data or delete their data (DSAR flow)?

(blue star) Insights

1️⃣ Stakeholder Interviews

...