...
They can do this in the existing tool. Moving to the Admin tool, they would like to keep this feature.
Current flow in Homeria:
...
Request link:
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
...
Sometimes, the employees register customers transactions in a single account (not the customer’s account) in order to get points and benefit from discounts/rewards.
The restaurant identifies a customer that only have joke orders (placed orders without payment and then cancel / do not show up)
The restaurant identifies that the same customer always open a incidence saying he didn't receive the entire order or has problem with the quality. Because the customer expects a refund.
These fraudulent behaviors may jeopardize the company’s financials and it’s important to have controls in place to avoid this type of issue. On average, 10 accounts are blocked per month in Iberia (most of them are restaurant employees).
One of the existing implemented controls is: to allow the customer support team to block a suspicious fraudulent account, to “stop the bleeding” and to avoid this continuous behavior.
...
Info |
---|
What are the goals the opportunity is going to address |
- Due to GDPR, it’s recommended to use two difference storage instances: one for customer data and another one for user data. The admin tool already has a customer data repository. To store and show the user tracking historical data, it’s necessary to create a new service to save this type of information. As this requires additional scope/ effort, which was not considered during Q2 planning, we decided to move forward splitting this deliverable into different milestones.
- Milestone 1 (end of Q2): Be able to block and unblock customer accounts, without tracking on support/ admin tool. We will only keep technical logs to be consulted if necessary. This is the scope of this first deliverable and will be developed by the Iberia dedicated team
- Next milestones: 2- Be able to change email addresses associated to a customer account (INTL team - Users; ETA: end of Q3); 3 - Create a new service to store the users data, including the email changes (INTL team - Users; ETA: mid of Q4); 4- Be able to track the user data related with (un)blocking customer accounts and show it on Admin/support tool ( Iberia dedicated team; ETA: end of Q4).
Scope for 1st deliverable:
ADMIN TOOL
Be able to block the account. This account won’t be able to place any more orders this brand. Blocks the account only for one brand. Blocking the account means that: the customer can’t place more orders, can't access the account, can’t use the loyalty benefits and all other features that might be available when they were logged in.
Blocking reason: to block the account, the customer support agent must choose include the blocking reason.
List of blocking reasons (mandatory field)
fraude cliente
fraude empleado
incidencia
add an open text box (optional field)
if the agent wants to explain more details, there will be an open box text to add those details.
Only the customer support team will be able to block customer accounts.
Status colour Green title new Be able to unblock the account. If there was a mistake or if the customer requests to unblock the account, the agent must be able to undue it.
Confirmation page: to avoid human error, a confirmation page must be shown to the agent, to validate that this is the action that s/he wants to perform.
EMAIL NOTIFICATION
When the account is blocked the customer receives an email notification message.
Email message: “Estimado cliente
Le informamos que su cuenta ha sido bloqueada temporalmente al detectar un posible uso fraudulento . Si cree que ha sido un error o desea más información por favor póngase en contacto con Atención al Cliente a través de nuestra web www.burgerking o nuestra App.”
The message should always include the form to redirect to the contact form.
The blocking is visible on the admin tool and data logs, for visibility and traceability:
When it was blocked: day and hour.
Who blocked: identify the customer support agent who performed the action.
Blocking reasons and open text comments.
Be able to unblock the account. If there was a mistake or if the customer requests to unblock the account, the agent must be able to undue it.
Unblocking reason (mandatory field)
This is an open text box, so the agent can explain the unblocking reason. As there are many different reasons, there won’t be a predefined list.
When the account is unblocked the customer receives an email notification message.
Email message: “Estimado cliente
Le informamos que una vez revisado el posible uso fraudulento se ha procedido a desbloquear su cuenta.
Para cualquier información por favor póngase en contacto con Atención al Cliente a través de nuestra web www.burgerking o nuestra App.”
The
...
When it was unblocked: day and hour.
Who unblocked: identify the customer support agent who performed the action.
Unblocking reason.
OTHER APPS:
...
WL
...
Kiosk
...
POS
...
message should always include the form to redirect to the contact form
OTHER APPS:
WL
Kiosk: as customers must use OTP to be able to login on kiosk. If the account is blocked on WL (where the OTP is generated), the customer can’t get the OTP and won’t be able to login on Kiosk. No development is required for this channel.
POS: as customers must use OTP to be able to login on POS. If the account is blocked on WL (where the OTP is generated), the customer can’t get the OTP and won’t be able to login on POS. No development is required for this channel.
Call center: there will be an exception as we can’t block customer account through call center.
Braze
When the customer/ agent tries to sign in /sign up to this account to place a new order, a message should be shown to let them know that the account exists but it’s blocked. This message should be visible to all types of logins (inclusive through social networks)
...
When the account is blocked, all active sessions for this account should be logged out.
If the account is blocked, the customer shouldn’t receive any marketing campaigns.
AMPLITUDE:
The customer account blocking information should be tracked.
There should be a tracking applied to the blocking message, so we can register that the customer actually got the blocking message notification.
Scenarios details
1.1. Guest account is blocked and the account is logged off
Steps | Expected Outcome | Comments |
---|---|---|
Customer support compliance agent blocks customer account on Admin tool |
|
|
Customer opens the WL app or web, to Sign-in/ Sign-up |
|
|
1.2. Guest account is blocked and the account is logged in
1.2.1. And the customer tries to place an order online (WL)
Steps | Expected Outcome | Comments |
---|---|---|
Customer support compliance agent blocks customer account on Admin tool | Same as 1.1. scenario | Same as 1.1. scenario |
Customer opens the WL app to place an order | If the account is still logged in, the customer can use the app regularly:
|
|
1.2.2. And the customer tries to place an order in-store (Kiosk or POS)
Steps | Expected Outcome | Comments |
---|---|---|
Customer support compliance agent blocks customer account on Admin tool | Same as 1.1. scenario | Same as 1.1. scenario |
Customer places an order on Kiosk or directly on POS |
|
|
Customer opens the WL app to generate the OTP code to access the account |
|
|
Customer proceeds to place the order |
|
1.3. Guest account is blocked and the customer places an order through the call center
Steps | Expected Outcome | Comments |
---|---|---|
Customer support compliance agent blocks customer account on Admin tool | Same as 1.1. scenario |
|
Customer places an order on call-center |
|
|
1.4. Guest account is unblocked
Steps | Expected Outcome | Comments |
---|---|---|
Customer support compliance agent unblocks customer account on Admin tool |
|
|
As the account was necessarily logged-off, when the customer opens the WL app or web must log-in |
|
|
Scope for the 4th deliverable:
Blocking reason: to block the account, the customer support agent must choose include the blocking reason.
List of blocking reasons (mandatory field)
fraude cliente
fraude empleado
incidencia
add an open text box (optional field)
if the agent wants to explain more details, there will be an open box text to add those details.
The blocking is visible on the admin tool and data logs, for visibility and traceability:
When it was blocked: day and hour.
Who blocked: identify the customer support agent who performed the action.
Blocking reasons and open text comments.
Unblocking reason (mandatory field)
This is an open text box, so the agent can explain the unblocking reason. As there are many different reasons, there won’t be a predefined list.
The unblocking is visible on the admin tool and data logs, for visibility and traceability:
When it was unblocked: day and hour.
Who unblocked: identify the customer support agent who performed the action.
Unblocking reason.
📈 Success Metrics
Info |
---|
List here which are the metrics to look at to define success for the solution implemented. Use those KPIs to define the current status |
...
Should the account be blocked for all brands or only for the brand that identified the fraud? (Example: if the fraud was identified for BK ES, should we block this account only for BK ES, even if there is a similar account for PLK ES?) NoOnly for one brand at a time.
Status colour Green title answered In which systems should the account be blocked? The account is blocked and it’s not possible to login in any system.
Status colour Green title answered Should we block the user to create a new account with the same email? Is this part of the scope? the account won’t be deleted; only blocked. So the customer always gets the blocking message.
Status colour Green title answered What is the email confirmation message? Details above.
Status colour Green title answered Should we send a notification message when the account is unblocked? Yes
Status colour Green title answered Is it possible to track blocked accounts on amplitude?
How to ensure that we can block customers who are using a previously generated OTP (KIOSK and POS)
What is the connection with the DMP (ex: Homeria)?
How the blocked user request their data or delete their data (DSAR flow)?
Insights
1️⃣ Stakeholder Interviews
...