Wednesday, July 18, 2012

9 Reasons email is best for the delivery of confidential customer documents

I don’t need to preach the advantages of email, but it seems many of its clear advantages are not being utilized when it comes to communicating with customers on confidential matters – such as sending them a statement or insurance contract document. The confidential nature of these documents has previously prevented them from being emailed over the “public” internet.

Customer experience drives adoption
The current process is that these documents are housed on a secure website and an email notification is sent to customers to login (or even register first) to retrieve them. This is not a great experience for customers who then quickly opt to receive paper documents again.

The solution to this problem is to send the secure document by email , but to protect the confidential information by encrypting the document and applying a password to open it.

This immediately takes the pain away from the customer, allowing them to replace the opening of an envelope with clicking on an attachment directly from the email - so much easier than having to visit a website and login. It also plays to the strengths of email.

Here are nine reasons why email is king for delivering secure documents

ppt-button
Customer adoption


Due to the nature of email, it’s so much easier to get customers to opt-in to receive documents via email, compared to asking them to register and then visit a portal. Registration is a barrier, as it requires the customer to remember yet another username and password.

ppt-button
Reduce phishing concerns


Since you’re not asking customers to visit a website from the email, the phishing concerns are significantly reduced. The document is attached and the email contains authentication information on each customer.

ppt-button
Ease of use


It’s easy for the customer to open and save these documents. No registration is required, instead the document password is a “Shared Secret” which is a mixture of known information about the customer (birth date and postal code as an example). Coupled with password protection to your inbox, this provides adequate security of the documents.

ppt-button
Reduce payment time


Email bills arrive quickly and most often sooner than the paper. In our experience we’ve found that more than 50% of customers pay within two days of receiving the email bill, which is a significant improvement on paper processes.

ppt-button
Increase self service


Advanced functionality can be included in the attachment, such as payment calculators, change of address forms, call-back request forms, cross-selling tools and basic dispute resolution.

ppt-button
Archiving & Control


The customer can quickly and easily save their document to their own PC and back them up without reliance on third parties.

ppt-button
Reduce operational costs


The solution significantly reduces paper, printing and postage costs by substituting email for paper delivery.

ppt-button
Security


An email bill is totally secure, using the latest encryption technology and remains encrypted when not in use, protecting confidentiality.

ppt-button
Marketing


Personalized and relevant marketing can be included to cross-sell and up-sell to customers, a touch-point that is often missed in a notification.

It’s never too late to make the switch
Remember to always think about the user experience. And don’t forget to leverage all the benefits of using email as a medium (automated triggers, relevant marketing included, etc). Then look at the various types of documents that you want to convert to email and establish what level of security needs to be applied to each one, as they won’t all carry the same amount of confidential information.

If you have the documents, but not the solution, then reach out to a specialist this field. Call us for a free consultation

This blog post first appeared on the Email Vendor Selection site. To read the full version, click here

Mia Papanicolaou
striata.com 

Wednesday, July 11, 2012

3 Easy steps to mitigate phishing attacks

Another day, another phishing attack... Unfortunately there’s no way to stop phishing, but there are a number of ways to minimize the risks. The recent attack on Telstra customers, as reported in Australian Courier Mail, caught my eye for a couple of reasons. 


The Attack

Without going into too much detail, a Telstra-branded email was sent out with instructions to click a link to update your details “following an error in scheduled maintenance”, but the link of course didn’t go to any Telstra site (reportedly, it pointed to a British spa website which is a bit bizarre in itself).

Your service provider says 'click' - the Fraud Squad says don’t!

What interested me the most was the statement from the Queensland Crime Prevention Command’s Fraud and Corporate Crime Group:

"Regardless of what’s in this email - logos, account details and email addresses - the most important thing to remember is that they asked you to click on a link within an email. Legitimate companies will never ask you to do this, especially when it comes to providing your personal information.”

While this is well intentioned advice, it is fundamentally wrong! The fact is that thousands of legitimate companies send millions of emails every month asking their customers to click on a link – in most cases to view their eBills or eStatements online. And we’re talking big names; American Express does it, HSBC does it, 3 does it…and Telstra does it too.

So, now we have millions of confused customers out there being told by the police never to click on a link in an email, while their service providers are asking them to do just that! What’s the answer?

The Solution

The fraud squad suggests that the safest solution is to just stop using links to web portal log-in pages in your emails. So, perhaps you should consider delivering your customers' eBills or eStatements as PDF attachments to the email instead? This way, there’s no need for a link and a significantly reduced risk of the email being a phishing attack. However, if you have no alternative, there are a few things you can do to protect your customers...

3 steps to prevent phishing attacks:

  1. Educate your customers – While it’s important to ensure that you use consistent branding in all your email communications, fraudsters are getting smarter about replicating these. Educating your customers to recognize your emails is one of the most powerful ways to protect them from phishing attempts. Look for alternative ways to help them identify your legitimate email such as using a customer selected image that must appear in every email.
  2. Personalization – “Dear Keith” is better than “Dear Valued Customer” (and does anything make you feel less valued than being called a ‘valued customer’??), because generic greetings are an easy way for a fraudster to recreate a company’s style.
  3. Authentication – This is the big one! Consistently include authentication in every email communication with the customers. Name, partial account number, partial address or postcode are all easy for a legitimate company to include in the email body, but impossible for a fraudster. Educate your customer that your emails will always have authentication, so any phishing email becomes instantly recognizable. Make use of the various security features available, such as digital email signatures, DKIM, DMARC and SPF to further authenticate the email and minimize the risk of it ending up in a spam folder.


global-telco-email Taking these steps will minimize the risk of your company and customers becoming the victims of phishing attacks. If you’d like to find out more, contact one of our email specialists...

Keith Russell
striata.com

Wednesday, July 4, 2012

5 Common challenges organizations face in maintaining email data

Every digital communicator knows that your ability to reach customers starts with valid contact details. If ‘position, position, position’ was the holy grail of the traditional marketing era, then ‘data, data, data’ is its replacement in the digital era.

Getting customers' contact details (and their permission to communicate electronically) is the first step in the digital game. But maintaining the validity of that data has to be an ongoing program, and one that often presents significant challenges to an organization.

The good news is: if data hygiene and reactivation keeps you up at night . . . you are not alone. The bad news is: there’s no easy way out.

Five common challenges organizations face in keeping email data up-to-date:

  1. Failure reports are non-negotiable
  2. I am always shocked when I hear the following statement: “We sent the campaign, but have no idea which messages were successfully delivered and which failed.” There is no reason whatsoever to settle for a lack of basic reporting. Any decent email service provider (ESP) or self-service email application will provide standard delivery reporting, so insist on a report indicating the success or failure of each message sent, at the very least.

  3. How many is too many when it comes to failures?
  4. Sometimes delivery reports are available, but no intelligence is applied to drive down the percentage of undeliverable email addresses. This impacts on both the reach of a campaign as well as sender reputation, so it’s important to have a strategy around successive failures. Ask yourself the following questions: How many times does an email address fail before it is entered into a hygiene process? Is this based on frequency of contact or the period in which the contacts were attempted?

  5. Alternative contact details are vital
  6. If the email address fails enough times to be deemed invalid, it’s crucial that the organization has alternative contact details on record. Keep costs in check by opting for another electronic channel such as mobile text messaging or SMS to request an updated email address, keeping high cost channels such as outbound calls to a minimum.

  7. Uploading new addresses
  8. Running email hygiene processes will produce valuable data sets that need to be uploaded onto the master customer information system. It’s surprising how many organizations battle to execute bulk uploads. If this step in the process is not resolved, successfully implementing the first three steps above becomes meaningless.

  9. Automating processes
  10. The motto here is: avoid manual processes at all costs. In my opinion, data hygiene programs should be fully automated and regulated, with little to no reliance on human input. The most successful programs I have seen consist of multiple triggers that cater for every failure type with a combination of processes that just run.

To summarize -  if you can:

  1. Identify which addresses on your base are undeliverable
  2. Define an approach to frequency of failure
  3. Use a different channel to get updated email addresses
  4. Bulk upload the corrected details, and
  5. Automate this whole process . . . .

...then you deserve to sleep well at night, knowing you have achieved what many organizations have not. If not, get in touch with us and one of our email messaging specialists will assist you.

Alison Treadaway
striata.com