Companies should also provide customers with an option for assistance via telephone, said some panelists. Call center representatives should be easy to reach, and they should be trained specifically in how to respond to breach inquiries. The company may want to provide call center operators with scripts, but it should also make sure that the operators understand the importance of being sensitive to the customer’s anxiety over the risk they now face.
Though just a small fraction of affected individuals will actually suffer from fraud, this “doesn’t carry a whole lot of weight,” said Wallace. “Many people affected by a breach assume [identity theft] is going to happen to them.”
Educating the consumer helps. Consumers calling Intersections are almost always first directed to a customer education department; only a small portion are later sent on to fraud specialists, said Shenefelt. Customers are often unsure whether actual fraud has occurred, and representatives may need to walk consumers through parts of a credit report to try to pinpoint actual fraud incidents.
Customers will typically leave a company if any fraud has occurred. But protecting customers from fraud can significantly help with customer retention, says Robert Vamosi, a risk and fraud analyst at Javelin Research. Vamosi, who was not on the panel, has published research on breach resolutions.
In addition to helping with customer retention, having a flexible and strong response plan can help prevent potential legal difficulties, according to Christopher Wolf, a partner in the privacy and information management practice at law firm Hogan Lovells.
Companies should test their breach response processes and enrollments, said a few panelists, to identify problems and to ensure that customers are provided with a good experience if an event occurs. “It is important for companies to think this day will come and treat it like a fire drill or an earthquake drill and do a simulation,” says Vamosi.
By preparing a strong, flexible response plan, companies can help minimize some of the worst breach risks. They can even, in some ways, provide affected consumers with a good customer experience, says Vamosi, especially “if they say and do the right thing...which [often] means being responsive and not trying to sweep it under the carpet.”