From the Just-Between-You-Me-And-The-Cube-Farm Department
I never assumed I was alone in detesting the Interactive Voice Response (IVR) phone tree systems which are becoming ubiquitous when calling companies of just about any size. I was delighted to find that a gentleman named Paul English maintains a list of keypad cheats called “The IVR Cheat Sheet“.
While I begrudgingly submit to having to learn yet another way of negotiating the information age’s equivalent of walking across hot coals (i.e. the phone tree), my concern for this latest “advancement” goes deeper. Namely, if I wish to discuss a bill with my insurance company, for example, I am forced to say my account number and social security number loud enough for the machine to understand me across a voice line. (This assumes I don’t know the cheat codes.) The required volume needs to be sufficiently loud enough such that anyone within 20 feet or more is going to hear me recite my account information. And if the machine doesn’t understand, those within hearing range will benefit with the repetition of sensitive account information. In order to protect this information, I now have to secure my environment, which is not always possible. Such IVR systems are decidedly less convenient and less secure.
This point is, not surprisingly, omitted in a response to Mr. English’s cheat sheet by Angel.com, a leading provider of on-demand IVR solutions. Angel.com has released their own “cheat sheet” for the business which use IVR products. Tip number two reads:
Do not hide the option for callers to speak with a live agent. No matter how useful your IVR system is for customers, there will always be a segment of customers who prefer to speak to a live agent to resolve their issue.
Prefer? It should be a requirement that account information must be keyed in via the telephone keypad. Several provision of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) were put in place to protect patient privacy. Most generally this applied to hospitals and doctor’s offices. I see no reason why insurance companies shouldn’t be accountable for providing the same level of privacy to their customers.
[Edit History]
2006.03.09
A related story on the problems of speaking aloud from Peter Cochrane’s blog, “Snooping on a BlackBerry fool”, and a discussion on Bruce Schneier’s blog.
2006.08.13
Updated link to Paul English’s “IVR Cheat Sheet“.
Posted by GPE @ 2:04 pm Comments are off for this post
Tags: Business • Privacy and Security