Created by User f4e05, last modified by Norbert Bérci (Unlicensed) on Nov 18, 2022
Epic: SM-1818 - IAM: Authenticate and authorize to CC agent In Progress
JIRA: SM-1846 - Authenticate calling customer Done
Priority:
Effort estimate:
Review status: in preparation/ready to review/approved

As a Customer I want to confirm my identity of CC agent so that I can authorize the agent to take any action on my behalf

As a bank user (sales agent) I want to confirm customer identity so that I can access customer’s data and perform action on customer’s behalf

Role: Bank User, Customer

Objective: Confirm identity of calling customer

Reason: security

Functional requirements:

https://safibank.atlassian.net/l/cp/eaTVy0xE

Authorized Call to Genesys

  • use cases

    • customer calls via mobile app (fully authenticated customer)

      • this will be a button (or similar) in the app

      • app will store this information in iam-manager

      • iam-manager should have an endpoint to fetch this info

      • iam-manager should have an endpoint to delete the item (by BOFE)

      • iam-manager should have an endpoint to store successful auth

    • customer calls from a (un)registered phone number (not from the app)

      • there will be a fixed number of questions stored in iam-manager

      • BOFE will fetch the randomly selected questions (passing the number of questions needed)

      • CC agent will check manually the customer’s answer

      • iam-manager should have an endpoint to store successful auth

Nikko’s document:

  • Customer calling through the SaFi Bank mobile app:

    • This is a fully verified customer

    • No need for verification

    • Assist the customer immediately

    • Restrictions:

      • After successful verification, agent can share account information with the CX.

There will be transactions customer service agents can perform in behalf of the CX eg: upgrade/ downgrade of plans, Call Center agents can’t transfer funds in behalf of the CX.

  • Customer calling outside of the SaFi Bank app but registered mobile phone

    • This is a partially verified customer

    • Two Security Questions must be asked by the CSA

    • Assist the customer upon successful verification

    • Restrictions:

      • After successful verification, agent can share account information with the CX.

There will be transactions customer service agents can perform in behalf of the CX eg: upgrade/ downgrade of plans, Call Center agents can’t transfer funds in behalf of the CX.

  • Customer calling from a non-registered phone

    • This is a non-verified customer

    • Establish Right Party contact with Three Verification Questions

    • Restrictions:

      • After successful verification, agent can share account information with the CX.

There will be transactions customer service agents can perform in behalf of the CX eg: upgrade/ downgrade of plans, Call Center agents can’t transfer funds in behalf of the CX.

Questions to verify calling customer

https://advancegroup.larksuite.com/file/boxusueUdH9cGBuh7PZsvDcctSd

As per the document, for customer with verified phone number, the 3 questions are:

  1. How much was your last transaction?

  2. Where is your place of birth?

  3. How much money do you have in your main savings account?

And for customer with un-verified phone number, the questions will be:

  1. When was your last transaction?

  2. How much was the amount involved in that last transaction?

  3. Where is your place of birth?

  4. How much money do you have in your main savings account?

  5. When is your birthdate?

  • When the question is answered, the correct answer should also be displayed in BOFE

  • Nice to have feature: record the customer’s answer (one by one) in BOFE

  • Proposal is that IAM is storing this authentication result because BOFE will need the calling customer status (tied to Genesis interaction ID)

UI requirements: https://www.figma.com/file/dkDQHRa1zq7tU58MiL6hBR/SaFi---UI---MVP-(Shared)?node-id=13899%3A83244 create UI for Authenticating Calling customer, use Authenticate CC agent as reference

Process flow: n/a

Execution steps: n/a

Internal dependencies: Back Office, Authorized Call to Genesys https://safibank.atlassian.net/l/cp/eaTVy0xE https://safibank.atlassian.net/l/cp/5nZwLdPn

External dependencies: OKTA

Acceptance criteria: TBD

Links to wireframes/UI: https://www.figma.com/file/dkDQHRa1zq7tU58MiL6hBR/SaFi---UI---MVP-(Shared)?node-id=13899%3A83244 TODO: adjust to the use case

Technical Analysis

Protections: /customer-verification/support-call should be LEVEL1 signature, all the other endpoints should be service2service only

The security questions are the following (in this order - this is important for the agent)

3 questions when phone number is verified:

  1. How much was your last transaction?

  2. Where is your place of birth?

  3. How much money do you have in your main savings account?

5 questions when phone number is not verified (orange denotes new questions):

  1. When was your last transaction?

  2. How much was the amount involved in that last transaction?

  3. Where is your place of birth?

  4. How much money do you have in your main savings account?

  5. When is your birthdate?

Note, data for verifying the above questions should be collected from other domains and sent to BO (this is the verify data above).

Attachments:

plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599.png (image/png)
plantuml_1667369141599.svg (image/svg+xml)
plantuml_1667369141599 (text/plain)
plantuml_1667369141599.png (image/png)