Lessons in CRM

Customer relationship management and security are inseparable. That is, unless you're Pacific Bell or MCI. To illustrate, allow me to tell you a little story. It all started when I noticed that someone was using my MCI calling card to make calls to Germany. I canceled the calling card and, just to be on the safe side, switched my long-distance carrier to Sprint.

About a week or so after I received my Sprint materials, I got a call from MCI. I expected it to be a pitch to come back, but it wasn't. The MCI customer representative was checking to see if the recent calling card calls from Colorado to Germany were legitimate. The woman with the friend in Germany had apparently switched my long-distance carrier back to MCI.

I canceled the MCI account and then created a new one without the international plan and password- protected it. As an extra safety measure, I had my local phone company, Pacific Bell, put a Primary Interexchange Carrier (PIC) freeze on my phone number to stop anyone from changing long-distance carriers. I password-protected that account, too.

The next time I called Pacific Bell, I couldn't talk to customer service until I agreed to pay on my delinquent account. Delinquent? Well, come to think of it, I haven't received any statements in the past few months. I managed to get a human on the line and asked if there was a way I could pay off my bill via the Web. She said that if I created a Web account, I would stop receiving statements in the mail. Suddenly it became clear. Someone had already created a Web account for my number, which is why I wasn't receiving my statements.

Pacific Bell's system won't let me create a new Web account for the same phone number, which is the way it should work. The Pacific Bell representative couldn't change the Web user name or password or cancel the Web account, which isn't the way it should work. She asked another department to cancel the Web account and said a specialist would call me back.

Still Locked Out

As I write this, it's been well over a week since I made that call. The bogus Web account is still active. No calls from specialists. No responses to e-mails. I'm still locked out of the Web account.

This piqued my curiosity about how MCI handles Web accounts. MCI requires your account number or your calling card personal identification number (PIN) to create one. I hadn't received an MCI bill with my account number yet, so I entered my calling card PIN. It rejected the attempt. My MCI account had been compromised again.

I called MCI to get my account number. The representative gave it to me without asking for my account password. This fellow also offered to remove the PIC freeze. It's really easy, he said. All he has to do is call an 800 number. No wonder my account was so easily compromised. (MCI handled my next call properly, so it depends on the representative.)

I created an MCI Web account. (Unlike with Pacific Bell, you can create as many MCI Web accounts as you like for the same phone number.) I could see the calling card PINs on all five new calling cards. And although I could add new services, the Web software offered no options to remove the cards, the international calling plan or any other services.

So what have we learned?

Lesson 1: Integrate your CRM solutions. At the very least, synchronize the security data. Pacific Bell customer service uses your phone number to find your account. The corresponding Web account should therefore be based on the same phone number, not an arbitrary user name. Both should require the same password, too.

Lesson 2: Enforce security policies in software. The CRM software that customer service representatives use should prevent the representatives from making changes to a customer's account until they've asked for and entered the customer's password.

Lesson 3: Avoid blatant stupidity. If you haven't already created a Pacific Bell Internet account, anyone can create one for you—and lock you out of it—with little more than your phone number. MCI requires an account number, but if you want one, just glance at someone's unopened MCI bill. Their account number will be visible right through the address window on the envelope.

Nicholas Petreley is a computer consultant and author in Hayward, Calif. He can be reached at nicholas@petreley.com.

Vendor Analysis Siebel Systems Inc. is still the functional and market-share leader, but the enterprise resource planning vendors are finally narrowing the gap for CRM applications. This has created a four-horse race among Siebel, Oracle Corp., PeopleSoft Inc. and SAP AG. Siebel is rated tops for sales force automation, and SAP is strong in order management. Oracle, SAP and PeopleSoft score high on integration, but only when the integration involves their own applications. Otherwise, the advantage swings to Siebel. Onyx Software Corp., Pivotal Corp. and Interact Commerce Corp. are still best suited for CRM deployments at midsize businesses. E.piphany Inc. is best for CRM analytics and marketing. Source: AMR Research Inc., Boston, October 2001 Mildly Satisfied Asked to rate the CRM satisfaction within their organizations, 160 IT managers responded as follows: Source: Cutter Consortium, Arlington, Mass., May 2001

Sober CRM

Stories in this report:

• Editor's Note: Sober CRM
  
• The Story So Far
  
• Try, Try Again
  
• Slow and Steady Can Win CRM Race
  
• Picking Winners & Losers
  
• Insights Turn Into Profits
  
• Schwab Sees CRM Payoff
  
• CRM Analytics: The Integration Challenge
  
• All-Star Players
  
• Profitable Privacy
  
• Lessons in CRM
  
• How to Choose CRM Software
  
• Data Quality: 'The Cornerstone of CRM'
  
• Mazda Wants 360-degree View of Customers
  
• How to Run a CRM Project During a Recession