- 28 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Customer authentication
- Updated on 28 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
You can require customers to authenticate their identity before they start a session. Lightico provides a number of customer authentication methods you can choose from.
Activate customer authentication
To activate customer authentication:
In the Lightico Administration screen navigation pane, click System Settings > Customer authentication.
The Customer authentication settings appear.Turn on the Activate customer authentication switch.
Under First entry to session, select one of the following customer authentication methods:
KBA - Knowledge Base Authentication is validated based on answers to specific questions. (Requires a third party integration, contact support for more information.)
OTP - A One Time PIN is randomly generated. See below.
Photo ID + Selfie - A selfie photo is compared to a valid government issued ID picture. (Requires Mitek integration.)
Photo ID - Validates the government issued ID, but not the customer. (Requires Mitek integration.)
Session PIN - A PIN is defined by the agent before starting the call. See below.
If you want customers to authenticate on subsequent entries to the session, turn on the Subsequent entries to session switch.
Select an authentication method.
Under Require authentication after the customer has been offline for, set the amount of time that the customer is offline to require a new authentication.
To configure additional authentication settings, see the sections below.
Configure customer lockout settings
The following settings define how you handle failed authentication attempts. The same settings are found in the One Time Password (OTP) and Session PIN configuration sections of the Customer authentication settings.
Setting | Configuration instructions |
---|---|
Customer lockout threshold | Set the number of failed authentication attempts that will cause a customer to be locked out. |
Customer lockout duration | Set the duration that a customer remains locked out. |
Maximum lockouts before ban | Set the number of times a customer can be locked out before being banned. |
One Time Password (OTP) authentication
This authentication method automatically generates a One Time Password (OTP) for the session. When the agent invites the customer to the session, the agent sees the password in the Agent console, and tells the customer the password over the phone.
If invited to a session via the API, the customer receives an SMS or email notification with the authentication password. The notification is sent on a different channel from the invitation. For example, if the customer was invited by email, the password is sent via SMS and vice versa.
The instructions below explain settings that are unique to OTP authentication, to configure the lockout settings, see Configure customer lockout settings above.
Configure the following settings for OTP authentication:
Setting | Configuration instructions |
---|---|
OTP SMS content | This setting applies to sessions that were initiated via the API. Enter the content of the notification that customers will receive with their one-time password. The message should include the parameter #PIN# which represents the actual password. |
OTP expiration | Turn the switch on to enable the feature and set the period of time that the password can be used before it becomes invalid. |
Show OTP to Agents | Turn the switch on to allow the agent to see the password in the session that was sent to the customer. If you are inviting customers to sessions via the agent console, this should be turned on as this is the only way to provide the password to the customer. |
Session access PIN authentication
This authentication method requires the agent to define an access PIN before starting the session with the customer. The PIN is a string of between 4 and 20 letters, numbers, and/or special characters (for example, ID/Social Security number, last digits of payment method, or spouse's name). The customizable opening screen for this type of authentication provides a hint to what number the customer should enter. The customer must enter the PIN to authenticate his identity and start the session.
The instructions below explain how to customize the opening screen. To configure the lockout settings, see Configure customer lockout settings above.
For an explanation of the agent/customer experience for session access PIN, see Manage sessions.
To customize the opening screen for session access PIN authentication:
Go to the Workflow > HTML Designer page and create a static HTML page for the opening page (see Create static documents).
Go to System settings > Customer authentication, Session PIN configuration section.
Turn on the Session PIN opening screen switch.
Search for the HTML document in the Doc Name field and click Set HTML file.
After clicking Save Changes at the top of the settings page, the opening screen is created.