Customer authentication
  • 02 Jun 2022
  • 4 Minutes to read
  • Dark
  • PDF

Customer authentication

  • Dark
  • PDF

You can require customers to authenticate their identity before they start a session. Lightico provides a number of customer authentication methods you can choose from. 

Activate customer authentication

To activate customer authentication:

  1. In the Lightico Administration screen navigation pane, click System Settings > Customer authentication.
    The Customer authentication settings appear.
  2. Turn on the Activate customer authentication switch.
  3. Under First entry to session, select one of the following customer authentication methods:
    • KBA - Knowledge base authentication. With this method, the customer is validated based on answers to specific questions. This method requires an integration.
    • OTP - A PIN is randomly generated. See OTP Settings below for a full explanation of this type of authentication and its settings.
    • Photo ID + Selfie. A selfie photo is compared to a valid government issued ID picture; requires integration with Mitek
    • Photo ID -  Validates the government issued ID, but not the customer; requires integration with Mitek
    • Session PIN - A PIN is defined by the agent before starting the call. See Session Access PIN below for a full explanation of this type of authentication and its settings.
  4. If you want customers to authenticate on subsequent entries to the session, turn on the Subsequent entries to session switch.
  5.  Select an authentication method.
  6. Under Require authentication after the customer has been offline for, set the amount of time that the customer is offline to require a new authentication.

To configure additional authentication settings, see the sections below.

Configure customer lockout settings

The following settings define how you handle failed authentication attempts. The same settings are found in the One Time Password (OTP)  and Session PIN configuration sections of the Customer authentication settings.

SettingConfiguration instructions
Customer lockout thresholdSet the number of failed authentication attempts that will cause a customer to be locked out.
Customer lockout durationSet the duration that a customer remains locked out. 
Maximum lockouts before banSet the number of times a customer can be locked out before being banned.

One Time Password (OTP) Authentication

This authentication method automatically generates a One Time Password (OTP) for the session. When the agent invites the customer to the session, the agent sees the password in the Agent console, and tells the customer the password over the phone.

If the agent invites a customer to a session via the API, the customer receives an SMS or email notification with the authentication password. The notification is sent on a different channel from the invitation. For example, if the customer was invited by email, the password is sent via SMS and vice versa.
The instructions below explain settings that are unique to OTP authentication, to configure the lockout settings, see Configure customer lockout settings above.

Configure the following settings for OTP authentication:

SettingConfiguration instructions
OTP SMS contentThis setting applies to sessions that were initiated via the API. Enter the content of the notification that customers will receive with their one-time password. The message should include the parameter #PIN# which represents the actual password.
OTP expirationTurn the switch on to enable the feature and set the period of time that the password can be used before it becomes invalid.
Show OTP to AgentsTurn the switch on to allow the agent to see the password in the session that was sent to the customer. If you are inviting customers to sessions via the agent console, this should be turned on as this is the only way to provide the password to the customer. 

Session Access PIN Authentication

This authentication method requires the agent to define an access PIN before starting the session with the customer. The PIN is a string of between 4 and 20 letters, numbers, and/or special characters (for example, ID/Social Security number, last digits of payment method, or spouse's name). The customizable opening screen for this type of authentication provides a hint to what number the customer should enter. The customer must enter the PIN to authenticate his identity and start the session. 

The instructions below explain how to customize the opening screen. To configure the lockout settings, see Configure customer lockout settings above.

To customize the opening screen for session access PIN authentication:

  1. Go to the Workflow > HTML Designer page and create a static HTML page for the opening page (see Create static documents).
  2.  Go to System settings > Customer authentication, Session PIN configuration section.
  3. Turn on the Session PIN opening screen switch.
  4. Search for the HTML document in the Doc Name field and click Set HTML file.
    After clicking Save Changes at the top of the page, the opening screen is created.

Session access PIN authentication from the agent/customer side

The following shows how session access PIN works during a session:

  1. The agent starts a new Session and is required to enter the Session PIN along with the other customer information.
  2. After the agent starts the session they can see the access PIN by hovering over the customer initials icon.
  3. The customer opens the link to the session and sees the default opening page or the one that you created with a hint to the password. 
  4. The customer is then shown the session PIN authentication page.
     After entering the PIN they are let into the session.

Was this article helpful?