The bot what done it?
Chatbots are experiencing a rapid growth in take up and adoption. From acting as a simple but effective triage for initial contact handling through to demonstrating real machine learning capabilities, bots are starting to make life easier for consumers and brands alike.
But what about a chatbot that results in a big brand breaking data protection rules and getting a £1.25m fine from the Information Commissioner’s Office (ICO)?
Well, that’s not quite the story, but it seems to be what Ticketmaster tried to tell the ICO after its breach of customer and payment card data which resulted in the fine. The details are hidden away, rather obliquely, in the ICO’s Penalty Notice . It’s clear that the vulnerability that fraudsters exploited to access payment card details (initially highlighted by Monzo – perhaps showing the superiority of #fintech systems and data analytics) was created by Ticketmaster’s use of a Inbenta chatbot. However, it’s also clear that Inbenta specifically warned against using the bot on payment pages of the website for just that reason. The bot wasn’t really to blame, Ticketmaster’s internal risk management regimes and mindset was.
Given Ticketmaster’s business, it’s a safe bet that a lot of their routine customer contacts are to do with checkout and payments, so what better place to put a chatbot? One of the beauties of chatbots, like so many SaaS products, is that you can just paste the code on a page to get started. If you have access to your website then you don’t need to jump through your IT colleagues’ tedious permission hoops and rules.
Is that what happened in the Ticketmaster case? I don’t know, but I do know that misunderstandings and miscommunications resulted in a 7-figure fine, thousands of unhappy customers, a failed chatbot implementation and considerable reputational damage for Ticketmaster.
How do you avoid Ticketmaster’s fate befalling you?
Well, it’s the usual simple-sounding, but difficult to achieve need to get all your teams (internal & external) – technology, marketing, digital, risk, tech vendors – aligned and cooperating, with a shared understanding of business benefits and risks. Only then can you balance doing the smart thing for your business and customers without exposing both to fraudsters and rule breaking.