Regarding LiveChat Support, security Measures

[xLoydx]

Hello Euk,

Just a little suggestion.

I think you should be a little tighter with security measures when it comes to support over the chat, or even the phone (I'm not 100% sure its the same over the phone) but a few weeks ago my client was having issues with his website, he is supposed to contact me to fix anything. Although, he went to my host, he managed to get support even though he's not the account owner on my server.

He explained to me that the agent asked him for my email address of the account, he confirmed that and the agent then did everything he asked on my server. Editing files, reset passwords, and other releated stuff that he shouldn't of done. I think you should set a secret question up or ask the agents to confirm more details on customer accounts, i've noticed it wasn't just this agent, ive been on live chat many many times and all they have asked for is my email address and then supported me.

Don't you think the security should be a little more stronger than this? I would like to ask you to consider adding more questions about the account when supporting customers for there issues, because it was very very bad how one of my clients managed to get access like that.

Regards,

Loyd.

[Catherine]

Hello Loyd,

Thank you for the suggestion. We will certainly look into it.

Generally, only the account owner knows the email address which is registered for the account he/she has with us and hence the support members only confirm the email address registered with us and provide support once it's found that the email address is correct. It's very strange that one of your customers managed to get the email address you have registered with us. I would suggest you to change the email address you have registered with EUK and do not provide it to any of your customers so that none of your customers manage to get support from us.

[Ryan]

Hello Loyd,

We have indeed taken down your suggestion and we will implement security measures like asking the agents to confirm more details on customer accounts in order to authenticate the requests and then provide assistance.

[xLoydx]

Hello,

Thank you for the replies, i appreciate you considering my suggestion. I Really hope this doesn't happen again.

Regards,

Loyd

[Stan]

Dear Loyd,

Thank you for the valuable suggestion. We'd definitely figure out something better for authenticating the customer accounts with us.

But, it is equally important for you to keep your email id's safe and not share it with anyone. As suggested to you by Catherine, you should consider changing the communication email address with us. Also make sure that you do not disclose it to anyone to avoid any such incidences in the future.

Thanks again.

Regards,
Stan

[John]

Hi Lloyd,

Despite what others are saying, support accepting just an e-mail address has never been a policy. I'm appalled that it happened and somewhat bemused that some of our staff members are making excuses for it.

The whole idea that you need to keep your e-mail address secret is just beyond expectation. That's why accounts have unique passwords.

This will be reminded to all staff members again. If anyone does it again, they will go home for a month without pay. If it happens again, their employment will be terminated.

Thanks for bringing it to our attention.

[xLoydx]

Hi Lloyd,

Despite what others are saying, support accepting just an e-mail address has never been a policy. I'm appalled that it happened and somewhat bemused that some of our staff members are making excuses for it.

The whole idea that you need to keep your e-mail address secret is just beyond expectation. That's why accounts have unique passwords.

This will be reminded to all staff members again. If anyone does it again, they will go home for a month without pay. If it happens again, their employment will be terminated.

Thanks for bringing it to our attention.

Hello John,

Thank you for the reply.

No problem, i don't want you to go shouting at all your staff because of this, it's just i want my server to remain safe as possible as you may know. But just confirming a email address is very LOW on security, all you would need to do is do a whois check on the domain hosted with you and you can find the email there, not only that i don't think i should really have to make a new private email because of this.

Thank you for having words with your staff, i really appreciate it. I would advise to confirm things like address, secret question, and maybe you should have some kind of password on the account. I've saw quite a few places now where you sign up and when you ring them via phone they ask you for some kind of password, it just ensures that you are the correct owner, as you may know social engineering is very easy. Again, thank you for looking into this. I hope to see some more questions being asked when via live chat, or possibly over the phone.

Keep up the great work.



Kind Regards,
Loyd