Your software is amazing and we are making extensive use of the CTI interface with asterisk but we have one small “problem” (it’s more an improvement on security between calling parties).
When a customer calls us for support we find it tricky to identify the calling user just by ticket ID and would like to propose the following feature request:
Would it be possible to implement a page that shows a user a randomly generated OTP / Pincode that the agent can see as well, this is not a code for authentication to the system but a code that can be verbally spoken by the customer to the operator and vice-versa to establish mutual trust and minimize risk of spammers or exploitation by telephone.
I think technically this should be possible.
The main question proberbly would be: “How and what generates that PIN?”.
Right now, as far as I’m aware, the CTI integration of Zammad is reading (so receiving) only.
If e.g. Zammad would generate PINs (ignoring the way how it could be done), it proberbly would need to tell asterisk?
Or do you rather intend this to be a verbal “security question” like feature that the agent asks when taking the call?
Other question that comes up is how you’ll share those PINs with customers that receive mail only?
Actually the two don’t need to be connected so i see two ways it could be done:
A. The user can go to a profile page of which they can see some random numbers that get generated every say 5 minutes and the Agent can see it on the users profile.
B. The pincode is generated per call inbound and outbound and is mapped to the users profile and the call in the CTI interface but i think that might be overkill.
C. The agent can send a notification to the user via E-Mail or SMS to ask them to check and read the code out aloud.
Or do you rather intend this to be a verbal “security question” like feature that the agent asks when taking the call?
I would rather it be like a security question as then it is much more universal as you could use it over Chat or Phone to validate if someone is who they say they are providing you trust that their account has not been compromised but that is something we do via two-factor with oauth plugin
Other question that comes up is how you’ll share those PINs with customers that receive mail only?
This is a very good question, my thoughts would be to use a notification channel such as the email of the customer or SMS using the listed phone number to ensure that you are talking to the right person.
The agent would be able to “send pin via SMS or E-Mail” for example but only to the phone number listed in the profile of zammad.
That’s just my personal opinion, as I currently don’t have and need such workflows:
Thinking about this feels a bit complicated for me. I mean the process for your customer to get that information (by either way) or even the agent that needs to ensure the customer has received the code.
Right now especially in big Zammad installations I feel that this is a time critical operation (because you want that code to be send right now to reduce waiting times) which can be striked by Delayed::Jobs being high and busy. That’s just kinda a fear of mine hehe.
While I’m sure that this can help a very small amount of companies.
(I only had to give an authentication that was pre-shared once in the last 5 to 8 years)
Right now I’m just not sure if it will be of good use for everyone (in terms of stable integration), but might be usefull as addon maybe?
I think that this is technically possible, by either integration or addon.
The addon approach would have the bonus that you can extend the places you need to extend without doing manual changes to source code. This also is update save.
