This article explains how the AI agent verifies a customer's identity before sharing order, account, or subscription details, and how that process differs by contact channel.

Overview

AI authentication is required before the agent can pull order, account, or subscription details for a customer. Depending on the request, the agent uses one of two authentication methods: User Authentication or Order Authentication. Together, these methods ensure secure access to customer data at every touchpoint.

Authentication Methods

User Authentication verifies identity using the email address or phone number associated with the customer's account. Once verified, it grants access to order history, account details, and subscription information.

Order Authentication verifies only the specific order in question. It does not authenticate the customer beyond that order, so it does not grant access to their broader account or other orders.

Authentication by Channel

How authentication is handled depends on the channel the customer is contacting from.

Email and SMS: Customers are automatically authenticated. Identity is established by the write-in email address or phone number, so no extra verification step is needed.

Chat: Authentication depends on login status.

• If the customer is logged in to their account, they are already authenticated.

• If the customer is not logged in, the agent must complete User Authentication or Order Authentication before accessing any order or account details.

Order Authentication Flow

Triggered when: an order number is provided.

1. The agent checks if the write-in email matches the order number.

2. If there is no match, the agent asks if the account is under another email or the postal code.

3. The agent retries authentication.

4. If authentication still fails, the conversation escalates to a human agent. This escalation behavior can be configured.

User Authentication Flow

Triggered when: no order number is provided, or the use case relates to subscriptions.

1. The agent checks if the write-in email matches an existing account.

2. If there is no match, the agent asks if the account is under another email or phone number.

3. The agent sends a one-time passcode if an alternate method is accessible.

4. If re-authentication still fails, the conversation escalates to a human agent. This escalation behavior can be configured.

Example Scenarios

No access to alternate email: A customer asks about a subscription that is not under the email on file. The agent asks whether they have access to the email address associated with that subscription, since a one-time passcode could be sent there to authenticate. The customer confirms they no longer have access to that email. Since authentication cannot be completed, the agent escalates the conversation to a human teammate who can assist further.

Access to alternate email: A customer asks about a subscription that is not under the email on file. The agent confirms the customer has access to the associated email address and sends a one-time passcode there. The customer provides the passcode back to the agent. With identity verified, the agent shares the requested subscription details.