So, the idea here is that anyone that has a customer facing business with a diverse customer set should look at risk assessing the customer base. So what does this involve? Essentially this involves considering the customer “factors” and using some form of statistical analysis to “grade” the customers. This grading can then be used from anything from security protocols for the customer segment, product offerings, and pricing mechanisms.
For me, the biggest value lies in the security protocols and product offerings that you would direct to certain customer segments. For example, if you have both physical locations and online offerings, then understanding your customer base is critical. There would be nothing worse than “pushing” all your customers to have to use online tools when they never want to use them. In this case, you would be exposing this customer, unknowingly, to a risk of account takeover without them really ever using the online tools. The first they would know of a problem is most likely when they next visit the physical location or receive some sort of “statement”. By then, it will be too late for this customer and for you to recover the damage done. And this applies to those customers who don’t ever want to physically go to your store, if you have included in their offering the ability to physically visit, then you will have to carry associated costs in maintaining the physical presence.
There is no definitive list of characteristics or factors you need to consider, however I would recommend you think about what it is the customer does when interacting with your business. Using those factors, you should then perform a quantitative analysis on your existing customer base to then develop a rating mechanism. This rating mechanism should then provide you with a segmentation of your customer base, which can then be used to tailor the offering to your customers, and also to tailor communications and any other important considerations for your customers.
Some of my thoughts on characteristics or factors are:
- Volume of transactions by the customer;
- Type of transactions by the customer;
- Value of the transactions;
- # of accounts held by the customer;
- Characteristics of the customer which relate to your product but do not focus specifically on age, sex, etc;
From these characteristics you then to consider your own risk appetite. For me, running a blog site I have to consider my own risk appetite, in particular when it comes to comments being posted. I do this taking into account some of the factors detailed above but principally focusing on my own willingness to accept comments that are not in line with topics (for example).
This should not be a once off exercise though. I would recommend that you attempt to automate this analysis and look ultimately a real-time risk analysis, however in the initial instance a monthly analysis would be the minimum. In addition, I would include a continuous improvement process into your business processes, which allows you to continually improve the outputs of your analysis and perform more reliable and effective risk analysis.
This may all sound quite obvious, but in most modern risk management processes, there is a focus on the qualitative analysis through workshops and risk assessments. This is not a sustainable position, and is not really how your own mind even works when it makes decisions. Our minds accumulate a history of data, both our own and from others (I would recommend if you can get external data too, then make sure you do), and then through this we make a decision taking into the account the chance of something going wrong. Of course, like any quantitative analysis, you need to also overlay the qualitative characteristics you identify, but it needs to be a healthy balance.
Through doing this work, you will find it also focuses you on the future rather than the past. And what will be even more amazing for you, is you will actually find that the customer experience will be enhanced as you will make decisions on functionality that match your customer base. In particular you may not force some customers to use something that they never actually want. However, this does not mean you will not do this if you feel that that segment is no longer your true customer base. For me, if you reach this point, help your customer find the provider that will satisfy them. That may mean that customer is no longer your customer, but they will still be a satisfied customer and be an advocate for you (if handled well) and through them you may actually find you get more of the customers you can service.
I recently read that organisations need to be socially responsible now, not just financially responsible. In this regard, I see this as servicing customers so they achieve what they need and want to achieve. That may mean you assist the customer move to alternate providers, even competitors, rather than trying to financially grow a customer that is not really in your customer segment. This social responsibility is not just about environmental concerns, but the broader social position of helping everyone achieve their goals. Utopian thinking I know, but it does make sense and perhaps the organisations that master this best will be the future most successful organisations.