Intro
Which tool in Salesforce should we use to assign cases to ourselves?
CaseHopper/TicketHopper
What tool should we use when asking for any kind of documentation from the user?
Secure File Request Tool
How many PII does the user need to provide on the recovery form? Provide the answer for both 'supplied answers' and 'extracted from ID'.
'supplied answers' = 4
'extracted from ID' = 2
What is the name of the page in AI where we can resolve the ICR?
User Overview
How many PII questions should we ask the user during a bank challenge call?
6+1 for bank challenge workflow
If an agent works on a new/open ticket, what should they do to maintain ownership?
Keep the ticket in their personal pending queue and communicate with the user (if a user responds) until 15 minutes before the end of their shift.
For any ALO workflow, what is very first step that we should do before starting to resolve the user's issue? This can be considered as our "step zero".
Check for any ATO history/ATO signs.
If user is not receiving 2FA SMS, what RP should we follow to help the user troubleshoot? Provide the macros applicable for this scenario.
RP For: Safety::Cant Log In Due To 2fa
Not receiving SMS verification code US
Not receiving SMS verification code non US
How many PII does the user need to provide on the inactive challenge recovery form? Provide the answer for both 'supplied answers' and 'extracted from ID'.
'supplied answers' = 4
'extracted from ID' = 2
Where in AI do we resolve the bank challenge for non-express users?
On the Bank accounts section, simply toggle the bank protection button.
What should we do with the phone call form after completing the scheduled call? Why?
Remove the call details -- so the ticket doesn't get prioritized by Casehopper in case it needs to be returned to the queue
What are we required to obtain from the user during the call before we proceed to ask the verification questions? What should we do if we do not obtain this from the user?
Recording consent -- we cannot continue the call and we may advise the user we will follow up via email.
If the user can no longer log in because they lost their 2FA number but still remember their password, what are the self-serve options we can offer to the user?
Look for their emergency back up code if they still have it or fill out the recovery form.
What button should we use to resolve the user's inactive challenge?
"Mark as complete" button
How do we resolve bank challenge for express users? Provide the RP and show where to resolve it.
RP Safety::Bank Update Calls -- Go to step 6 letter C, paste the bank or card ID and click the button to remove the bank protection.
What should we do before escalating most of our cases to User Safety Tier 2? Why?
Seek approval from Consultation Desk (CD) in the ask-ts-agent slack channel. Escalating tickets without prior approval from CD will merit a UIQ markdown.
What should we do if there aren't enough PII on AI? Provide the RP that we can use in this scenario.
Proceed to using RP Safety::Failed PII Verification and ask for docs depending on their legal entity.
What should we do if user is asking to remove their 2fa requirement? Provide the RP and the steps that we should follow in this RP.
RP Safety::2fa Mandate -- We should check if user is truly 2fa mandated, then check if user is mandated to comply with SCA or is a Banking/Issuing user. If those scenarios do not apply, provide the importance of 2fa and apply any applicable alternatives. If user still insists, then whitelist their user ID.
Which users would be affected with ICR?
Users with:
How do we know if we can call a phone number provided by the user?
Check if it's listed as one of the approved callable numbers on the RP.
A user scheduled a call outside of my shift. He said to call him at 9am EST. What should I do?
Ack the user, convert into GMT (2pm GMT), fill out the phone call form on salesforce, place an internal note with the call details, post a phonetag on slack, and release ticket back into the queue.
Provide the verification hierarchy used for most workflows (excluding COO and ATO).
1. Govt ID on a piece of paper with today's date
2. PII call
3. Additional documentation
How do we reset 2FA for team members?
1. If a single account team member, owner/admin can send them the reset link.
2. If a multi account team member, owner/admin from any of the accountscan send them the reset link.
3. If a team member on any account but is also the owner of any account, their options are: fill out the recovery form from the website, have an owner/admin from the other accounts send them the reset link which in turn will lead them to the form or if they write in to Stripe, an agent can send them the link to the recovery form.
If a user was called regarding a 2FA issue, and we later found out that user also has an ICR issue on the same account, are we able to resolve both issues at once? Why?
Yes -- because they both require a minimum PII verification of 4+1. This means the user would have verified himself with the required number of answers for both workflows.
Ask for the following:
-Phone bill that matches approved phone number
-Bank/card statement from prior to the compromise that matches either a) the full routing number and last four of a bank account, or b) the last four of the card number, and ideally shows the last two payouts from Stripe