Over the coming months, years, maybe decades, the Equifax breach will be examined from many angles. While it will take a thorough IT analysis to tell us specifically what, when and how it all happened, all indications thus far suggest Equifax was simply asleep at the wheel.
But there are still many IT security questions left to answer before that side of the case is closed.
In the meantime, we can analyze Equifax’s handling of the breach from a customer experience perspective—there’s plenty of meat left on that bone.
Since much of the online fury and rage is directed at the company’s customer experience (CX) failures following the breach, an analysis of it can offer many valuable, teachable lessons.
In short, it seems Equifax scrambled to alleviate some of the snowballing animosity, but their post-breach actions have instead made it much, much worse.
3 CX Lessons You Can Learn from the Equifax Debacle
Lesson 1: Be quick to admit your error. The longer you hide a problem, the more trust you lose.
One of the first things the public learned about the breach was that Equifax waited two months to disclose it. While never really excusable, the delay might have been more forgivable had Equifax used that time to get all their ducks in a row.
But they didn’t. Upon admitting to the breach, Equifax directed concerned consumers to a new website for remediation.
The website’s main feature was a “check if you’ve been affected” field. People quickly learned that it seemed to work by flipping a coin rather than providing accurate information. This attempt at restoring the public’s faith in their company’s IT aptitude clearly had the opposite effect. One wonders if Equifax thought this would go unnoticed.
Despite the fact that it had months to prepare the new website, Equifax found it raised many other customer experience red flags. This left many visitors with the impression that the new site was itself a scam phishing site, bringing us to Lesson 2 …
Lesson 2: Quick fixes often make things worse.
Among the red flags on the new site was the fact that it used an unknown URL (https://www.equifaxsecurity2017.com/). Phishing attacks have been around for years and the public has been warned—repeatedly—to examine a site’s URL for any, um, phishiness. Malicious sites often use URLs that are very similar to the URLs of legitimate sites. Perplexingly, that’s also what Equifax chose to do.
Further, some visitors reported that their browsers were warning them that the site was indeed a phishing site. Early analysis suggests this may have been due to a snafu with the SSL certificate Equifax used on the site. A more well-planned response could have easily avoided this.
Let’s take a few steps back and view this in context. (Context is, after all, a critical component to understanding CX.) Essentially, Equifax used this red-flag ridden site to collect more information from citizens already concerned about the company’s apparent untrustworthiness with their personal information. This was CX tone-deafness of epic proportions.
Lesson 3: Don’t try to profit from a crisis or prematurely absolve yourself.
Meanwhile, other users discovered that the site was using another underhanded tactic: The offer for a “free” trial of their credit monitoring service that would automatically turn into a paid subscription unless users remembered to opt out. Many more CX-conscious companies have already started moving away from this tactic. Either by design or simple oversight, Equifax used it at the worse imaginable touchpoint.
Further, the Terms and Conditions of the free monitoring service included a clause that would prevent subscribers from suing Equifax in the future. After more public outrage, Equifax tried to backpedal, issuing a statement that said, in effect, “Oh don’t worry about that part. It’s in the Terms but we won’t count that part. Don’t worry, it’s cool.”
A week after the breach was made public, the dust is far from clearing. The company’s messaging and its apparent IT strategy reminds observers of a headless chicken while experts are equally flabbergasted. Yet, we’re told, this particular headless chicken is the one we should trust to clean up the mess.
Why Equifax’s Troubles Have Only Just Begun
The biggest blunder of all is actually more of a pre-existing condition: Few of us ever signed up to be “customers” of Equifax. We were opted in by the financial industry. This aspect will be at the root of Equifax’s many upcoming and ongoing CX challenges.
Customers enter into relationships willingly and with some understanding of what to expect. When we’re made into customers without our explicit consent, our feeling of autonomy gets violated. We don’t like that—it primes us to be skeptical, combative and very wary of any and all of the company’s future actions.
Compounded with the myriad CX problems created by Equifax’s bungled response, U.S. citizens are rightly feeling like caged and prodded animals. We don’t like that either, not after we’ve seen how Equifax treats its ducks.
The Takeaway for SMBs
This story is really only beginning to unfold and it’s likely the fallout will linger for years. SMBs can capitalize on the debacle by learning from Equifax’s numerous mistakes:
- Be quick to admit to errors, but …
- Never issue hasty resolutions.
- Pay attention to context from the customer’s point of view.
Customer experience is about much more than how customers interact with your products and services. It’s about predicting and understanding customer needs and concerns and then demonstrating that your company has them in mind.
So the next time you think you might have a potential CX issue on your hands, keep these lessons in mind so your company’s reputation stands a fighting chance.