Responding to Rights Requests at Scale
"Returning somebody’s data to them is the most sensitive GDPR request."
Sift provides a Digital Trust & Safety suite to proactively stop account takeover, payment fraud and scam content for online customers like Airbnb, DoorDash and Twilio. Their platform analyzes customer end-user data with artificial intelligence to prevent fraud for the benefit of both Sift customers and their end users.
Sift has a process in place to handle end user privacy rights, such as the “right to access personal data” under applicable data protection laws (e.g., General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)). As part of this process, companies must verify the identity of the requestor to ensure that it provides the data to the legitimate requestor. As end user awareness around this privacy right increased, Sift decided to automate its processes so that it could meet the requirements in a timely manner at scale. In addition, Sift’s support engineers wanted to leverage experts who could spot fake identification documents more easily.
“We spoke with a couple of vendors, but Berbix was the easiest to work with in terms of speed and API quality.” Katherine Loh, Senior Director of Technical Services
Before automating identity verification using Berbix, data requesters would be verified by manual human review where requesters supplied an identification document over a video-call with Sift support engineers. Sift wanted to ensure the identity of the user requesting data was the rightful owner of that data so IDs were checked and compared with the video chat in addition to showing email account ownership access.
“If you’re using humans, you run out of humans at some point.”
Sift sought out an eIDV vendor that is a responsive partner to build a solution that would integrate easily with their Zendesk ticketing system. Katherine Loh, Sr Director Technical Services, cited other vendors' integration paths as being less mature than Berbix and was sold on how fast the company could get started with Berbix. Sift was able to get up and running with a hosted-link integration and Zendesk in just a couple of afternoons.
In selecting a vendor Katherine asked peers for referrals. After speaking with others in tech who handled user onboarding verifying IDs, she learned those companies struggled with vendors who could not handle rapid user growth when humans were verifying the IDs. Sift needed a partner that could scale and determined that Berbix’s fully-automated solution would meet their needs. In addition, a light integration could be stood up in an afternoon that paired with Sift’s internal Zendesk process, which meant Sift could leverage the Berbix tool nearly instantly. (Sift has since updated the integration to leverage OneTrust.)
How Sift Now Uses OneTrust With Berbix
1. User submits Data Request via OneTrust portal
2. Sift, within OneTrust, calls Berbix API to generate custom hosted links for each request
3. Berbix ID verification URL inserted to OneTrust case and sent to data requester via OneTrust portal
4. Data Request user completes Berbix ID verification
5. Berbix webhook is sent to Tray.io, which Tray.io then forwards to OneTrust
6. OneTrust case is updated with Berbix information and moves to next stages
7. Sift completes Data Request via OneTrust portal
Curious about how to implement a similar process in your agent support flow? Schedule a consult now.