Mobile field Customer Relationship Management (CRM) is rapidly becoming an essential element of almost every digital financial service strategy. Not only does mobile CRM offer employees and customers the flexibility they need and demand, untethered from bricks and mortar, it is also a vital driver of micro-finance and of efforts to expand financial inclusion.
Mobile CRM is now being used for everything from customer recruitment, account and loan applications and customer queries, to the recording of collateral/inventory (photos) and the establishment of ownership (photos of documents).
In short, any activity traditionally carried out at a financial institution branch can now be conducted via mobile CRM, with the clear exception of cash handling.
Before forging ahead, it is important to consider the following safeguards, which will help protect privacy, bolster security, and reduce the risk of fraud:
- Reduce the risk that the valuable devices used for field work may be lost or stolen by ensuring they are locked down so they can only run the mobile CRM app. Geolocation can also help. These devices should also be enabled to keep a record of where and when they are used, for effective tracking.
- Encryption and code obfuscation can help guard against hackers. All communication between the app and the CRM should be encrypted end-to-end. Do not rely on the security of mobile networks. There isn’t any.
- Strong authentication is essential for log-ins. Biometric or two-factor authentication (e.g. contactless card plus PIN) are good options here.
- The app should record every customer interaction and should encrypt all data (e.g. loan applications, photos etc.) before storage. There is a school of thought that says only head office should be able to decrypt stored information, for reasons of security and privacy. However, because this would prevent a field officer from checking application details, or from fixing minor errors such as spelling mistakes in names, I would argue for an automatic encryption after, say, 30 minutes. After this, the data would only be viewable by head office, and any changes would have to be made through a call centre, or by the field officer when he or she returns to the office.
- The device should be able to work offline; syncing whenever it gets some form of data network coverage.
- Tasks from head office should be forwarded to the device/app automatically. This will keep employees up-to-date and alert to changes to practice or guidance.
- The mobile app must be fully tethered to the central CRM and viewed as a satellite of the mothership rather than as a separate entity.