4 Managing and Supporting Cases

4.1.1 Case

A case is a record of all the actions performed by the CSR to assist the customer as well as various account activities of the customer. Each case is allocated a case number, a unique case identification number.

The Case Management feature of Oracle Adaptive Access Manager is used in two ways.

• Users of the enterprise using Oracle Adaptive Access Manager can call up the enterprise asking for assistance with user-facing features of Oracle Adaptive Access Manager such as images, phrases or challenge questions, or any issues with their account. The CSR uses the Case Management feature to create a case which records all the actions performed by the CSR to assist the user as well as various account activities of the user.

• The Case Management feature is also used by Fraud Investigators to investigate potentially fraudulent activity performed in user accounts.

4.1.2 Customer Service Representative (CSR)

Customer service representatives are employed by many different types of companies to serve as a point of contact for customers who call. They are responsible for ensuring that their company's customers receive an adequate level of service and help for low risk issues originating from customer calls.

In handling customers' complaints, they must attempt to resolve the problem according to guidelines established by the company. These procedures may involve opening a case, entering notes as they are speaking to customers, asking questions to determine the validity of a complaint, making changes or updates to a customer's profile information, and, if required, passing the case on to a CSR Manager who has the appropriate privileges to respond.

4.1.3 CSR Manager

The CSR Manager is in charge of overall management of CSR-type cases. A CSR Manager has all the access and responsibilities of a CSR and access to more operations, such as:

• bulk edit cases

• temp allow users

• extend expiration

The CSR does not have the permissions to perform these actions.

A CSR Manager routinely searches through the CSR cases to check on status and clean up if needed.

4.1.4 Fraud Investigator

A Fraud Investigator investigates a specific fraud scenario or suspicious pattern. The Fraud Investigator works on escalated cases.

4.1.5 Fraud Investigation Manager

A Fraud Investigation Manager has access to actions that the Fraud Investigator does not have.

4.1.6 Locked Status

Locked is the status that Oracle Adaptive Access Manager sets if the user fails a challenge. The Locked status is only used if the Knowledge Based Authentication (KBA) or One Time Password (OTP) facility is in use.

• Knowledge Based Authentication (KBA): For online challenges, a customer is locked out of the session after the Online Counter reaches the maximum number of failures. For phone challenges, a customer is locked out when the maximum number of failures is reached and no challenge questions are left.

• One Time Password: OTP sends a single-use password to the user through a configured delivery method, and if the user exceeds the number of retries when attempting to put in his OTP code, his account becomes locked.

After the lock out, a CSR must reset the status to Unlocked before the account can be used to enter the system.

4.1.7 Temporary Allow

A temporary allow grants temporary account access to a customer who is being blocked from logging in or performing a transaction. A customer is blocked when a security rule is triggered. For example, a customer may be traveling on business and attempting to log in from a blacklisted country and the system has blocked him or her.

4.1.8 Case Status

Case Status is the current state of a case. Status values used for the case are New, Pending, Escalated, or Closed. When a case is created, the status is set to New by default. CSRs cannot reopen a closed case. CSR Managers and Investigators can reopen a closed case. Escalated cases cannot be created.

4.1.9 Severity Level

The Severity Level is a marker to communicate to case personnel how serious the case is. The severity level is set by whomever creates the case. The available severity levels are High, Medium, and Low.

4.1.10 Expiration Date

The expiration date is the date when a case expires. By default, the length of time before a case expires is 24 hours, but is configurable.

• CSR cases: For CSR cases, the status of the case changes from the current status to Expired. The case could have any status when it expires. The CSR can open the case but cannot perform any actions on it. The CSR Manager can extend an expired case.

• Escalated cases: For escalated cases, the status of the case changes from the current status to Expired.

  When the case is expired, an expired flag is set for the case to let managers know that the case requires their attention. For example, if escalated cases are set to 24 hours and if the case is open and has not been accessed in more than 24 hours, the flag is set to Expired.

  When the Fraud Investigator accesses the expired case, it is reactivated and the expiration date is extended for another 24 hours (or however long it has been configured for). The expired behavior is configurable using the Properties Editor.

  CSRs cannot change the expiration date of escalated cases.

  For information, refer to Section 4.18, "Configuring Expiry Behavior for CSR Cases."

4.1.11 Customer Resets

Oracle Adaptive Access Manager uses images and phrases on virtual authentication devices as part of the personalization to help prevent fraud.

The Customer Resets feature enables you to reset the customer's image and phrase and unregister his device.

The Customer Reset feature is not be available for a closed, an escalated or an expired case.

4.4.1 Searching for Cases

When a customer telephones with a question or problem, you can search all customers and cases quickly through any combination of factors.

For example, you can search for a customer's open case by entering his login ID and New, Pending, and Escalated for his case status.

Another example is searching for CSR cases created between a month ago and yesterday.

To search cases:

1. From the Cases Search page, specify criteria in the Search Filter.

   The filters are shown in Table 4-2.

   Table 4-2 Search Filters

   Filter	Description
   Organization ID	To locate cases for an organization, select the Organization ID. In a Multitenant deployment, CSRs only have access to cases limited to an Organization.
   User name	To locate cases for a specific user, enter his user name or part of a user name in the Username field.
   User ID	To locate a case by the user identifier.
   Case ID	To locate a specific case, enter the case ID.
   Description Keyword	To locate a case by a keyword that is in the description, enter the word you want.
   Case Type	To filter cases by case type, select CSR.
   Severity Level	To filter cases by severity level, select Low, High, or Medium.
   Case Status	To filter cases by case status, select New, Pending, Closed, Escalated.
   Expired	To filer the list by expired, select the option you want. The options available are: Hide Expired Show Only Expired
   Create Date	To locates cases created within a given create date range, enter the start and end dates you want for the range.
   Disposition	To filter cases by dispositions, you can select: Confirmed Fraud Duplicate False Negative False Positive Issue Pending Issue Resolved Not Fraud The disposition describes the way in which the issue was resolved in a case. Cases only have dispositions when they are closed. If a case has any status besides closed, the disposition is left blank.

   
   

2. Click Search.

Figure 4-2 Cases Search page

The Search Results table displays a list of cases that meet the criteria you specified.

The checkbox column (1st column) is used for selecting rows. If no row is selected, the Create Like and Bulk Edit buttons are disabled.

There is a link on the case number. To view the case details, click the link.

4.4.2 Viewing a List of Cases

Depending on the criteria entered for the search, the Search Results table can display a list of cases. Information such as Case ID, Username, Organization ID, Description, Case Type, Case Status, Case Severity, Last Action Type, Date of Last Case Action, and Expiration Date is shown for the cases listed.

4.4.3 Searching for Open and Closed Cases

1. From the Cases Search page, search by Case Status:

   • New, Pending, and Escalated to locate open cases

   • Closed to locate closed cases

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page is displayed (Figure 4-3).

4.4.4 Searching Case by Description Keyword

Searching by description keywords would display all cases with any matching words in that was entered as a description during case creation.

1. From the Cases Search page, enter the description keyword to locate cases that contains the Description Keyword and click Search.

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

4.4.5 Viewing a List of Cases

Searching by description keywords would display all cases with any matching words that was entered as a description during case creation.

4.5.1 Case Actions

Case Details also provides access to the actions that can be taken, a log of case activity, and a list of customer sessions.

From the Case Details page, the following options are available:

• Add Notes

• Ask Question

• Customer Resets

• Temporary Allow (CSR Manager Only)

• Change Severity

• Change Status

• Extend Expiration Date (CSR Manager Only)

• Escalate Case (CSR Manager Only)

4.5.2 Viewing Case Details

The following information is displayed in Case Details.

• Case Status - The current state of a case. Status values used for the case are New, Pending, Escalated, or Closed.

• Severity Level - The available severity levels are High, Medium, and Low. For information about severity levels, see Section 4.1.9, "Severity Level."

• Description - The details for the case. A description is required.

• Case Created - The date and time the case was created.

• Last Case Action - The last action executed in the CSR case.

• Date of Last Case Action - The date when last action occurred.

• Last Global Case Action - The last action that occurred for this user in all CSR cases. Escalated cases are not taken into account.

• Date of Last Global Case Action - The last action performed against the user online.

• Expiration Date (for CSR cases) - The date when a case expires. For information about expiration dates, see Section 4.1.10, "Expiration Date."

• Disposition - The description of how the issue was resolved when the case was closed. Cases only have dispositions when they are closed. If a case has any status besides closed, the disposition is left blank.

4.5.3 Viewing User Details

The following information is displayed in User Details.

• User name - Identifier a user uses to log in

• Organization ID - The unique ID for the organization the user belongs in

  The combination of User name and Organization ID is the unique identifier for a user accessing an application.

  In a multitenant deployment, CSRs only have access to cases limited to an Organization.

• Completed Registration - If the user has completed registration, this field shows Yes; otherwise it shows No. To be registered a user may need to complete all of the following tasks: Personalization (image and phrase), registering challenge questions/answers and email/cellphone.

• Personalization Active - When the user has an image, a phrase and questions active, this field would display Yes. If any one of these are reset, this field would display No.

• Questions Active - If user has completed registration, but questions have been reset, and the user has not gone back and registered new ones, this field would display No. This field shows Yes if the user has completed registration and questions exists by which he or she can be challenged.

• OTP Active - If supported OTP delivery channels are registered, the field shows Yes.

• Last Online Action - The last action that the user executed. For example, Block is displayed if the user is blocked.

• Date of Last Online Action - The date when the last online action was executed.

• Temporary Allow Active - If temporary allow is active, this field shows Yes; otherwise the field shows No.

• Temporary Allow Expiration Date - When temporary allow is enabled; this field tells you when it expires. If temporary allow is 7 days, the expiry date is a week from today.

4.6.1 Viewing the Case History

To view the case history:

1. From the Cases Search page, specify criteria in the Search Filter.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   View the activity log for that case (Figure 4-4).

4.6.2 Searching the Log of a Case

To search the log of a case:

1. Display the log for the case you want to search, as described in Section 4.6.1, "Viewing the Case History."

2. Enter the search criteria and click Search.

   Table 4-3 Log Search Filters

   Filter	Description
   Notes Keyword	Keyword in notes describing why an action was taken in a case. For example, suspected fraud.
   ARM ID	The type of agent that performed the action. For example, csrm1
   Create Date	The date of the case action.
   Action	The action taken for the case. For example, escalation.

   
   

4.6.3 Viewing Escalated Case Logs and Notes

To view the log and notes of an escalated case:

1. In the Cases Search page, search by the case status and by other filters to locate the case.

   For example, search for Escalated cases for Alex's username.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. Click the Log tab.

   The activity log for that case appears.

4. Enter the search criteria and click Search.

4.7.1 Viewing a Customer's Session History

To view a customer's session history:

1. From the Cases Search page, specify criteria in the Search Filter.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears.

3. Click the Sessions tab (Figure 4-5).

4.7.2 Searching for a Customer's Sessions

To search for a customer's sessions:

1. Display the list of sessions for the case, as described in Section 4.7.1, "Viewing a Customer's Session History."

2. Enter search criteria and click Search.

   Table 4-4 Sessions Search Filters

   Filter	Description
   Session ID	The ID for the session. For example, 11702.
   Device ID	The device ID. For example, 1803.
   Auth Status	The authentication status. For example, Success.
   Alert Level	The alert level. For example, Info
   Transactions	The transaction performed.
   Login Time	The time the customer logged in to perform the transaction. For example, 5/11/09.

   
   

4.7.3 Searching for a Customer's Sessions by Device ID or Date Range

To search for a customer's sessions by device ID or date range:

1. Display the list of sessions for the case, as described in Section 4.7.1, "Viewing a Customer's Session History."

2. To search the sessions by Device ID, enter the ID of the device.

3. To search the sessions by login date range, click the calendar icons and select the start date and the end date.

4. Click Search.

4.7.4 Filtering the Session History by Authentication Status or Alert Level

To filter the list of customer's sessions by authentication status or alert level

1. Display the list of sessions for the case, as described in Section 4.7.1, "Viewing a Customer's Session History."

2. To filter the sessions by authentication status, select the authentication status you want.

3. To filter the sessions by alert level, select the alert level you want.

4. Click Search.

4.7.5 Viewing Transactions in the Sessions History

To view the customer's transactions.

1. Display the list of sessions for the case, as described in Section 4.7.1, "Viewing a Customer's Session History."

2. Filter the log by transactions.

3. Click Search.

4.8.1 Creating a Case

A new CSR case is created by a CSR Manager or CSR when a customer care situation occurs either online or through a phone call. The CSR or CSR Manager searches by username for all cases for that user. Depending on the case, the CSR or CSR Manager decides if a new case must be created or if it can be handled with an existing case for that user.

To create a new case:

1. In the Cases Search page, click New Case.

   The Create Case screen appears.

   You could also open the Create Case screen by right-clicking Cases in the Navigation tree and selecting New Case from the context menu that appears.

   Figure 4-6 Create Case

   
   

2. Enter the Organization ID and User name or only the User ID.

   User name is the identifier a user uses to log in. The combination of User name and Organization ID is the unique identifier for a user accessing an application.

   User ID is unique identifier generated by the system for the user.

   The Username is case-sensitive.

   The unique Organization ID and User name combination must be available in the system.

   If the username is invalid or does not use the correct uppercase and lowercase, an error message appears when you press Create.

3. Select a severity level from the Severity Level list

   The available severity levels are High, Medium, and Low.

4. Enter a description of the case in the Description field, or multiple descriptions from the Description list, or both.

   You can enter any description, for example, if a customer calls and says that he or she cannot "do banking," you could create a case for the customer with the description "can't do banking."

   Description is a required field. The Create button is disabled until a description is entered.

   The Description field can contain alphanumeric and special characters, but it should not exceed 4000 characters.

   You can select multiple descriptions from the Description list for the same case.

   You can select a description from the Description list, one at a time for any number of times. Each description selected from the list is appended to the previous.

5. Click Create or Cancel.

   The Create button is disabled until all the fields are entered. No fields can be left blank.

   If an invalid parameters were entered, an error message is displayed and the new case is not created.

   If you click Cancel, the Cases Search page appears.

   If you click Create, a new case is created, and you are directed to the Case Details page of the newly created case.

4.8.2 Creating a Case Like Another Case

To create a new case that is similar— or "like"—an existing case:

1. From the Cases Search page, select a case by clicking in the checkbox next to case in the Search Results table.

2. Click the Create Like button.

   The Create Like button is disabled if you select multiple rows in the Search Results table.

   The Create Case Like screen appears with pre-populated data from the original case.

   If you had chosen a closed case, the Create Case Like screen shows pre-populated data from the case except the Case Status is New.

   If you had chosen an escalated case, the Create Like screen shows pre-populated data from the case except the Case Status is New and the Case Type is CSR.

   Figure 4-7 Create Like

   
   

3. Enter a description in the Description field, or select a description from the Description list, or both.

   Description is a required field. The Create button is disabled until a description is entered.

   You can select multiple descriptions from the Description list for the same case.

   You can select a description from the Description list, one at a time for any number of times. Each description selected from the list is appended to the previous description.

   If you are entering a description, the Description field can contain alphanumeric and special characters, but it should not exceed 4000 characters.

4. Edit any of the other fields if you want.

   Do not leave any fields blank.

5. Click Create or Cancel.

   If you click Cancel, the Cases Search page appears.

   If you click Create, a new case is created with data from the original case and your changes, and you are directed to the Case Details page of the newly created case.

4.10.1 Resetting Image

If you reset a customer's image, OAAM Admin randomly assigns a new image to the customer. After resetting the image, you can inform the customer that the authenticator will display a new image at the next log in to the Web site. The same phrase will continue to be used

If a customer is not registered and does not have an image to reset, an error message will appear if you try to reset his image.

To reset a customer's image:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

   Figure 4-9 Customer Resets

   
   

4. In the User Item list, select Image.

5. In the Notes list, select the note you want to add.

6. Edit the note describing why you are taking the action, if necessary.

7. Click Submit.

4.10.2 Resetting Phrase

When the customer's phrase is reset, a new one is randomly assigned to the customer. After resetting the phrase, you can inform the customer that the authenticator will display a new phrase the next time he or she logs in to the Web site. The same image will continue to be used.

To reset a customer's phrase:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

4. In the User Item list, select Phrase.

5. In the Notes list, select the note you want to add.

6. Edit the default notes in the Notes field.

7. Click Submit.

   An error message appears if the customer is not registered and does not have a phrase to reset.

4.10.3 Resetting Image and Phrase

If you reset a customer's image and phrase, OAAM Admin generates a new image and phrase and assigns them to the customer. Afterward, you can inform the customer that the authenticator will display a new personal image and phrase at the next log in to the Web site.

To reset a customer's image and phrase:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

4. In the User Item list, select Image and Phrase.

5. In the Notes list, select the note you want to add.

6. Edit the default notes in the Notes field.

7. Click Submit.

   An error message appears if the customer is not registered and does not have a phrase and an image to reset.

4.10.4 Unregistering Devices

When you unregister devices, OAAM Admin unregisters all of a customer's devices. The customer can register another device if he wants.

To unregister a customer's devices:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

4. In the User Item list, select Unregister Devices.

5. In the Notes list, select the note you want to add.

6. Edit the default notes in the Notes field.

7. Click Submit.

4.10.5 Resetting OTP Profile

When a customer's OTP profile is reset, the system deletes the contact information that is used to send the OTP.

OAAM deployments may choose to use both KBA and OTP. If that is the case, if the OTP profile is reset, but questions are still active, the customer will be asked to reregister OTP information at the next login.

To reset a customer's OTP profile:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

4. In the User Item list, select Reset OTP profile.

5. In the Notes list, select the note you want to add.

6. Edit the default notes in the Notes field.

7. Click Submit.

4.10.6 Resetting Virtual Authentication Device

A customer may sometimes ask to have the virtual authentication device reset.

To reset a customer's virtual authentication device:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

4. In the User Item list, select Reset Authentication Pad.

5. In the Notes list, select the note you want to add.

6. Edit the default notes in the Notes field.

7. Click Submit.

4.10.7 Unlock OTP

The CSR unlocks the customer who calls because he or she has been OTP-locked. Unlocking the customer resets the customer's OTP failure counter to 0.

To unlock OTP for the customer:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

4. In the User Item list, select Unlock OTP.

5. In the Notes list, select the note you want to add.

6. Edit the default notes in the Notes field.

7. Click Submit.

4.10.8 Resetting a Customer's Challenge Questions, Question Set, Image, and Phrase

The Customer (All) option resets the challenge questions, question set, image, and phrase. Afterward, inform the customer that security registration is required at the next log in to the Web site.

To reset a customer's challenge questions, question set, image, and phrase:

1. Search for the case from the Cases Search page.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, click Customer Resets.

   The Customer Resets screen is displayed.

4. In the User Item list, select Customer (All).

5. In the Notes list, click the note you want to add.

6. Edit the default notes in the Notes field.

7. Click Submit.

4.11.1 Performing Challenge Questions Related Actions

Open the Challenge Questions screen by following these instructions:

1. From the Cases Search page, search for the case you want.

   For information, see Section 4.4.1, "Searching for Cases."

2. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

3. On the menu bar, select More Actions, and then click Challenge Questions.

   The Challenge Questions screen appears.

   Figure 4-10 Challenge Questions

   
   

4.11.2 Resetting Challenge Questions

Resetting challenge questions deletes the existing questions and answers and generates a new question set for the customer to register from. The customer is informed that registration of challenge questions (select new questions and answers from his or her question set) is required at the next log in to the Web site.

To reset a customer's challenge questions:

1. Open the Challenge Questions screen, as described in Section 4.11.1, "Performing Challenge Questions Related Actions."

2. In the Item list, select Reset Questions.

3. In the Notes list, select the note you want to add.

   For example, you could select the Forgot Question/Answers.

4. Click Submit.

   After completing the task, you can enter a note about the actions that were taken (Section 4.13, "Adding Notes to Cases") and change the status of the case if necessary (Section 4.15, "Changing Status of a Case").

4.11.3 Resetting Challenge Questions and the Question Set

Resetting the challenge question set resets the challenge questions and the question set that the customer can register questions from. The customer is informed that registration of challenge questions is required at the next log in to the Web site.

To reset a customer's challenge questions and the set of questions to pick from:

1. Open the Challenge Questions screen, as described in Section 4.11.1, "Performing Challenge Questions Related Actions."

2. In the Item list, select Reset Question Set.

3. In the Notes list, select the note you want to add.

4. Click Submit.

   After completing the task, you can enter a note about the actions that were taken (Section 4.13, "Adding Notes to Cases") and change the status of the case if necessary (Section 4.15, "Changing Status of a Case").

4.11.4 Incrementing a Customer to His Next Question

If you reset the customer's next question, OAAM Admin advances the customer to the next challenge question in his list of registered questions. So if he is currently being asked question A, he is now asked question B or C. The customer is informed that he will be asked a different challenge question the next time he logs in to the Web site.

To increment a customer to his next question:

1. Open the Challenge Questions screen, as described in Section 4.11.1, "Performing Challenge Questions Related Actions."

2. In the Item list, select Next Question.

3. In the Notes list, select the note you want to add.

4. Click Submit.

   After completing the task, you can enter a note about the actions that were taken (Section 4.13, "Adding Notes to Cases") and change the status of the case if necessary (Section 4.15, "Changing Status of a Case").

4.11.5 Unlocking a Customer (KBA)

When you unlock a customer, he or she will be forced to register new questions and answers the next time he successfully logs in. A customer is locked when he or she fails to answer a KBA challenge more than the set threshold.

To unlock the customer:

1. Open the Challenge Questions screen, as described in Section 4.11.1, "Performing Challenge Questions Related Actions."

2. In the Item list, select Unlock Customer.

3. In the Notes list, select the note you want to add.

4. Click Submit.

   After unlocking the user you can close the case if desired (Section 4.15, "Changing Status of a Case").

4.11.6 Performing KBA Phone Challenge

Users can be authenticated over the phone using their registered challenge questions. This option is not available for unregistered users or in deployments not using KBA.

To use a customer's challenge questions for phone authentication:

1. Open the Challenge Questions screen, as described in Section 4.11.1, "Performing Challenge Questions Related Actions."

2. In the Item list, select Ask Question.

3. In the Notes list, select User Challenged.

   If you select User Challenged, the Notes field will contain the phrase, Request for customer question, which you can edit to describe why you are taking the action.

4. Click Submit.

5. In the confirmation dialog, click OK.

   The Ask Question screen appears displaying a challenge question to ask the customer and a field to enter customer's response.

6. Enter the customer's answer in the Answer field.

7. Click Submit.

4.15.1 Changing Case Status to Pending

Pending is the status of a case that is not yet resolved. To change the case status to pending.

1. In the Navigation tree, double-click Cases.

   The Cases Search page is displayed.

2. For Case Status, select New.

   For information, see Section 4.4.1, "Searching for Cases."

3. Click the case number of the case you want.

   The Case Details page is displayed (Figure 4-3).

4. In the menu bar, click More Actions, and then click Change Status.

   The Change Status screen appears.

5. For Status, select Pending.

6. Enter a note describing the issue.

   Select a description from the Notes list or enter a new note.

7. Click Submit.

   A confirmation dialog is displayed.

8. Click OK.

4.15.2 Closing a Case

Closed is the status of a case when the issue is resolved. To close a case:

1. In the Navigation tree, double-click Cases.

   The Cases Search page is displayed.

2. For case status, select New or Pending.

   For information, see Section 4.4.1, "Searching for Cases."

3. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

4. Click More Actions on the menu bar, and select Change Status.

   The Change Status screen appears.

5. For Status, select Closed.

6. Select a disposition from the Disposition list.

7. Enter a note describing the issue.

   Select a description from the Notes list or enter a new note.

8. Click Submit.

   A confirmation dialog is displayed.

9. Click OK.

4.15.3 Reopening Closed Cases (CSR Manager Only)

To reopen a closed case:

1. In the Navigation tree, double-click Cases.

   The Cases Search page is displayed.

2. Search cases by case status Closed.

   For information, see Section 4.4.1, "Searching for Cases."

3. Click the case number of the case you want.

   The Case Details page appears (Figure 4-3).

4. Click More Actions on the menu bar, and select Change Status.

   The Change Status screen appears.

5. In the Status list, select New or Pending.

6. Extend the expiration date.

7. Enter a note describing the issue.

   You can select from existing notes or enter a new note.

8. Click Submit.

4.20.1 Use Case: Customer Session Search and Case Creation

Carl is Dollar Bank CSR.

One of the users "Tim" who is blocked, calls Carl and asks him to create a case for his blocked status.

1. Carl searches sessions and creates a case.

   1. Carl must search sessions for users with blocked logins.

   2. Carl must search first the session for "Tim" and see his logins history for last one month.

   3. He then must search for cases that might be there for Tim.

      Carl finds no cases for Tim.

2. Carl creates a case by choosing out-of-the-box texts for blocked login.

   Some days pass and Tim calls again to find out about the case.

3. Carl finds the case and then finds it expired, so he reopens it.

4. Carl also escalates the case. After escalation he will no longer see the case in the search.

Jackie is CSR Manager.

1. She logs in and searches for escalated cases.

2. She finds Tim's case and views it.

3. She looks at the action logs of the case and figures who created and acted on it.

4. She adds notes to case saying she will work on it.

4.20.2 Use Case: Reset Challenge Questions

You are Jerry, a customer service representative at Acme Corp. You answer phones at the call center and assist users with issues they may be experiencing. You received a call from Henry, a user who has forgotten the answers to his challenge questions. You must verify his personal information before you can reset his answers.

Directions: Part A: Authenticate Henry in another system by verifying personal information such as home address and last four digits of his SSN. His Login ID is xxxx.

Directions: Part B: Then, open a new CSR case for Henry and reset his challenge questions.

Directions: Part C: Now, close the case with a resolved disposition and notes.

1. Log in to OAAM Admin as a Customer Service Representative.

2. In the Navigation tree, double-click Cases. The Cases Search page is displayed.

3. In another system enter Henry's Login ID and verify his home address and last four digits of his SSN.

4. Search open cases by user.

   Search for Henry's open cases by entering xxxx into the Login ID field and selecting New, Pending, and Escalated for his case status.

   New, pending, and escalated cases do not exist for Henry; therefore, you must create a new case.

5. Create a new case.

   1. In the Cases Search page, click the New Case button.

      The Create Case screen is displayed.

   2. Enter the Henry's username, xxxx, in the Login ID field and select the Organization ID (group Henry belongs to).

   3. For severity level, select Low from the Severity Level list

      The available severity levels are High, Medium, and Low.

   4. Select Forgot question answers from the Description list.

   5. Click Create.

      The Create button is disabled until all the fields are entered.

      If invalid parameters were entered, an error message is displayed and the new case is not created.

      If you click Create, the new case is created.

      A confirmation message appears.

   6. Click OK to dismiss the confirmation message.

6. Reset Henry's questions.

   1. To reset Henry's questions, in the Case Details page, select More Actions and then select Challenge Questions.

      Authenticator uses questions as additional credentials to help prevent fraud. From the Challenge Questions screen, you can perform questions-related actions for the customer when necessary.

   2. In the Item list, select Reset Questions as the question-related action to perform.

   3. In the Notes list, select Forgot Question/Answers.

   4. Click Submit to reset Henry's questions.

      When you reset a customer's challenge questions, OAAM Admin deletes the existing questions and answers and generates a new question set for customers to register from.

      A confirmation message appears.

   5. Click OK to dismiss the dialog.

7. Add notes on the case.

   Each time you take an action in a case you should enter a note describing why you are taking the action. The notes are saved to the case log.

   1. Click Add Notes on the menu bar to add notes on the case.

   2. Enter a note that Henry's challenge questions were reset.

   3. Click Submit.

      If you click Submit, the notes are saved to the case log.

      A confirmation message appears.

   4. Click OK.

8. Inform Henry that he will go through challenge questions registration (select new questions and answers from his question set) the next time he logs in.

9. Close the case with a disposition.

   1. To close the case, in the Case Details page, click More Actions and select Change Status.

      Case status refers to the current state of a case.

   2. In the Status list, click Closed.

      Closed is the status of a case when the issue is resolved.

   3. For the disposition select Issue Resolved.

   4. Select Issue Resolved from the Notes list as the note describing the issue.

      You can select from existing notes or enter a new note.

   5. Click Submit.

      A confirmation message appears.

   6. Click OK to dismiss the dialog.

4.20.3 Use Case: Reset Image and Phrase

You answer a call from Nancy, a user who does not like the virtual device personalization she registered. She would like you to change it for her. You explain that Nancy can do this herself on the User Preferences page of the Authenticator, but she insists that you reset her image and phrase.

Directions: Part A: Open a new CSR case for Nancy and reset her image and phrase. You tell her that her virtual authentication device will show a new image and phrase the next time she logs in.

Directions: Part B: Then, close the case with a resolved disposition and enter some pertinent notes.

1. Log in to OAAM Admin as a Customer Service Representative.

2. In the Navigation tree, double-click Cases. The Cases Search page is displayed.

3. Search open cases by user.

   Perform a search by case number or by Nancy's Login ID and a Case Status of Open, Pending, or Escalated to find out whether a case already exists.

   Since an open case to reset her personalization does not exist, you create a new case.

4. Open a new case.

   1. Click New Case to create a new case.

      The Create button is disabled until all the fields are entered. No fields can be left blank.

   2. Enter the required details.

   3. Click Create.

      If invalid parameters were entered, an error message is displayed and the new case is not created.

      If you click Create, a new case is created and a confirmation dialog is displayed with the case ID number.

   4. Click OK in the Create Case confirmation dialog.

      The Case Details page for the newly created case is displayed.

5. Reset the user's image and phrase.

   1. In the menu bar of the Case Details page, select Customer Resets. The Customer Resets screen appears.

   2. In the User Item list, select Image and Phrase.

   3. In the Notes list, select the type of note you want to add.

   4. In the Description field, modify the description to suit your needs.

   5. Click Submit. A confirmation dialog is displayed with the message that the customer has been assigned a new image and phrase.

   6. In the confirmation dialog, click OK.

      When you reset a customer's image and phrase, OAAM Admin generates a new image and phrase and assigns them to the customer.

6. Tell Nancy that her virtual authentication device will show a new image and phrase the next time she logs in.

7. Close the case with a disposition.

   1. In the menu bar, click More Actions, and then click Change Status.

      The Change Status screen appears.

   2. In the Status list, click Closed.

   3. For the disposition, select Issue Resolved.

   4. Enter a note describing the issue.

      You can select from existing notes or enter a new note.

   5. Click Submit. A confirmation dialog is displayed with the message that the case status was successfully saved.

   6. Click OK to dismiss the dialog.

4.20.4 Use Case: Bulk Edit CSR Cases

You are Mike, a customer service manager at Acme Corp. The company policy for CSR cases is that cases should be closed as soon as the user issue is resolved. After a month you close out any CSR cases that have been left open by mistake. Directions: Today is the end of the month, so you are going to bulk-close any cases older than 24 hours and newer than a month ago.

To bulk edit CSR cases:

1. Log in to OAAM Admin as a Customer Service Representative Manager.

2. In the Navigation tree, double-click Cases.

   The Cases Search page is displayed.

3. Search the pending CSR cases created between a month ago and yesterday.

   1. In the Case Status field, select Pending.

   2. For Create Date, enter the date and time for the last day of the previous month.

   3. For End Date, enter the date and time 24 hours ago.

   4. Click Search.

4. Select all cases and close them with a disposition and notes.

   1. Select all cases listed in the Search Results table.

   2. Click the Bulk Edit icon on the Search Results toolbar.

      The Bulk Edit screen appears.

   3. In the Status list, click Closed.

   4. For the disposition, select Issue Resolved.

   5. Enter a note that says that the case was left open by mistake.

   6. Click OK. A confirmation dialog is displayed with the message that the bulk editing operation was performed successfully.

   7. Click OK to dismiss the dialog.

4.20.5 Use Case: CSR Manager Bulk Case Edit

Carl is Dollar Bank CSR manager. He comes into work each morning and searches through the CSR cases to check on status and clean up if needed. First he runs a search for CSR cases that are expired. There are four cases with the Expired status, so Carl looks at the creation dates for each. All are more than two days old. One of them has a High severity and the last action was a Temp Allow. The other three were Low severity cases with Phone Challenge as the last action. He selects these three and closes them with a disposition of expired and resolved. Carl opens the high severity case to look at the log. He sees that the temporary allow is active for another week so he leaves the case in the expired status as a marker.

1. Log in to OAAM Admin.

2. In the Navigation tree, double-click Cases. The Cases Search page is displayed.

3. In the Expired field, select Show Only Expired.

4. In the Case Type field, select CSR.

5. Click Search

   There are four cases with the Expired status.

6. View Create Date column for the four cases in the Search Results table.

   • All are more than two days old. (View Create Date)

   • One of them has a High severity and the last action was a temp allow. (View Case Severity and Last Action Type columns.

7. Select the three cases and click Bulk Edit.

8. In the Status field, select Closed.

9. In Deposition field, select Issue Resolved.

10. In Notes, enter expired and resolved.

11. Click the Case ID for the High severity case.

12. In the Case Details page, view the log for log code and notes.