How to use CAPTCHA in a conversational interface?

In today's digital world, robust authentication mechanisms are an absolute necessity. With the increase in cybercrime, it is essential to protect personal and sensitive information. As stated in the last OWASP 2023 Top 10 Vulnerabilities report, authentication mechanisms are the first line of defence against unauthorized access to online accounts. Furthermore, the new ISO 27001:2022 certification standard dedicates specific controls and clauses to ensure secure authentication procedures.

A robust authentication mechanism is the key to unlocking a great number of self-services. For example, making financial operations, changing insurance policy details or consulting medical test results are operations that individuals can perform online if they pass a strong authentication screening.

However, there are situations where robust authentication mechanisms are not possible. This is the case of quote&buy journeys, where customers are not registered and identified apriori, but also when agents and advisers are about to request some actions on behalf of their clients.

In such cases, the list of self-serve services experiments a physiological reduction because some critical actions won’t be accessible to an unidentified user. Reducing the risk of robots and Denial of Services attacks is also important by using additional security measures like CAPTCHA codes and other techniques.

CAPTCHAs, in particular, are a popular security measure used to prevent automated attacks by requiring users to prove they are human and they nicely fit conversational interfaces. A handy-style text over a noisy background is generated and displayed to the user as an image. Automated Optical Character Recognition (OCR) detectors won’t be able to easily guess the keyword by reading the image.

The main three requirements for a good CAPTCHA code generator are:

All Posts

What did we learn from going through the new ISO 27001:2022 certification?

5 min read

In addition to the challenges posed by the global economic slowdown, businesses now face an increased need for robust cybersecurity measures. As technology advances rapidly, there is a growing threat of cyber-attacks and data breaches. In response, the International Organization for Standardization (ISO) has introduced the new ISO 27001:2022 certification, which sets the standard for information security management systems and replaces the previous ISO 27001:2013 framework.

Even though the deadline to implement this new version is the 31st of October 2025, we decided to embrace this opportunity to learn the new best practices as fast as we could and be amongst the first to be certified.

Why go through the ISO 27001 certification in the first place?

In 2020, we embarked on a transformative journey towards achieving the esteemed ISO 27001:2013 standard. Throughout this process, we gained invaluable insights into enhancing our policies, refining our information management strategies, and adopting a risk-based approach ingrained in Spixii's culture since its inception in 2016. This commitment to excellence and continuous improvement has allowed us to meet the ISO 27001:2013 standard and exceed it.

By undertaking this transformative journey, we have demonstrated our unwavering dedication to information security and protecting the valuable assets of our clients. Through rigorous risk assessments, incident response plans, robust Data Protection Impact Assessment (DPIA) and ongoing monitoring and improvement, we have fortified our defences against cyber threats and ensured the confidentiality, integrity, and availability of sensitive data.

Our journey towards ISO 27001:2013 certification has strengthened our internal operations and positioned us as an expert SaaS provider in the insurance industry. As insurers handle vast amounts of personal and financial data, they must prioritise information security to protect their customers and maintain their reputation. By achieving this certification, we have shown our commitment to safeguarding our policyholders' data and have instilled confidence in our clients that appropriate measures are in place to prevent unauthorised access while talking to their chatbot.

What are the changes between ISO 27001:2013 and ISO 27001:2022?

The release of ISO/IEC 27001:2022 in October 2022 has brought significant updates to the world's leading information security standard. ISO 27001 provides control requirements for establishing an Information Security Management System (ISMS). This latest version, ISO 27001:2022, is a moderate update from its predecessor, ISO 27001:2013, with the majority of changes focused on the Annex controls, aligning them with the updates made to ISO 27002:2022 earlier in the year. The Annex controls have undergone restructuring, with new additions and some being merged or renamed.

The principal clauses of ISO 27001:2022 remain the same as in the previous version, but there have been slight modifications to the text to enhance alignment with other ISO management standards. These changes aim to facilitate a better understanding of how Annex A controls contribute to information security. Previously, the domain names were more geared towards IT professionals than management. As organizations strive for certification under ISO 27001:2022, they must update their Statement of Applicability to reflect the new structure.

One significant update within Annex A is the introduction of 11 new controls. Organizations currently certified under ISO 27001:2013 must ensure that they have appropriate processes to meet these new requirements or establish new processes to incorporate the controls into their existing ISMS. Notably, the inclusion of "threat intelligence" emphasizes the importance of gathering and analyzing information about threats to enable proactive risk mitigation. Companies certified under ISO 27001:2013 may not have previously addressed this element, highlighting threats' evolving nature and risk mitigation's continuous nature. ISO 27002 can provide further clarity on this topic, offering additional implementation guidance. New specific controls to handle remote workers are also now in place to guarantee business continuity.

From now on

With our extensive experience in ISO 27001, enriched also by the relationship with different independent auditors, we pride ourselves on our commitment to maintaining up-to-date documents and policies for both internal and external audits. This dedication ensures that we are always meeting the latest industry standards and regulations.

One of the significant advantages of achieving certification with the latest ISO 27001:2022 standards is the accelerated speed at which organizations can leverage and implement the Spixii CPA platform. By adhering to these stringent standards, we have streamlined the IT procurement process, allowing for quicker and more efficient implementation of our platform. In fact, we have already prepared comprehensive documents that address 99% of the inquiries typically raised during the procurement process. This level of preparedness not only saves valuable time and resources for our clients but also demonstrates our commitment to providing a seamless and hassle-free implementation experience.

For customer service operations, the benefits of our ISO 27001 certification translate into faster productivity gains and an enhanced customer experience. By adhering to strict information security standards, we can ensure the confidentiality, integrity, and availability of sensitive data, providing peace of mind to both our clients and their customers. In addition, our commitment to continuous improvement and risk-based approach means that we are constantly monitoring and enhancing our security measures, staying one step ahead of cyber threats. This proactive approach allows us to deliver a seamless and secure customer experience, while also mitigating potential risks and ensuring compliance with industry regulations.

A prime example of the positive impact of our ISO 27001 certification is our partnership with a large international health provider. Through this collaboration, we have been able to deliver immediate automated decisions for medical pre-authorisation, significantly reducing the interaction time from 40 minutes to just 2 minutes. This level of efficiency not only improves the customer experience but also enables healthcare providers to deliver faster and more accurate decisions, ultimately benefiting patients and improving overall healthcare outcomes. Discover how the new solution reduced the interaction time from 40 to 2 minutes ➜

Artboard – 23

For more information on other use cases, you can download a copy of the most recent Spixii white paper here below to understand the specific challenges for financial services organisations and get tangible insight into how conversational process automation can help overcome them ⬇⬇⬇

Recent Posts

How to use CAPTCHA in a conversational interface?

In today's digital world, robust authentication mechanisms are an absolute necessity. With the increase in cybercrime, it is essential to protect pers...

Read more

The sweet spot between smooth operations and customer experience

3 min read Gone are the days of interactions where customers and businesses would have to come face-to-face for a transaction. Thanks to the mighty po...

Read more

How can customer service operations save money?

5 min read Efficient and effective customer service operations can significantly impact a company's finances. By providing customers with prompt and a...

Read more

What are the 3 steps to reduce the stress experienced by customer service consultants?

5 min read As a customer service consultant, many factors can cause stress and anxiety in the workplace. One of the biggest causes of stress is dealin...

Read more
2024 Spixii WP - How to deliver expert customer service immediately, consistently and around the clock

Download your FREE Spixii White Paper copy

Discover how to deliver expert customer service immediately, consistently and around the clock:
  • Key KPIs that make or break
  • Making compliance teams happy
  • De-risking the transition to automation