Parag-PowershopAU
commented
1 year ago Summary of the solve: A retailer's responsibility ends with providing mailing addresses if there are multiple mailing address. 11/05/2023 AEC/DSB Call
Closed Parag-PowershopAU closed 1 year ago
Parag-PowershopAU
commented
1 year ago Summary of the solve: A retailer's responsibility ends with providing mailing addresses if there are multiple mailing address. 11/05/2023 AEC/DSB Call
Description
There is a requirement to share a customer's mailing/email address in the "Get Customer Detail" request. However, it is possible for a customer to have multiple mailing addresses in our system, and similar setups are utilized by other energy retailers (as voiced in the AER/DSB Forum). This poses a challenge because if ADR intends to use the mailing address to send correspondence to the customer, ADR would not know which mailing address corresponds to which account.
Sample Scenario: A financial service provider is working with "John Doe," who is a Powershop customer, to obtain a loan for solar. John owns two properties:
Property 1 is managed by a real estate agent. Bills are sent to the mailing address, which is a PO BOX 1 address for the real estate agent.
Property 2 is John's primary residence, where he intends to install solar and the mailing address he has is PO BOX 2.
When ADR sends a request to Powershop to get John's details, Powershop provides two mailing addresses to ADR. However, ADR is providing a quote for a solar loan for Property 2 and would not know which mailing address is related to John's primary residence. This creates a concern of a breach where documents that ADR sends may end up with the unintended party.
This issue is based on the assumption that the use case for requesting address for customers is for ADR's to possibly send correspondence to those addresses. And issue is likely to occur for mailing address (Issue with powershop systems), unlikely, but possible with email address as well (not in powershop systems though).
Area Affected
In response to the "Get Customer Detail" request, we propose a change in ResponseCommonCustomerDetailV2 > CommonPersonDetailV2 > [CommonEmailAddress], [CommonPhysicalAddressWithPurpose]
ResponseCommonCustomerDetailV2 > CommonOrganisationDetailV2 > [CommonEmailAddress], [CommonPhysicalAddressWithPurpose]
Change Proposed
We propose to include an optional field in [CommonPhysicalAddressWithPurpose], which DH can provide the account identifier to help ADR link the mailing addresses to the relevant account. We are open to other effective solutions to solve this scenario.