E-commerce

AI chatbot to verify the correct contact person without exposing customer data

AI chatbot to verify the correct contact person without exposing customer data

July 1, 2026

"The bot gave me the full address before verifying who I was." "The AI processed my refund request without confirming my email." "I am the customer's assistant, and the chatbot refuses to help without offering a consent option." Three bot failures where the AI discloses PII too early, skips authentication, or blocks a legitimate third party without a workflow.

An e-commerce AI chatbot identity verification does not replace agent authentication (#122) or TPO-FLOW (#461). It classifies the interlocutor, applies risk-based authentication per action, discloses the minimum necessary, triggers third-party buyer consent, and manages the handoff before any financial or delivery changes are made.

This guide #462 covers intents bot_civ_*, flow CIV-BOT, and KPI civ_bot. It is distinct from CS authentication (#122) and third-party orders (#461): here, the focus is on the AI use case of verifying the interlocutor without exposing customer data.

Summary

Why automate identity verification using a bot?

A support bot that responds before authenticating exposes orders, addresses, and amounts to third parties or fraudsters. A bot that over-authenticates every WISMO frustrates genuine customers.

Bot identity volume and risk

On premium and luxury DTC, 15 to 25% of chat sessions involve an interlocutor other than the order email (third party, gift recipient, spouse). Without structured CIV-BOT, generic bots disclose PII or block without alternative consent.

Three risks of uncalibrated bot identity

  • Over-disclose: address, amount, items before auth

  • Under-auth: refund, modify without step-up

  • Third party dead-end: dry refusal without TPO-CONSENT

Shopify recommends risk-based friction: step-up as risk increases (Shopify, customer auth 2026). Cookie.solutions points out that support channels are targeted by fraud if identity is unverified (Cookie.solutions, support verification 2025).

Angle #462 vs neighboring content

Premium DTC Example

Luxury, 280 civ bot sessions/month, 22% over-disclose or under-auth baseline. After CIV-BOT + guardrails: civ_bot_auth_success_rate 87%, civ_bot_over_disclose 0, civ_bot_auto_resolve 62%, CSAT civ bot 4.5/5.

Bot is a gate, not a judge

CIV-BOT-SUP: bot qualifies required auth level, collects proof, handoff sensitive actions to agent if dispute arises.

Luxury third-party chat density

Highest civ_bot_session_rate vertical luxury: preload TPL-CIV-THIRD consent before peak season EA traffic.

Refund scam urgency pattern

bot_civ_fraud_signal urgency chargeback threat: escalate #121 no refund promise bot.

How does CIV-BOT differ from AUTH #122 and TPO #461?

Human auth, third-party ordering, and bot identity: three complementary security layers.

Role → bot flow matrix

  • #462 CIV-BOT: role classify, auth step-up, minimal disclose

  • #122 AUTH: levels 1-2-3 human policy

  • #461 TPO-FLOW: third-party consent execute agents

  • #442 GORD-BOT: guest lookup subset

  • #460 GFTRTN-BOT: gift return no price subset

Shared AUTH-MAP corpus

#122 defines auth level per action. #461 TPO-MAP third-party rules. #462 bot consumes both JSONs: action → auth_level → disclose_allowed.

Four BOT-CIV-TYPE flows

  • bot_civ_role_detect: buyer third recipient classify

  • bot_civ_auth_step_up: collect email zip OTP challenge

  • bot_civ_minimal_disclose: status generic until auth pass

  • bot_civ_consent_trigger: TPO-CONSENT email buyer third

Promise #462

Policy CIV-BOT-SUP, 12 intents bot_civ_*, flow CIV-BOT IV-1 to IV-8, guardrails, handoff payload, KPI civ_bot_*.

Pipeline support stack

CIV-BOT upstream gate → GORD-BOT / GFTRTN-BOT / returns bot post-auth pass → agents handoff dispute.

Stack bot identity ops

Shopify order API sanitize middleware, AUTH-MAP TPO-MAP JSON, Qstomy role classifier, OTP Klaviyo, MIN-DISCLOSE regex, Gorgias handoff auth payload.

30-minute bot ops training

Module 1: disclose third-party L0-L3. Module 2: MIN-DISCLOSE guardrail tests. Module 3: third consent flow. Quiz 90% before prod.

Which bot_civ_* intents to classify?

Twelve identity verification bot intents before CIV-BOT flows.

Twelve bot_civ intents

  • bot_civ_role_buyer: claims to be email order buyer

  • bot_civ_role_third: assistant parent spouse third party

  • bot_civ_role_recipient: recipient gift package

  • bot_civ_auth_email_match: verify email + order#

  • bot_civ_auth_challenge: zip phone SKU challenge KBA

  • bot_civ_auth_otp: OTP email order level 3

  • bot_civ_action_sensitive: modify refund cancel request

  • bot_civ_consent_third: trigger buyer consent

  • bot_civ_minimal_wismo: generic status without PII

  • bot_civ_fraud_signal: inconsistency refuse auth

  • bot_civ_preapproved_contact: authorized_contact metafield

  • bot_civ_account_logged_in: Shopify customer session badge

Required bot session fields

caller_role_hypothesis, auth_level_required, auth_level_achieved, action_requested, disclose_tier_allowed, consent_status, fraud_score, handoff_reason.

Action → auth level matrix

Tracking link: level 1. Detail items: level 2. Modify address refund: level 2-3. Change email account: level 3 OTP. Grounded #122 matrix bot.

Mining chat logs civ

Export 90 days of sessions with handoff auth_failed, over_disclose incident, third party blocked. Peak luxury B2B light accounts.

Confidence threshold role

Role classifier confidence below 0.8: TPL-CIV-ROLE clarifying question before IV-3 auth level lookup.

Intent priority resolution

When bot_civ_action_sensitive and bot_civ_role_third co-occur, IV-3 always picks highest auth level from AUTH-MAP before any disclose branch.

How does the bot consume AUTH-MAP and TPO-MAP?

The bot reads AUTH-MAP #122 and TPO-MAP #461 to calibrate auth and disclosure by action and role.

Lookup IV-4 bot

  • action → auth_level: wismo L1, refund L3

  • role → disclose_tier: buyer full, third limited, recipient gift

  • auth_method[]: email_match, zip_challenge, OTP

  • consent_required: third sensitive actions TPO-MAP

  • preapproved_contact: skip consent if metafield match

  • logged_in_bypass: customer account session = implicit auth L2

API response tiered disclose

Before auth pass: fulfillment_status generic, ETA window. After L1: tracking URL. After L2: items address. After L3: amount if policy allows buyer only.

Sanitize LLM context

Strip PII from context until auth_level_achieved >= auth_level_required. Prevents LLM leak address in draft before verify.

RAG corpus auth FAQ

/pages/third-party-support + auth policy chunks. Bot cite why verification needed without accusatory tone.

Risk score optional

Order value, VIP CRM, prior fraud flag: +1 auth level step-up. High value refund always L3 + agent handoff.

Disclose tier field denylist

Document per-tier Shopify fields allowed L0 L1 L2 L3. Code review each API version new PII fields.

Customer account OAuth bypass

Shopify new customer accounts logged widget: IV-2 buyer_direct auth_level_achieved 2 skip OTP routine WISMO.

How to write the CIV-BOT-SUP policy in eight rules?

The CIV-BOT-SUP identity bot policy governs verify-before-disclose and risk-based step-up.

Eight CIV-BOT-SUP rules

  1. Role before PII: IV-2 classify before any order lookup detail

  2. Minimal disclose default: generic status until auth pass

  3. Action auth grounded: AUTH-MAP level per action not bot invent

  4. Step-up sensitive: modify refund cancel require L2 L3 no shortcut

  5. Third consent path: TPO-CONSENT trigger not TPO-DENY only

  6. No confirm order exists on fail: auth fail generic message fraud

  7. Logged-in respect: customer session badge bypass redundant auth

  8. Handoff payload complete: auth_level role proof agent no repeat

Over-disclose zero tolerance

civ_bot_over_disclose incident P1: review transcript, fix sanitize pipeline, never address before L2 pass.

Empathy third party

bot_civ_role_third: explain verification protects client, offer consent path TPL-CIV-THIRD.

Recipient gift path

bot_civ_role_recipient: route #460 #459 gift rules limited disclose no buyer amount.

DPO review disclose tiers

Legal validate L0 L1 L2 L3 field allowlist before CIV-BOT prod. GDPR lawful basis per disclose tier documented.

Sensitive action bot block list

Bot never executes refund modify cancel API directly: handoff agent or authenticated returns portal post L3 only.

How to apply the CIV-BOT flow in eight steps?

The CIV-BOT IV-1 to IV-8 flow structures bot identity verification grounded maps.

Eight steps IV-1 to IV-8

  1. IV-1 Intent + action: classify bot_civ_* and action_requested

  2. IV-2 Role detect: buyer | third | recipient | unknown

  3. IV-3 Auth level lookup: AUTH-MAP + TPO-MAP for role action

  4. IV-4 Collect proof: email order zip OTP per level

  5. IV-5 Verify API: Shopify match auth_level_achieved

  6. IV-6 Branch: disclose tier | consent third | deny fraud | handoff agent

  7. IV-7 Execute: answer allowed tier | trigger consent | route subdomain bot

  8. IV-8 Log: role, auth levels, disclose tier, consent, handoff

IV-6 buyer auth pass

Route subdomain: GORD-BOT tracking, returns bot, invoice bot per action with auth already achieved payload.

IV-6 third limited

TPL-CIV-LIMITED status generic. Sensitive action: TPO-CONSENT email buyer IV-7 hold session.

IV-6 fraud deny

bot_civ_fraud_signal: TPL-CIV-DENY no PII confirm. Tag fraud handoff supervisor.

IV-5 OTP level 3

6 digit email order expire 10 min 3 attempts. Pass → auth_level_achieved 3 execute sensitive.

IV-2 logged-in shortcut

Shopify customer widget authenticated: skip IV-4 if customer_id matches order.customer_id.

IV-3 action keyword detect

Keywords refund modify cancel address trigger automatic auth level bump IV-3 even mid-conversation.

SLA bot auth response

IV-4 collect proof prompt under 5 s. OTP delivery under 30 s target legitimate buyer friction minimize.

Which bot templates and guardrails should be configured?

Eight identity bot templates and guardrails MIN-DISCLOSE NO-CONFIRM-FAIL.

TPL-CIV-ROLE (qualify interlocutor)

"To protect your order: are you the buyer (order email), the recipient, or a third party? What action do you wish to take?"

TPL-CIV-AUTH-L1 (email order match)

"Verification: enter order number and email used for purchase."

TPL-CIV-AUTH-L2 (KBA challenge)

"Additional step: delivery postal code or first 3 characters of the SKU of the first item."

TPL-CIV-LIMITED (without full auth)

"General status: [in transit/delivery scheduled]. Full details after identity verification."

TPL-CIV-THIRD (third-party consent)

"As a third party, action [X] requires buyer authorization. Consent email sent. [SLA] delay."

Guardrail MIN-DISCLOSE-01

Block output containing address, phone, amount, full name shipping until disclose_tier allows.

Guardrail NO-CONFIRM-FAIL-01

Auth fail: "Information mismatch. Check and try again or contact us from the order email." Never "order not found".

Bot touchpoints

  • Widget chat pre-auth role chip every session

  • Logged-in customer badge skip auth banner

  • Sensitive action keywords trigger IV-3 step-up auto

  • Handoff Gorgias payload auth_level role proof

TPL-CIV-DENY fraud

"Verification inconclusive. Contact us from the email used for the order." No order existence hint.

TPL-CIV-OTP (step-up level 3)

"6-digit code sent to the order email. Valid for 10 minutes. Enter it to confirm your identity before this sensitive action."

Which third-party, gift, and fraud cases should be processed?

Special bot identity cases require routing subdomain or escalation.

Executive assistant third

bot_civ_role_third + preapproved_contact N : TPL-CIV-THIRD consent. WISMO limited until approve.

Gift recipient

bot_civ_role_recipient : handoff GFTRTN-BOT #460 auth zip no price. Not full buyer disclose.

Guest buyer self

bot_civ_role_buyer guest : GORD-BOT #442 after IV-5 L1 pass. Not account password ask.

Fraud brute force

3 auth fail 15 min : AUTH-FAIL throttle block session. Route fraud orders.

GDPR data request

Third requests all data : deny route GDPR #101 buyer only.

High value order

Order > threshold : +1 auth level refund handoff agent mandatory IV-6.

Phishing pattern

Urgent refund threat : security #121 escalate no action bot.

Context transfer handoff

Transfer context : IV-8 payload auth proof agent continues no re-ask.

B2B account pre-approved

Wholesale verified contacts : TPO-MAP B2B row skip consumer civ path pre-approved buyer company.

Same household spouse limited

TPO-MAP optional zip match same address : L1 tracking disclose without full consent if legal approved.

Which civ_bot KPIs should be measured?

The identity verification bot KPIs link auth success, zero over-disclose, and auto-resolve.

Eight key metrics

  • civ_bot_session_rate: bot_civ sessions / 100 support chats

  • civ_bot_auth_success_rate: auth achieved required / attempts

  • civ_bot_auto_resolve: resolved post-auth without agent / sessions

  • civ_bot_over_disclose: PII before auth incidents (target 0)

  • civ_bot_under_auth: sensitive action without level (target 0)

  • civ_bot_consent_trigger_rate: third consent sent / third sessions

  • civ_bot_fraud_block_rate: throttle fraud handoff / sessions

  • civ_bot_csat: satisfaction post session verified path

DTC premium benchmark

civ_bot_auth_success_rate 82-90%, civ_bot_over_disclose 0, civ_bot_under_auth 0, civ_bot_csat > 4.3/5.

Weekly security ops dashboard

Role breakdown, auth funnel L1 L2 L3, over_disclose incidents, third consent approve rate, handoff reason.

Quarterly red team

Simulated third-party fraud attempts verify civ_bot_over_disclose and under_auth zero.

civ_bot_auth funnel drop-off

Track L1 pass L2 fail L3 abandon optimize TPL-CIV-AUTH copy reduce friction legitimate buyers.

Segmentation by caller_role

Dashboard civ_bot_auth_success_rate buyer vs third vs recipient optimize TPL per role.

Which identity bot anti-patterns should be avoided?

Twelve identity verification bot anti-patterns to banish from production.

1. Address before auth

MIN-DISCLOSE-01 block. IV-5 before tier disclose.

2. Refund promise pre-OTP

Rule 4 step-up L3 refund.

3. Skip IV-2 role

Rule 1 role before PII.

4. Third deny only

Rule 5 TPL-CIV-THIRD consent path.

5. Confirm order on fail

NO-CONFIRM-FAIL-01 fraud leak.

6. LLM full order context pre-auth

Sanitize pipeline IV-4 mandatory.

7. Same auth all actions

AUTH-MAP per action not one-size.

8. Ignore logged-in session

Rule 7 customer badge bypass.

9. Accusatory tone verify

Explain protect client empathy.

10. Handoff empty payload

Rule 8 auth proof agent.

11. Recipient full buyer access

Route #460 gift limited.

12. Skip fraud throttle

3 fail block 15 min mandatory.

13. Multi-order email ambiguity

Same email multiple orders : bot ask order# disambiguation before disclose never list all orders pre-auth.

14. List all orders pre-auth

Never enumerate orders linked to email before order# match. Ask disambiguation order# only.

How does Qstomy implement CIV-BOT?

Qstomy on Shopify runs CIV-BOT: IV-2 role classifier, AUTH-MAP TPO-MAP lookup, tiered API sanitize, OTP step-up, TPO-CONSENT trigger, MIN-DISCLOSE guardrail, logged-in customer bypass, handoff payload auth proof.

Qstomy civ bot capabilities

  • civ_role_classifier: buyer third recipient

  • civ_auth_map_lookup: action level disclose tier

  • civ_api_sanitize: PII strip pre-auth

  • civ_otp_step_up: L3 sensitive actions

  • civ_consent_trigger: TPO email buyer

  • civ_min_disclose_guard: block address amount

Pipeline #462 #122 #461 subdomain bots

#462 CIV gate. #122 AUTH policy source. #461 TPO third rules. GORD #442 GFTRTN #460 post-auth route.

Encrypted DTC scenario

Premium luxury, 280 civ bot sessions/month, 22% over-disclose under-auth baseline.

After CIV-BOT-SUP + Qstomy: civ_bot_auth_success_rate 88%, civ_bot_over_disclose 0, civ_bot_auto_resolve 64%, civ_bot_csat 4.6/5.

Explore customer support and request a demo.

AI security governance

IV-8 logs feed AI governance (#124) monthly civ_bot_over_disclose red team.

Weekly civ compliance audit

Sample 25 sessions regex PII before auth_level_achieved pass zero tolerance.

What is the checklist for deploying CIV-BOT?

CIV-BOT Checklist (12 steps)

  1. Validate AUTH-MAP #122 action auth levels

  2. Sync TPO-MAP #461 third disclose consent

  3. Draft policy CIV-BOT-SUP 8 rules

  4. Deploy 12 intents bot_civ_* classifier

  5. Implement IV-1 to IV-8 + guardrails MIN-DISCLOSE NO-CONFIRM-FAIL

  6. API sanitize pipeline tiered disclose

  7. OTP L3 sensitive actions + throttle fraud

  8. TPL-CIV-* templates + TPO-CONSENT integration

  9. Logged-in customer bypass Shopify widget

  10. Test 8 scenarios: buyer L1, L2 step-up, L3 OTP, third consent, recipient gift, fraud block, logged-in bypass, handoff payload

  11. Dashboard KPI civ_bot + red team quarterly

  12. Route subdomain bots post-auth GORD GFTRTN returns

Summary

  • #462 = bot identity gate, not auth execute alone

  • Role before PII: IV-2 mandatory

  • Minimal disclose: default until auth pass

  • Third consent: not deny only

  • KPI civ_bot_over_disclose: target 0

FAQ

Can the bot issue refunds after auth?
CIV-BOT qualifies L3. Refund execution by agent or returns bot post-handoff policy.

Difference with #122?
#122 human auth policy. #462 bot automation gate step-up.

Difference with #461?
#461 TPO agents execute. #462 bot classify consent trigger.

Third party blocked flat out?
Forbidden. TPL-CIV-THIRD consent path mandatory.

Logged-in customer?
Logged-in bypass IV-2 skips redundant implicit L2 auth.

Go further

This week: sync AUTH-MAP TPO-MAP into bot RAG, deploy API sanitize pipeline, activate IV-2 role classifier, test MIN-DISCLOSE guardrail with 20 scenarios, configure OTP L3 refund, launch civ_bot_over_disclose zero-tolerance dashboard.

Share this #462 guide with bot ops and security: one pre-auth API sanitize is worth ten address leaks by LLM context leak, one third-party consent path is worth twenty legitimate assistants blocked without a structured alternative.

Go-live bot test matrix

8 scenarios sign-off: buyer L1 tracking, L2 items, L3 refund OTP, third consent, recipient gift route, fraud throttle, logged-in bypass, over-disclose block test.

Post-deploy monitoring

First 14 days: daily civ_bot_over_disclose audit, auth funnel review, third consent approve rate, handoff reason taxonomy update.

Enzo

July 1, 2026

Convert over 2,000 customers on average per month with Qstomy.

The world’s 1st Shopify AI dedicated to customer conversion

Empowering 200+ e-commerce merchants

Subscribe to the newsletter and get a personalized e-book!

No-code solution, no technical knowledge required. AI trained on your e-shop and non-intrusive.

*Unsubscribe at any time. We do not send spam.

Subscribe to the newsletter and get a personalized e-book!

No-code solution, no technical knowledge required. AI trained on your e-shop and non-intrusive.

*Unsubscribe at any time. We do not send spam.