A Refund Is Not a CSAT Win. It Is a Compliance Event.

Containment is good. Self-service is the goal. The danger is what happens when nobody governs what the AI is allowed to do.

The quarterly contact center review tells a clean story. Containment is up. Cost per contact is down. CSAT held steady. The AI is deflecting more tickets than ever, and every one it closes without a human gets logged as a win.

Now look closely at one of those wins. A customer asked for a refund. The bot issued it. No human touched it, the ticket closed, containment ticked up. Except the bot never verified the cardholder, never ran the refund back through the original authorization, and never wrote a clean record of what it did. That was not a CSAT win. That was a compliance event with a smiley face on it.

First, what this is not

Before going further, be clear about what this argument is not. It is not a case against self-service. Digital self-service is good. It is faster for the customer, who does not want to wait on hold, and cheaper for the business, which does not want to staff every routine request. Letting people resolve their own issue without a queue is the goal, not the problem. Containment is a perfectly reasonable number to want to grow.

The argument is narrower than that. Something changes when the self-service experience becomes AI-powered, and most containment dashboards have not caught up to it.

What changes when self-service gets a brain

Old self-service was deterministic. A web form, a fixed phone menu, a rules engine. It could only ever do the specific things it was built to do, in the order it was built to do them. If it was not built to issue a refund without a verification step, it could not issue one.

AI-powered self-service is different in kind. It interprets, it improvises, and increasingly it acts. The same flexibility that makes it feel helpful and human is exactly what lets it step outside the script. Containment used to mean a customer completed a path you pre-approved. Now it can mean the AI did something nobody pre-approved, and the dashboard still counted it as a resolution.

A refund only looks like one action

Take the refund, because it looks deceptively simple. To a containment metric it is a single event: money back, ticket closed. To a regulator it is a chain.

A card refund is not just a reversal. Visa requires a new authorization on the original card for a return, which lets the issuer validate the cardholder account and decline a potentially fraudulent card; if the refund is issued without that authorization, the merchant carries the liability for the disputed transaction. The card data in play sits inside PCI DSS scope, where the controls are mandatory and non-compliance carries fines. In financial services the same interaction can require identity verification and fraud screening before any money should move. And each of these steps is supposed to be logged, because the log is what you produce when someone later asks what happened.

A bot that issues the refund but skips the verification, or handles the card data outside scope, or never writes the log, did not resolve a ticket. It manufactured exposure. Containment scored it as a success. An auditor scores it as a finding.

Here is why the gap stays invisible. The win shows up immediately, on the dashboard, the day it happens. The failure shows up later, as a chargeback, a complaint, or an audit question, disconnected from the interaction that caused it. The metric and the risk never meet in the same room. Somebody is celebrating the number while somebody else, usually in a different function, will one day have to answer for it.

This is not hypothetical

In February 2024 a tribunal held Air Canada liable after its website chatbot told a customer he could claim a bereavement fare retroactively, which contradicted the airline’s actual policy. Air Canada’s defense was that the chatbot was effectively a separate entity responsible for its own answers. The tribunal called that a remarkable submission and rejected it: the bot is part of the company’s website, and the company is responsible for what it says. The interaction was contained. No human was involved. That was the problem, not the achievement.

A year later, Cursor’s AI support bot invented a login policy that did not exist, told customers their accounts were limited to a single device, and set off a wave of public cancellations before the company corrected the record and refunded affected users. The incident is now logged in the AI Incident Database. Every one of those exchanges was a contained, automated resolution. Several were liabilities.

Keep the self-service. Change the scoreboard.

So the fix is not to retreat. Putting a human in front of every interaction throws away the value you built and the experience you promised the customer. The fix is to measure the right thing, and to enforce the rules underneath the thing you measure.

Replace containment-as-success with completion-as-success. Completion means the customer’s goal was actually achieved, within the rules, with a record. A contained interaction that did not complete compliantly is not a win you should be counting. It is a false positive, and you want it surfaced, not buried inside a metric that is trending up and to the right.

The way you get there is structural. Put a deterministic layer between the AI and your systems of record. Let the AI converse, interpret, and handle the parts that benefit from its flexibility. When the interaction reaches a regulated action, that layer enforces the verification, runs the steps in the required order, and writes the audit trail, every time, regardless of what the model decided in the moment. That is how you keep the containment number climbing and still survive the audit. The AI evaluates, the system executes within enforced rules, and humans govern. Self-service and compliance stop being a trade-off you have to choose between. We made the full case for that split in our earlier piece on the axiom.

The bots are already closing tickets

Containment is not the risk. Ungoverned containment is. The number on your dashboard is not wrong, it is incomplete, and it stays incomplete until you can prove that every interaction it counts also finished inside the rules.

The bots are already resolving tickets at a scale no human team could match. The only question left is whether anyone can prove how.

Take the five questions from our earlier piece to your own self-service flows, or book a 30-minute governance review and we will run them against the workflows your AI already touches.

Sources

Facebook
Twitter
LinkedIn

Get the latest content straight to your inbox.

Callvu How Customers Feel About AI in Customer Service CX Research

How will customers feel about AI in your customer service?

Many companies are rushing to offer AI assistants and other AI-powered tools in their customer service. But are consumers ready?

Callvu How Customers Feel About AI in Customer Service CX Research

How will customers feel about AI in your customer service?