Skip to content

A software company, a bank and a telco walk into a bar … (Part 1)

March 11, 2016

little-girl-talking-on-phone“I am pleased to inform that we are running an EXCLUSE Black Friday promotion where I can help you upgrade … Would appreciate if you could let me know a convenient time to speak with you with a call back number.”

This is an excerpt from an email I received that appeared to come from a representative at an existing supplier, offering me a discount to upgrade to a new software package. To save embarrassment, I won’t name the company or individual behind it.

The email was riddled with spelling errors and poor grammar, and there were no contact details provided for the sender. Given the number of spam emails I have to deal with every day, I suspected that it might not be legitimate.

After investigation, it turned out that the email was legitimate – and it’s a great illustration of the difficulty companies are facing as they increasingly automate or outsource their engagements with their customer base. I am an existing subscriber, so there was every opportunity for the sender to demonstrate they knew a lot more about me than just my name and email address.

The problem was further compounded by the supplier automatically renewing my software subscription a few days later without my consent, and without giving me the opportunity to apply for the special discounted price that was offered to me in the dodgy email. (It’s another story, but I did get that discount in the end.)

Then, a few months later I received two calls on the same day purporting to be from one of my financial services providers and from my telco. I’ve had a relationship with each of these suppliers that dates back well over a decade, but each call ended in a stalemate.

Despite calling me, both the bank and the telco wanted to know that they were talking to the right person. To do that, both asked me to verify who I was by giving them my date of birth.

My response to each of these callers was: why should I give you private information about me? How do I know who you are?

Now, we live in a world where phishing scams, identity theft and hacking have become increasingly sophisticated. In fact, social engineering – such as asking people for their personal information – has become one of the most effective ways to crack security (read John McAfee ‘joking’ recently that he will use social engineering to help the FBI hack into a dead terrorist’s Apple iPhone).

I raised my concerns with both the bank and the telco. No response at all from the bank (typical), but I did have an interesting conversation with the telco. They had no record of the call, so it could have been malicious. I was also told that they only ask for personal information in exceptional circumstances. When I pushed, it turns out that’s any time that they need to confirm the identity of the person at the other end of the line.

When I explained to the telco’s customer service rep that the practices they are using is normalising insecure behaviour and making it easier for its customers to be compromised, my feedback fell on deaf ears.

So why are these companies persisting with insecure sales and marketing practices? In this digital age, face-to-face and human interactions are being driven down to reduce the costs of customer service. However, that has left companies with fewer opportunities to differentiate themselves from their competition, and for cross-selling and up-selling … but more on that in Part 2 coming soon ….

In the meantime, I’ve got a simple solution that will solve the problem when my bank or telco calls me in the future. If you want to find out, give me a call. 🙂

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: