Blink Goes Your Credit

A number of credit card companies have started embedding RFID (radio frequency) chips in credit cards so they can be read over the air without having to swipe the cards at a terminal. The advantage to these credit card companies is that paying with a credit card becomes faster.

The risk to individuals is that your private information usually retained on the card may now be transmitted over the air and readable by someone with the right technology. Some banks encrypt the data. Some don't. You can read more about the risk here and here. Some people like the technology. Some don't. I don't want it in my credit card.

Citibank makes RFID an option for its customers. You have to specifically request the technology if you are comfortable with it.

What does Chase bank do with it's Blink branded RFID chip? It ships it without your request when your card is up for renewal. Chase includes a pamphlet that says the card now has 'blink!'. I bet that many Chase customers don't know they have Blink and don't know what it does.

Would Chase make a customer whole if someone stole their id off a Blink card and used their credit? I'm not waiting to find out.

If Chase doesn't replace my credit card with a non-Blink version, I'll resort to a drill or punch press to get that chip out. Click on the image below for a video on how one guy removed his RFID chip from his credit card.



Chase is a company acting badly for assuming I want technology in my wallet that is broadcasting my credit card information.

Boo to Dotblu

I've recently received two emails like the one in this image:



They both imply that there's some secret important message from a trusted source just awaiting my signing up for their service. Both of my friends who sent them, indicated that they were unaware until too late that Dotblu had retrieved their entire address book and sent this message.

Why did my friends sign up? They were trying to read a "private message" stored at Dotblu that one of their friends had sent. Sound like automated 'chain mail'?

It gets messier if you should click through... don't! Just delete.
(click to enlarge)



What happened to the secret message? Now there's some gift awaiting me. Here's where my friends got in trouble and should have hit manual instead of their address book (click to enlarge).



If you should happen to sign up (don't!) you will get this page.



The gift? A digital image of a cheap car that's not yet for sale to use on your profile at a site you never heard of before.

No mention of a private message from your friend. And if you click on the envelope icon...



That's right. What started as an email telling you to retrieve a private message from a trusted friend has you sign up at a betting site and there's no email to be found. Boo to Dotblu. Another Company Acting Badly.

Countrywide - Not On Your Side

Let's see if I'm on this list...

Countrywide's IT security was so loose that an employee was able to take 20,000 customer records off-site each week for two years and sell that data. That's roughly 2 million + customers whose identity is at risk. You can read more about the story here and here.

What's Countrywide's response? Per the article: "Countrywide, which is now a division of Bank of America, is analyzing the stolen data to determine whether any customer identities have been compromised. If they have, the company says it will notify the customers, according to a statement from the FBI."

Now that's priceless. Same shxx different company.

How will Countrywide know if the most recent credit card was taken out by me or someone pretending to be me? Instead of notifying all 2 million customers that due to Countrywide's lack of controls their identity is at risk, Countrywide will make a sole analysis and determination of who gets informed.

No Labor at Work in New York

Tried again to reach the folks at the New York State Unemployment office. Same deal. Six plus minutes of working through menus to then be hung up on.

NY State - No labor

I am currently collecting unemployment benefits from the state of New York and had a question on a recent claim I submitted. The question had a simple yes/no answer. One of their reps should be able to answer it in under 30 seconds. I had checked the website (where I posted the claim) and could not find the answer.

On the website was posted the number to call. Like so many other entities I was routed through a VRU with enter this and press that, all the while encouraging me to go to the website or get an automated response. Having been through the website, I need a human to answer my question. Finally after 6 minutes I hit the option for a person and what did I hear...

"All of our specialists are busy helping other customers, please call back later at another time". And then the phone hung up. They hung up on me. I'm their customer and they hung up?

A normal customer focused organization would post a message like "We are experiencing heavy call volume at this time, please remain on the line to retain your place in line" or "We are experiencing extended wait time in excess of 15 minutes, please remain on the line or call back during regular business hours". Something to give a customer a choice.

But no... in New York State's Department of Labor we just hang up on you. Automated like.

Here's the history of my attempt to reach a human:

• Called 1-888-209-8124
• Listened to welcome message

• Listened to Options
• Pressed 1 for English

• Extended benefits message played

• Listened to Options
• Pressed 9 for Main Menu

• Listened to Options
• Pressed 4 for question on claim already filed

• Website advertisement played
• Phone rings
• EEO message played

• Entered my SSN
• Pressed 1 to validate SSN
• Entered my PIN

• Claim status message played
• Website and call center advertisement played
• "Remain on line for additional options" message played

• Listened to Options
• Pressed 4 for other questions

• Listened to Options
• Pressed 2 for question on weekly benefits

• Website and call center advertisement played
• Processing claim message played

• Listened to Options
• Pressed 3 to ask a question

..... and then i heard something like .....

"Please hold. We're sorry we are experiencing a high volume of calls at this time and all specialists are helping other customers." Then the website and call center advertisement played once again (4th time on the call). Then it told me to call back later and the New York State Department of Labor hung up.

After listening to 10 messages/advertisements and 6 options of what numbers to press, they hung up.

The New York State Department of Labor Commissioner is M. Patricia Smith. Perhaps the M is in 'My People Won't Answer the Phone'.

B&B - no Imperative

On Saturday I received this letter from my insurance broker, Brown & Brown of Delaware. Brown & Brown bought the business from Chase Insurance and fronts for AIG who provides the insurance.

You would think if an insurance carrier is going to drop a client, and a broker feels "It is imperative that the carrier receives your payment so that your coverage is not in jeopardy" that they would've called to find out what happened to the payment.

In my case, it should've been a direct debit but who knows what happened.

What I do know is that my broker, Brown & Brown, sent a letter on July 9th stating that payment needed to be received by July 11th. The letter arrived on July 12th.

What I do know is that my broker never called on the 9th when they sent and signed the letter. They've got my home number and cell phone. Both phones have voicemail. If they had reached me on the 9th, I could have FedEx'd the payment in time to arrive on the 11th.

What I do know is that in a few minutes I had an online quote from GEICO that was significantly less than Brown & Brown. I followed it up with a call to GEICO to answer some questions and in less than an hour I had insurance forms in my email.

What I do now know is that GEICO accepted a credit card for the payment (points!) and that it is now on recurring payment so that my card will be automatically billed on renewal.

The contrast between Brown & Brown and GEICO is striking. GEICO now has a new fan and loyal customer.

Brown & Brown could take some lessons on customer experience and may need to update it's website boast from "At Brown & Brown, we know that we must be as agile as the cheetah in order to thrive in the competitive insurance environment" to "At Brown & Brown, we know that as Ostriches with our heads in the sand our customer is on his own in this environment".

iPod unTouched

Earlier this year I bought the Apple iPod Touch. Wonderful device that handles my calendar, contacts, music, web access and so much more.

Apple recently announced an upgrade to its iPhone and iPod Touch products, software version 2.0 that would allow you to load new applications (from third parties) to run on the devices. Apple also announced an upgrade to iTunes to v7.7 that would allow you to search, purchase the applications and load them onto your PC.

Today, timed to coincide with the worldwide launch of Apple's iPhone 3G, Apple released iTunes 7.7 and iPhone / Touch software 2.0. Like thousands of others I upgraded to iTunes 7.7 and searched the iTunes application directory and found many applications that I liked and downloaded them to my PC.

Here's my new iTunes 7.7 with 15 applications ready to upload to my Touch.



The problem is that Apples servers were so overloaded with iPhone 3G activations and issues that the 2.0 software upgrade looped, failed, dropped. iTunes at times recognized that my iPod Touch could be upgraded but would put me in an endless loop of "Learning More" and needing an upgrade. After 14 hours of trying today, I have new applications that I cannot use as iTunes is failing.

Here's the screen acknowledging that an upgrade is available:



Here's the beginning of the loop that went back to the screen above:



Occasionally, I would get this message that implied that my connection was at fault when Apple's network was having issues:



After reading some blogs and news reports, it looks like thousands of people got nailed today by Apple. At least I wasn't nailed like the iPhone owners whose phones started the upgrade, didn't finish and now they don't have a working cell phone.

Here are some related articles of others feeling the pain:

• CNN
• Fortune
• CNET News
  
• Information Week
• Boston.com
  

Unfortunately for Apple, we now have a new lexicon including: iPocalypse and iBrick.

Usually Apple gets its product launches right. Maybe next time they will stagger the launch so that new phone activations start on a certain day and upgrades to the new software start on another day. For over-promising and under-delivering, Apple and it's load capacity honchos joined the ranks of Companies Acting Badly.

Citi - So Bold

I have been a customer of Citibank's for almost 20 years. In that time, Citi has gone through a few CEOs and most recently appointed Vikram Pandit to lead the company.

Last month I received the following email from Vik:



By this mindless waste of time, customer SPAM delivered under the name of the CEO, Citi is my latest Company Acting Badly:

1. Vik wants me to "be among the first to know" of the new things Citi is doing. Do I feel special? No. Any friend I have who banks online with Citi received the same email.

2. Vik wants me to know of "the bold steps ... at Citi". Were there any of these bold steps in his email? No. Have I received another email, letter or call from Citi in almost 50 days of these bold steps? No. Do these bold steps exist?

3. His commitment is "create an experience in which services are seemless". Since Vik sent this via email, how about he starts with Citibank online. Why do I have a different experience if I log into Citibank.com and Citicards.com?

How can a company as large as Citi set up customer expectations for some Bold new steps and not deliver? Did Mr. Pandit even read the email that went out under his name or did some lawyer water it down to be utterly meaningless?

Since Citi named Vikram Pandit as its CEO on December 10th, the stock has fallen some 51% from $34.77 to $16.76 as of June 30th. You can see the stock chart here.

Updated 11/14/08: here

BNY Mellon - The Spark

Yesterday, June 21st, 2008, I received this letter from BNY Mellon. It is the latest reason and spark for starting this blog.

In short BNY (formerly Bank of New York) acts as a supplier of services to JPMorganChase (my former employer). BNY lost a storage tape in transit with my employee information including my Social Security Number (SSN). Sound familiar? Were they working with IBM?

BNY is notifying me of the loss, apologizing and offering me some identity protection services. Sound reasonable?

It's not. Here's the stupidity behind BNY's lawyer crafted letter.

1. BNY found out about their loss of my identity information on Feb 27, 2008. Their letter notifying me arrived on June 21, 2008. That's a full 115 days or almost four months. No amount of internal hand wringing at BNY Mellon or Marketing/Legal spin can explain why a company would wait 4 months to notify someone of this loss. This demonstrated lack of concern for their customers ensures that I will never knowingly do business with BNY Mellon.

2. BNY's meaningless statement of "while we have no reason to believe your information has been or will be accessed or misused" raises a lot of questions. How do they know the intent of whomever now has the tape? Does BNY know who has it? How can they predict the future on what will happen to my identity information that they lost? How does BNY know that if in the past 115 days a credit card was taken out under my name that it was truly me? They don't. The statement is meaningless and meant to make me feel better when it only raises concerns on what BNY knows and doesn't know.

3. BNY is giving me 90 days to activate the identity protection service they recommend. That's nice - you take 115 days to notify me but I only have 90 days to activate. Shouldn't my time to decide on whether to use your service be as long as your time to decide to notify me?

4. BNY didn't encrypt their data. Simple stupidity that should result in the firing of their CIO. Sensitive data that is moving outside of a company's data center (in this case on a backup tape) should be encrypted so it would be of no value if it fell into the wrong person's hands. This is not rocket science but may be at BNY Mellon.

5. BNY Mellon is downplaying the loss. Their statement of "could not account for one of several boxes of backup tapes" while accurate is not forthcoming. Did they think I wouldn't Google: BNY Mellon data loss and find out that this story was covered in the press and that BNY Mellon had lost 6 - 10 tapes in that box covering 4.5 Million customers with their SSNs? Click here for the Google search.

6. BNY says in a note at the bottom that theft insurance doesn't apply in NY state. They blame it on a regulation and have no other option for New York state customers. That's the former Bank of New York telling customers of the former Chase Manhattan Bank that their protection doesn't apply in New York. Good thing I live in CT.
   

It turns out that this loss was widely reported in the press for BNY Mellon customers of other banks (not JPMorganChase). You can read an article on this Company Acting Badly at Reuters.

Is this stupidity by BNY Mellon a one time event? Read another article at Pittsburgh Tribune-Review and see.

It also appears that BNY Mellon has been extending it's identity monitoring service from 12 months to 24 months. If BNY really has no concern about what will happen to my identity info then why would they be adding more monitoring time? Click here to see where they extended the time for 1400 brokers at SAIC who's data was on one of those tapes.

SAIC put significant effort behind crafting a FAQ for its brokers that makes the comparison to BNY Mellon telling for a Company Acting Badly. See SAIC's FAQ here. They go so far as to recommend that individuals consider changing bank accounts used with BNY Mellon.

Redux - IBM & Intuit

The last two companies to lose my personal information were IBM and Intuit.

Intuit lost a laptop that contained my personal information and credit card used to purchase Turbo Tax at their website. Why Intuit would allow employees to download such sensitive information to a laptop is questionable. What's not questionable is that I no longer buy Turbo Tax from Intuit's site but buy it instead (cheaper) at BJ's.

IBM lost a data file with my employee information including my social security number (SSN). Why can't a multi billion dollar company with over 300,000 employees and a massive security team figure out how to encrypt data that went on a storage tape? Or did they just not care. I no longer work at IBM - hopefully they are more vigilant about former employee information than they were about active employees.

Welcome

I've been thinking about creating this blog for a while and finally got pushed over the limit by another company (that's three in three years) that has lost my personal information including my Social Security Number.

This blog will detail those dumb things that companies do that affect me in my life. Hopefully you will find this of interest, share a comment and not have to experience any of the same stupidity.