BECU.org invites members to report their travel to help alleviate problems with remote card purchases.
However, the signup page includes this section that leaves a customer knowing what to do. The BECU site uses “dates” and “date” above the form. Which is it? Are the two fields for two departure dates (suggested by “dates” or is the second one for a return date (suggested by “date”?
This is an example of bad user interface that confuses and frustrates a customer — and likely leads to phone calls for clarification.
Part of customer service these days is to accomodate customers. Seems like a no-brainer. Walgreen’s, however, has moved into the wonky concept of customer service when it comes to unsubscribing from email promotions.
I’ve unsubscribed several times over the past several weeks. And I still get their emails. The second to last time I tried to unsubscribe I got a message that my email address was not in the database. See image below.
Even though not in the database, I’m still getting emails. On January 8, 2021, I try again, and now I get a page to unsubscribe where the unsubscribe button is grayed out, meaning the button is not active.
Walgreen’s concept of customer service is wonky, to say the least. My option now is to start a) marking all emails from Walgreens as spam, hoping Walgreens’ email server gets blacklisted or b) make daily visits to the manager of the local Walgreens so that he or she can get on the phone with the corporate office. Oh, I guess there is one other option in Washington State: sue Walgreens for non-compliance with the unsolicted email law.
Update 2020-01-14: Called Walgreen’s customerNONservice again today and asked to talk with the IT department. Said they would have to have someone call me back. I gave my number and guess who called? A Walgreen’s Customer Service Robot! I guess that is the definitive action that Walgreen’s sees customers as impersonal money machines.
The Washington State Employment Security Department seems to excel not only in losing money to fraudsters, but also in the ability to withhold pertinent information to claimants. Consider this recent determination letter a claimant got. The word “decision” is used several times in the letter. Yet the claimant has no idea what the decision is.
Further, the letter states there is a “summary table” at the end of the letter. No such table exists.
Clearly, ESD has communication problems that generates confusion and more phone calls.
How many times do we consumers sit through a barrage of security questions by banks and other institutions to confirm our identity? BECU (Boeing Employees Credit Union) forces a person to answer at least four questions (credit card number plus three other ID questions) before they will ever talk to you about your credit card. They claim all these questions are for my security.
BECU even puts in a blog security tips, such as this one from 2020-10-27 from BECU’s own security officer.
Note the caution about using public WiFi access points and being in public with your credit card number. Mr. Murphy provides good advice.
However, would you hire Sean Murphy for your security officer when the same Credit Union invites a person to send the full card number, full name, phone, and email address by unencrypted email?
That’s just what BECU offers when disputing a credit card charge. On the BECU website is a PDF form used for disputes. At the bottom of the form there is an email address you can send the completed form (and other documents) to, presumably after you have scanned or saved the form into a PDF.
Not only does BECU say you can send the information by unencrypted email, BECU also wants the card holder to send to a non-BECU domain name with no explanation of who is receiving it.
When the phone representatives were asked why BECU is inviting card holders to send sensitive information by unencrypted email, the representatives explained that “the email goes straight to the right deapartment.” This kind of financial bullshit hides the issues that a) the email is sent without encryption and b) that the unencrypted email could be snagged by by someone as it is passes through any number of mail servers, and c) that someone could break into the email account of the sender and find the unencrypted information in the sent folder.
The Payment Card Industry Data Security Standard (PCI DSS) 4.2 states: “Never send unencrypted PANs by end user messaging technologies.”
The PCI Security Standards Council (SSC) defines “cardholder data” as the full Primary Account Number (PAN — Credit Card number) or the full PAN along with any of the following elements:
Cardholder name Expiration date Service code
Look at the BECU form. It wants the full 16-digit account number AND the cardholder name. Clearly, the form is collecting “cardholder data” and more.
Many institutions clearly advise against and forbid sending and receiving credit card information by email. See the very small list below.
BECU and Sean Murphy should adopt the same security procedures that nearly all institutions adopt regarding credit card information by email. Not doing so demonstrates the hypocritical contradiction in their security procedures.
