I got an interesting call last week. The vice president in charge of public relations from Circles gave me a call. Circles is the company that provides concierge services for American Express.
A number of their current and former employees have commented here at Productivity501 and one revealed what Circles considered to be proprietary confidential password from their client, American Express. The VP of PR asked that I remove the password.
Me: I vaguely remember a comment that had some type of access code in it, but it just looked like a telephone number. Is that what we are talking about?
Circles Public Relations: It has the same number of digits as a telephone number, but it is a password that shouldn’t be public.
Being such a nice guy and sensitive to the difficulties of being a PR professional in the the modern online world, I offered to remove this sensitive information. After I got off the phone, I started wondering why in the world they would call to ask me to remove the “password” instead of just changing it. When I got back to my computer, I started to replace the number with X’s and then decided to try something. I typed the “password” into my phone and sure enough, it was one of the many telephone numbers for American Express. (I’m assuming that people who have the number on their card are authorized to use it.)
I called the public relations person back to let her know that I had removed the offending telephone number. I pointed out that, if she was really concerned about it being a security issue, they should change the password instead of trying to get every place it is published on the web to take it down. (It is published all over the web.) I also suggested that they should use something a bit more secure than a phone number.
She didn’t seem interested in my free security advice, so I assume her public relations concern had more to do with the fact that the “super secret password” was coming from a former employee rather than coming from any concern for actual security. The “password” is probably set by American Express and her concern is more to make sure Circles isn’t giving away any “confidential” information that came from their biggest client.
Before I said goodbye, I thought I should take advantage of the fact that I had a high-level person from Circles on the phone and ask how to get the most productive use out of the concierge service they provide for American Express.
Me: While I’ve got you on the phone, I have a question about Circles. My experience with the American Express concierge service has been all over the place. Sometimes I get incredibly great service, other times it is extremely lacking. Do you have any tips for making the most of using Circle’s concierges?
Circles Public Relations: I really can’t comment on that.
I thanked her and said goodbye. After disconnecting the call, I had to laugh. Maybe she has some type of agreement with American Express not to discuss the concierge service. Who knows. But here is a little business secret. If someone asks how to get the most from your company’s services, “no comment” is a horrible reply. It is particularly horrible when coming from the person responsible for public relations and it is even worse when given to the owner of a web page about your company that is in the top results on Google. (It isn’t quite as bad as United’s handling of a broken guitar.)
I had a similar experience with UPS a week or so ago.
I received an supposed ‘survey’ from UPS via email. I am a UPS customer, so I thought it might be legit, particularly since I had recently shipped something with them via one of their UPS Stores.
However, when I went to the accompanying website to fill out the survey, one of the questions asked for my account number.
I thought that was odd at best, phishy at worst – so I called them.
The UPS customer support representative seemed unconcerned. She kept telling me to simply delete the email. I asked if they had a department that dealt with fraud or phishing schemes. She gave me a different number to call.
I called that number, gave them my information, but no one asked me to forward them the questionable email, provide the website address, etc. No one seemed concerned.
I have a tendency to reflect customer service. If a company goes out of their way with good customer service, I’ll bend over backwards to do business with them. But if a company seems unconcerned, apathetic or simply annoyed by my phone call, why should I bother trying to do anything that benefits them? If you don’t care – why should I? Customer service is a two-way street.
You’d think that they might be concerned about people giving out their account number. UPS is a very different company. I’ve had some experiences with them that were dumbfounding. They have all these rules about who is allowed to interface with their API to lookup costs. Basically, they won’t let you use it to lookup rates and print labels if you offer to let customers ship things by FedEx or USPS–even though UPS can’t deliver to post office boxes.
Their default policy seems to be “what can we get away with” instead of “how can we work well with our customers”. And the funny thing is that their sales people come in and talk all nice and sweet about how they want to partner with you. It sounds great until you try to actually use them as a business partner.
I enjoyed this story and posted it to my FB page. I’ve become a big fan of Charlie Munger (the lesser known partner of Bershire Hathaway) who talks about the importance of knowing incentives to understand behavior. This is a telling example of the relationship between AmEx and Circles! Thanks for sharing.