Feeds

OK, so we paid a bill late, but did BT have to do this?

Just between us, they told everybody...

Remote control for virtualized desktops

Opinion One of the pains of running a business is billing and cash collection, especially if your customers are big. It really doesn’t matter what you put on the quote or the invoice, they pretty much pay you when they feel like it, and 60 days is usually the quickest if you’re lucky. In effect, SMBs act in aggregate as an unwilling source of free cash for large enterprises, and there’s very little you can do about it.

But what about the other way around? When BT sends us an invoice, they want it paid within 14 days. And being principled about these things, the person that runs our accounts has dutifully sent a cheque on or about the due date for the past several years. For the latest BT invoice, though, what with holidays and other things going on, last month, they hadn’t paid the bill by the day it was due.

So what would you expect to happen? The usual routine when collecting money is to send some kind of reminder or call the accounts payable department and sweet-talk someone so your cheque gets cut in the not too distant future. You might therefore think that an obvious thing to do would be for BT to send an email to the registered contact person for the account.

What actually happened was on the day payment was due, in the words of my non-technical colleague “I have had this threatening message come up in my browser, and it won’t go away. I think I might have a virus”.

Here is what they saw (click to enlarge slightly):

Now you probably do as we do and drum into non-technical users that they should never click on links and buttons appearing in unsolicited messages or on anything that pops up unexpectedly, no matter how authentic things might look. And this seemed even more suspicious given the number of spam calls we get that start with the question “Can I speak with the person that looks after your BT account?”

Suspecting scam or spam, the user did the right thing and called BT to check what was going on. In the meantime, everyone else on the network had their internet connectivity blocked with the same persistent message appearing in their browser.

And remember, this was on the day the bill was due – it wasn’t even overdue yet!

As suspicious as it gets?

It was at this point that I entered, and took over the call to BT. The agent explained that this was BT’s way of reminding us to pay, and that the user should have known this was authentic because it had our customer reference in the top right hand corner. I have blanked out that reference on the above image because it is actually the login ID entered into the router to authenticate the DSL connection. The format is c999999@hg99.btclick.com, which is not going to be meaningful to a non-technical person. And as our user pointed out, a link labelled “Is this page authentic?” is probably as suspicious as it gets.

The BT agent told me to just click on the ‘Yes’ button and acknowledge the next message that pops up which highlights that payment has not been received, and that would remove the suspension. After that, everything was back to normal and the team here was back online.

Use of alerts that mimic malware behaviour is not helpful

As a result of this episode, I donned my industry analyst cap and contacted BT. As part of an extended conversation over the following couple of weeks with one of the senior managers responsible for ‘customer experience’, we discussed the following concerns:

Use of alerts that mimic malware behaviour is not helpful. Even if we accept this as a legitimate reminder mechanism, telling users that they can make an exception in the case of such messages from BT runs the risk of confusing them and encouraging assumptions to be made in other situations.

The indiscriminate nature of the reminders could easily cause embarrassment. The message pops up on the screen of every user that has a browser open on the local network. The business owner may not be comfortable having accounts-payable matters pushed into the face of every employee. And what if someone is sitting shoulder to shoulder with a customer when the threatening message appears?

The tactic appears to be quite heavy-handed, especially as the alert appears on the day payment is due. Such tactics for persistent, extreme late payers might arguably be more justifiable, but it seems excessive as a routine part of the cash collection process.

During my discussions with BT, I agreed not to publish any of the specific responses that were provided to me. What I can say is that time was taken within the BT team to understand my concerns and there appeared to be a will to do the ‘right thing’. I can’t say any more, other than that there is still a question-mark over what the ‘right thing’ translates to in terms of changes in policy or behaviour, if any. However, I agreed to provide the BT guys a link to this article so they can respond in their own words.

In the meantime, given that BT is in a unique position to use this kind of alerting mechanism, I would be interested in the views of Reg readers on things the BT customer experience team should think about as it further considers what’s appropriate in this area. ®

Bootnote

BT have been in touch with us, and given the following statement:

“As Dale Vile says at the end of his article we appreciated the feedback and were keen to understand the concerns, and we are changing a number of things as a result.

“The on screen reminder is only one of several reminder mechanisms we use with our non-direct debit customers including letters, emails and calls. It’s certainly not our intention to cause embarrassment or raise any security concerns and therefore we are changing the actual message and are making the procedures to validate it much simpler and effective.

"We would also like to make it clear that BT is committed to ensuring that all our dealings with suppliers – from selection and consultation, to recognition and payment – are conducted in accordance with the principles of fair and ethical trading – this is stated in our policy statement ‘The Way We Work’. We are also a signatory to the UK Government’s ‘Prompt Payment Code’.”

Intelligent flash storage arrays

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.