It happened again. Well actually, it happens all the time but I got inadvertently drawn into it again. I’m referring to this:
Totally secure! Not just “pretty” secure or “really” secure but totally secure! I need to learn how to do that.
Now this was in response to the following tweet:
This is a familiar banter; a concerned customer raises a valid point about the technical implementation of a system and they’re brushed off by a customer care Oompa Loompa with a totally insufficient or incorrect response and then things escalate from there. It’s exactly what happened when Tesco did this a few months back:
That now infamous tweet has been retweeted over 2,000 times and the subsequent blog post read about 150,000 times. Bugger for Tesco.
The problem, of course, is that customer service folks are usually the coalface for the organisation’s social media presence are simply not equipped to provide technical responses and nor should they be expected to. But there are a few simple tips they could apply that would save them from spiralling into an unwinable online embarrassment.
1. Never get drawn into technical debates
Customer care attempting to justify technical positions is nothing more than bringing a knife to a gunfight. I’m generalising here because there are inevitably cases where technical people man the corporate Twitter feed but that doesn’t tend to happen in large organisations. In most cases, there are dedicated support folks who are trained specifically to deal with customers – that’s their expertise.
Take the Tesco example above; this is an entirely nonsensical statement and the reason it has been retweeted a couple of thousand times is because frankly, it makes them look stupid. It’s stupid to the point of being humorous.
But of course there shouldn’t be any expectation for the social media coalface of a large organisation to understand the intricacies of cryptographically secure password storage – that’s not what they’re there for. STEP AWAY FROM THE KEYBOARD! Customer care is highly unlikely to add any value to a discussion like this and can very easily turn a simple discussion between two people into a public embarrassment.
2. Never allow public debate to escalate
The exchange with wishgenie earlier on wasn’t the beginning of things, you have to go back a few days for that:
At this point, the customer posted on their public timeline and merely mentioned wishgenie and that was the extent of it. Unfortunately wishgenie was a little slow off the mark in responding which was the catalyst for a follow-up tweet. That in turn garnered support from a follower who also included me in the thread:
Unfortunately, because wishgenie wasn’t able to respond before the customer prompted them again, the whole thing escalated. Their earlier response about “all data on our system is totally secure” naturally escalated things even further.
3. Always take potentially volatile discussions off the public timeline
Let me share an exchange I had earlier this week with St. George bank:
See that? One simple response in less than 140 characters achieved the following:
- Showed a genuine concern for the problem I raised
- Gave me a means of making direct contact (they followed me to allow DMs)
- Didn’t make any public excuses or other assertions
- Took the discussion private so there’s no public sharing
That third point is particularly relevant as it’s what went wrong with both wishgenie and Tesco; they’ve both let themselves get drawn into a public debate which was then weighed in on by numerous other parties. Instead of immediately shutting the problem down (at least publicly), they both poured fuel on the fire.
4. Make technical people available (privately)
Customer care folks are not going to be able to adequately address issues of a technical nature such as the ones above. Now mind you, we’re not always talking about security, sometimes it’s about browser compatibility or performance or any other number of topics related to the technology domain.
The only way to properly address these concerns is to involve someone who actually understands them. In the Tesco case, if someone had privately contacted me and said “Look, here’s why things are as they are and here’s what we’re doing about it”, that would have been it. I almost certainly wouldn’t have followed up and picked more holes in their implementation.
5. Never be dismissive
Regardless of the subject matter, if someone raises a genuine concern and they feel like they get the brush off, it’s going to get under their skin. What do I mean by “brush off”? Here’s a good example:
Frankly, this verges on being patronising and at the very best is dismissive. Here’s someone who raises a genuine concern and gets a very generic, broad response in return. It does nothing to address the actual issue the customer raised (or in this case, drew attention to) and at the very least, they could have reverted to point 2 above and asked to be DM’d with any concerns. In all likelihood the customer may not have even followed up, but at least they wouldn’t have been left feeling dismissed.
In their defence, it does appear that wishgenie is no longer emailing passwords and is instead sending a reset. Does that mean they’re implemented cryptographically secure hashes? You decide: