Don’t get me wrong I am an HSBC fan. I’ve always banked with them and their help on a day to day basis at personal account, branch level has always been nigh on faultless. Readers of this blog will recall my overwhelming gratitude to their travel helpline last year when I found myself in desperate need of medical assistance while on holiday, and again, my experience was faultless.
It does not make me happy, therefore, to ask why then, are there such huge chasms of lacking customer support where it is most needed, within the merchant services department?
Almost a year ago I received a letter informing me that all the card issuers were demanding that online and offline merchants be PCI DSS compliant to cover you against hackers. It was yet another process to go through, and I dealt with a company in Utah, a company who HSBC say you can use but who they can’t recommend…yet whose only number at the time seemed to be the ‘for further information call’ number. Many other online retailers I know had NOT received this notification from their banks, other more cynnical types saw it as a classic white elephant, money spinning made-up form of compliance!
It all seemed rather childish to me to say ‘we can’t recommend’, yet, at the same time, be the only further point of contact on the subject. How does all that red tape, pseudo-legalise, mumbo jumbo work, eh?
Last year, once I’d contacted my local Business Link to find out what the score was, and to their credit, while not knowing did their absolute best to find out the answer, I did bite the bullet and called the Utah company. I had even been into the merchant branch and asked who I could speak to about it and nobody had a clue. I digress, anyway, I got half way through the process and the guy at the other end asked me to hold while he checked a detail. 15 mins later and his not having returned I hung up. I called back and explained that I was half way through the compliance interveiw when the guy in effect hung up….and get this, they couldn’t start the process again because it was already underway and the guy had not hung up, he’d clocked off for the day and wouldn’t be back in work for two days and that nobody else could take up the call!!!! You couldn’t write it.
Anyway I said I’d call back and then just started again with another guy who was a darling.
15 minutes later I was compliant.
This morning I received another letter from HSBC telling me I MUST become PCI DSS compliant as if my current compliant status has somehow escaped them. If not then I’d be charged this, that and the other for not being – and charged on a monthly basis.
I called them to let them know my current status and to see if the letter was just a standard letter or something to which I ought to respond, and having passed through a series of annoying ‘for all other enquiries press 6 then 3’ steps, I finally spoke to a human. Said human did not have English as her first language. And this is where it all falls down for me. It beggars belief to me to send people what amounts to a threatening letter with a contact number (which for the record was also wrongly printed on the letter) and then put you through to someone who clearly has not the foggiest idea what you’re talking about. I stated that I’d been through the process last year and as a result receive quarterly email confirmations that my compliance is up to date. To wit the response, “You’re having trouble receiving email updates from the PCI DSS”.
No – I just wanted to know if I have to tell you again that I am already compliant or if you already know. Was the letter just a standard mailing or need I respond?
And in the end she said to ignore the letter. One more point, I asked, “I intend to add PayPal to the site in the near future. Will this affect my existing PCI DSS compliance or do I need to start again?”
And then I had the most difficult to follow, inane answer, so much so that I’m none the wiser now. I can’t share my merchant number with PayPal – I said that wasn’t what I was asking. I can’t use my merchant number for PayPal – I said that wasn’t what I was asking. I asked again if I need to go through the whole compliance procedure again and she just said I needed to contact PayPal to arrange.
And then I just gave up because it’s clear that the person was not with me and I was left with no alternative than to hang up in disbelief shouting at a blank receiver – why can’t you just understand plain English?????
Even more irksome, if it’s so bloody mandatory why then, when you search PCI DSS on their own merchant services area online are ‘no items found’? The only place I found, which did not come up on the search button, was the online version of the card users newsletter.
I find it wholly unacceptable to send demanding letters, hinting at legal action, describing a nightmare scenario, hinting at fines for non conformance and basically putting the fear of god into anyone who doesn’t understand the situation fully and to pay lipservice to extending a hand of help when it’s just left me more bewildered, confused and two hours down on my day’s work. Should I just charge it back to them?
Not for the first time I am disgusted by the situation.
I wonder how many ebayers are PCI DSS compliant and who is chasing them? Answers on a postcard!
I think, HSBC, with all due respect to your staff who must be sick and tired of being shouted at, that a helpline staffed by people who know what the hell they are talking about is long overdue. If you are going to make demands of your customers, at least meet them half way and provide a dedicated line…..whose CORRECT number is stated on your letter…staffed by those who have a sufficiently good command of English so as not to invoke rage-like reactions from your customers!