HP mandated 15-minute wait time for callers — why that was good news for criminals

Leave a reply

Bob Sullivan

I have long said that poor customer service is a massive cybersecurity and financial vulnerability. I realize that line doesn’t always click with people right away, so I’m devoted to sharing examples with you (like this dramatic story).

Hewlett-Packard just offered up a slam dunk.

The company recently deployed a mandatory 15-minute wait for customers calling its support line. It’s hard to believe, but here’s The Register’s story about this. That story cites a staff memo which says, “The wait time for each customer is set to 15 minutes – notice the expected wait time is mentioned only in the beginning of the call.” HP’s goal was to force folks to solve problems on their own, supposedly with the help of HP’s website. But…we’ll get to that boobytrap in a moment.

On the one hand, this just sounds like everyone’s 21st Century nightmare. On the other hand, you’ve got to give HP credit for saying the quiet part out loud. I’m sure many of you suspect other companies put similar speed bumps into their phone call wait times. (I’ll share one example. Way back in 2000, the FTC fined the nation’s credit bureaus for putting a million callers on hold — after the feds required the bureaus to have a toll-free number for folks trying to fix mistakes in their credit reports.)

Here’s the problem with HP’s “don’t call us, we won’t call you,” plan: When shoving consumers online, HP can be shoving them right into the arms of criminals.

As HP printer owners know, there are constant issues with keeping printers functional. Often, due to software updates or other Acts of God, printer drivers go missing. Searching the Web for HP printer drivers can be like walking into the cantina in the original Star Wars.

Here’s a warning that a friend recently sent to me while looking for an HP driver of a slightly-older printer. Users looking for drivers often can’t find them on HP’s site, so they then end up on seedy websites — which sometimes do have legitimate versions of old drivers, and sometimes offer up software that infects users with malware.  After a helpful user points someone to a place that might have the right driver, this warning is attached:

So your printer doesn’t work, you call HP, the company does all it can to redirect you to the Web, and then…well, you probably decide you have no choice but to buy a new printer.

HP reversed course on the 15-minute wait time after the negative publicity, according to Tom’s Hardware. But this is still quite a learning moment.

Of course, it’s annoying to have people call every time their printer stops working.  But this approach of sending users out into the wilderness to find their own answers puts those users at risk — and as we know, we’re all connected, so we are all put at risk.

This scenario is not unlike a problem that plagues the travel industry.  Criminals make fake look-alike websites to hijack desperate travelers looking for a solution when their flight is canceled. It’s sometimes called “malvertising.” Then, fliers call a fake number, and give their money or personal information to a criminal on the other end of the line. If it weren’t so hard to get customer service, fliers wouldn’t be driven to rogue websites in the first place.

Poor customer service is our greatest cybersecurity vulnerability.  Hacking a company is hard. If you are a criminal, it’s much easier to get frustrated consumers to do the hard part for you. Companies should invest in customer service as part of their overall security budgets.

Leave a Reply

Your email address will not be published. Required fields are marked *