From the “Dook (Energy) Sucks!” Dept:

From the “Dook (Energy) Sucks!” Dept:

There are a few companies in this world where my relationship with them and what passes for their “customer service” works best when their product just bloody works and I don’t have to ring up the irritating people on the 1-800-Loser line.

Duke Energy Progress would be one of them.

In fairness, they’re nowhere near the Holy Grail of Customer Service So Horrific That Their Reimagined Logo Tells The Tale (i.e. Rectum Cable!) levels of piss-poor customer service but the recent interaction I had with them wasn’t all that wonderful, either.

Let me set up the scenario by confessing that it all started when I inadvertently did a rather impressive DUMB whilst using the credit union’s online bill paying service to pay the utility bills.

Somehow and I truly have no idea how in the hell I managed to do this but I accidentally sent the payment for Dook Energy to the incumbent natural gas supplier whose name has changed a few times and looks like it’s about to again with the latest filing to the NC Utilities Commission.

Ooops!

These two utilities are right next to each other in the list of payees so obviously I picked the wrong one but there’s usually at least one or two confirmation screens that I somehow also blew past not realising I was paying the wrong amount to the wrong company!

Oy.

So when I see the next bill from Dook Energy in my EMAIL, I was rather horrified at the number contained within (OK, more horrified than when I see the usual summer number which is still dreadfully high!) and was curious as to how they came up with that.

After a quick reading of the runes in Quicken and the credit union’s website, it was clear that this was an EPIC DUMB perpetrated by the person in this conversation that is accustomed to identifying with the use of the perpendicular pronoun.

It was I.

Seeing as requesting a refund of the obvious overpayment to the gas company was to double the number of bureaucracies I had to deal with to get this sorted, I figured it’d be much easier to just ring up Dook Energy and confess my stupidity and let them know the plan of action would be to let them know I’d queued up a payment that would be deposited with them within the next day or two and that I’d already queued up the amount the bill should have been had I not done the EPIC DUMB to arrive by the proper due date. There would likely be some apologising for any inconvenience, begging for their forgiveness, and hope for their understanding involved.

But at the end of the day, all I wanted to do was give them a head’s up and have it documented on their system for the record.

That’s it.

If only it was actually that easy. 🙁

You know you’re in for it when you ring up the customer service line and you have to fight your way through hell with a voice response unit that wants you to talk to it and has no way to bail out of the menus to a HUMAN BEING without being subjected to multiple levels of irritation.

I finally make it to the human and “authenticate” with name, address, and the billing account ID number and that’s when things start to go pear-shaped.

She wanted the last four digits of my Social Security Number (SSN) for my security and was rather snotty about demanding it or else she wouldn’t do anything further.

Anyone who knows me knows that is a real pet peeve of mine for multiple reasons:

  • The SSN is not guaranteed to be unique and has no way of being checked for being accurate with a checksum within the number.
  • The SSN or any part of it is the absolute worst number to be casually bandying about on an unsecured phone line or unencrypted data communications channel.
  • Even with four digits, a complete SSN can be guessed pretty easily if the bad guys also have access to where you were born assuming that’s where your SSN was issued. Fortunately, I’m in the minority in the country where that does not help a crim guess my number but I’m not interested in taking the chance.
  • The damage that can be caused by a compromised SSN is immense and can take YEARS of fighting the three main credit bureaus to clean up the damage. Been there, done that, don’t ever want to #@(#$ing do that again!

That “for my security” that these people always tack on really pisses me off because it is utter and complete BS.

If these corporations truly gave a crap about the security of my personal details, they’d actually invest in credible IT to keep out the hackers, phishers, and other evil crims and not store my SSN in their systems *AT ALL* because it should never have been used as an ID but good luck getting the utilities connected without being forced to hand it over to them.

In fairness, the law does allow them to collect and use the SSN because the utilities are considered creditors because they can extend service prior to payment and the SSN is the easiest way into the credit bureaus to rate whether they’re going to impose a deposit upon the customer. The law is a bit less clear on private non-governmental utilities being able to demand the SSN as a condition of service when alternative means of authenticating the consumer are available.

But a company certainly wouldn’t insist on me divulging it on a unsecure phone line where I have no more of a guarantee I’m dealing with a legitimate customer service representative than they have that they’re talking to someone who legitimately can speak to them about the account.

At the end of the day, what “security” are they enhancing by demanding those digits other than refusing to continue providing customer service?

Think of all of the data breaches we’ve heard about in the news in just the last couple of years. As someone who has done IT for over 30 years including some occasional forays into helping harden systems from attacks, I can assure you that the number of breaches that are never disclosed to the public are far more than the ones where they have no choice but to admit to it!

AT&T just had *ANOTHER* major breach a few days ago on the heels of one only a few months ago and that one was only the latest in a string of breaches against them!

A huge number of car dealers have been paralysed for the last month or so thanks to a ransomware attack that the software vendor finally caved in and paid the criminals and we have no idea how much data was stolen and retained even after the ransom was paid.

The point is that with so many data breaches (including many government, medical, and banking systems where the SSN is often used as a primary key even though it can’t be guaranteed to be unique which fundamentally violates the principle of a PRIMARY KEY!), someone demanding those four digits isn’t enhancing security in any way whatsoever.

All they’re proving is that I along with a unknown number of corporations, governments, and criminals happen to know those four digits along with all of the other “identifying” information they ask for which is also easily accessed in public records (to say nothing of the breached datasets flying round the dark web).

I tried reasoning with the agent and explaining that expert’s level view of why what she was insisting upon was a very bad idea but she was just not going to listen to reason.

Trying to appeal to her having some measure of common sense and using it in this particular situation was a complete waste of time as well.

Think about the scenario I presented earlier as to why I was calling in the first place.

All I intended to do after confessing the stupidity that led to that situation was to inform them of the steps I’d taken after discovering the EPIC DUMB I’d done and to have it documented on the record so that if there are further billing problems, we can both be singing from the same page of music.

What part of that truly required disclosing the SSN?

I’d understand the agent’s position more if I was looking to make actual changes to the service such as suspending or terminating it but even then, she’s still not actually authenticating me any more or enhancing security in any way by forcing me to give up part of my SSN.

But then there’s the matter of applying some common sense…who else would even bother to ring them up to explain that situation to try to give Dook Energy some warm fuzzies that the error had been noticed, it’d been corrected, and this is the timetable that they can expect to see money in their accounts?

I really doubt the crims would! They’d be more interested in what cash they could grab or what data they could compromise.

They certainly wouldn’t spend nearly a hour on the phone where they could be traced explaining the situation to a customer service agent far more interested in following policies that are absurdly stupid at the best of times and then trying to explain to the supervisor who was a bit more pleasant to talk to but I doubt Dook Energy will listen to her any more than they do to me.

Here’s hoping it will be many years before I have to ring up that “customer service” line again. 🙁

Close Menu
Close Panel