Fraudsters opening BT business accounts

So there has been much written about online scams and fraud affecting phone companies but little on the customer experience impact. My recent encounter with BT when reporting an incident raises several concerns and highlights a catalogue of UX failures.

It all started with two near identical letters from BT requesting bank account details to set up direct debits for accounts I’d not ordered. The letters suggested direct debit was the easy way to pay your bill. Trouble is these were not my bills. You would think it’s easy to contact BT and report the fraud. I reached for the phone and dialled 150. The automated voice recognition asked in a few words why I was calling. “To report a fraud” I say. Ok is this the number you want to speak about? it asks. Well no I thought so I key in option 2. Enter the number you want to call about it demanded. Hmmm, the helpful letters don’t mention any phone number, in fact the letters fail to describe any products or services the bill is in connection with. So I just key double hash and join a queue that keeps telling me how important my call is to BT and how they are so very busy at the moment.

Let’s just think about this journey. I ask to report a fraud and am told okay, I don’t have a phone number I want to talk about and am not given another option other than to hack the system with a double hash. (I remembered one helpful bank telling me this trick and it seems to work).

I hang on for 7 minutes to be greeted by a real person who wants to know my name and first line of my address and postcode. The guy has no idea why I’m calling so telling the AVR was pointless. So I say I want to report what I suspect is a fraud. I run through the details in the letters and I tell him the account numbers. He puts me on hold, another 5 minutes pass and he says the account is a business account that he does not have access to. He suggests I contact business team and asks if I want to be put through. It’s gone 7pm I say are they still available? Yes, he says and puts me through. After a short delay I hear an automated recording telling me the team are available between 9am and 6pm Monday to Friday and 1pm on Saturdays. Great, after 19 minutes I hang up.

So I have another go. This time I try “Fraud, fraud, fraud” as the reason for calling and wait 5 minutes for a human to answer. This time I launch staring in to I want to report a fraud on a business account. Daniella says she’ll try BT security and puts me on hold. After a few minutes she comes back and says I can’t speak directly with security as they need her to ask me some questions about the account first. I repeat what I told the first guy and she relays this to ‘Security’. What details do they need I ask? Postcode she says. Well try my postcode I gave her I suggest. After another period on hold Daniella returns to say BT security need details on when the business account was applied for to log the issue and security don’t have access to business accounts. It’s catch 22. How would I know when the account was requested if I did not set up the account! I ask for a call reference number but Daniella does not have one. She suggests I must call BT business when they are open tomorrow so they can speak to security. I hang up, another 30 minutes wasted.

Let’s review the user experience so far. I need to report a fraudulent use of my identity by BT to BT. I try calling the BT care number but my reply as to why I’m calling is not confirmed as being recognised. Front line agents only have access to residential account details and they won’t connect me with security department because they can’t validate. BT care can’t log the report for me and won’t let me do so directly. The process is clearly broken.

So I decide to tweet. Social networking to the rescue. Next day, I scan my replies and see BT business care agree my experience is not good, suggest I call BT security and give me the direct number. It’s 0800 321 999 if you need it by the way. One more time I call. I get another IVR system with 5 choices from checking identify of BT worker to reporting bomb threats.Then another 5 or so choices none of which seem appropriate so I pick 4.  In the end I speak to Phil. Someone sensible at last. He asks me many of the same questions but there’s no mention of needing another system. In fact his demeanour reminds me of the conscientious policeman noting every detail down and checking it. He gives me an SIR number (security incident report number). I ask him why BT care did not pass me though yesterday. He did not know, we’re open 24×7 he says.

It will take up to 10 working days to get a response to BT about my report and complaint. I’m promised they will put an immediate disassociation order on the fraudulent accounts so I’m not connected to them. I raise the issue of bad credit rating as the bills won’t be paid by me. Phil suggests I should be okay but to raise it when they followup the report.

Next day the postman leaves a BT Business Smart modem on the doorstep. The label has a helpful instruction to leave with a neighbour if addressee is out but that’s not been read. It’s addressed to me, no mention of a ‘trading as’ company name, obviously BT fulfilment are more used to dealing with residential customers and reuse the standard label maybe. I think about calling 150 and having a tedious conversation with AVR and a Care advisor but decide to let BT security know instead. I can try out the SIR number to see if it’s a key.

Phil doesn’t answer this time, it’s a nice lady who’s a bit taken aback by my opening comment that mentioned in their IVR returns a 404. “Oh, that’s for internal use only” she explains. Ah okay, so how would I know that? I ask. Apparently the 0800 number for BT security is also used by BT staff most of the time and nobody’s thought to set up an IVR fork to help befuddled customers get a sensible user experience. No matter the lady was very helpful and the SIR works a treat to update yesterday’s report.

So I’ve written this post with intended sarcasm triggered by a catalogue of bad user experience from BT that I feel should have been far better. Some major questions I suggest BT should ask themselves are:

  1. Why can a BT business account be opened without sufficient checks being made to verify the validity of the identity of the requestor?
  2. Why is the main BT care AVR so poorly designed in that a) it fails to confirm it’s understood what the reason for the call is; b) the flow choices have not been designed to cover sufficient scenarios.
  3. Why have BT care advisors not been trained to hand off requests to report fraud to avoid the farcical situation above.
  4. Why have security scenarios crossing BT residential and BT business not been thought through?

Names may have been changed to protect the innocent.