Tag Archives: Finance

HSBC “Rgerts to Onform”

I’m always amazed at how much money companies sink into sparkling advertising and PR, but so little into ensuring the emails their staff send and receive reflect the same sheen.

Especially when they call themselves the “world’s local bank”.

Take this recent email exchange with HSBC. I’m a customer, and sometimes use their Premier lounge at Jakarta airport. I’m one of those annoying people who make a point of submitting comments to companies about my experience, even if they’re not solicited.

A few months back I was impressed enough with the Jakarta lounge to send an email to a generic customer relations email address I found here on HSBC’s global site where the page says:  HSBC customers are invited to email customerrelations@hsbc.com.

I can’t remember now what I wrote, but it was complimentary about the initiative of one of the staff, a guy called Musli. I got this back a few days later:

Thank you for your recent e-message.
I have forwarded your email to Jakarta, Indonesia so that your positive comments can be feedback to Musli and their manager.
Thank you for taking the time to contact us.

Great. Just what I wanted. A slap on the back for the little guy.

But a few months later—last week–I had a quite different experience, so I fired off another email to the same address:

Hi, I thought I’d follow up my earlier message about HSBC lounge in Jakarta. Since my last email I feel standards have slipped a bit and the place could do with some attention.

I then went on to detail the slippage: my Premier card, it turned out, wasn’t in itself good enough for Premier lounge, and the staff seemed keener on getting rid of me than seeing whether I carried the magic card. The lounge felt more like a lower tier massage parlor, with four females sitting around the front desk, chatting, giggling, singing karaoke and exchanging backchat with male staff. It got so raucous I and some other travelers went to another lounge to get a bit of peace and quiet.

Anyway, I fired off what I felt was a constructively critical message. I got this back today:

Thank you for your further e-message. I am sorry you have had to contact us under such circumstances.
I rgert to onform you that I am unable to assist you with your complaint.
As you have contacted HSBC UK, we are only able to access accounts held within the UK.
Therefore may I suggest that you contact HSBC Jakarta for them to investigate the issues you have and provide you with a full response.
I apologise for any inconvenience this may cause you.

I wrote back:

Thanks for this, it cheered me up no end. The first time I send complimentary remarks to this email address, and they’re passed on right down to the staff, but when I send criticism you “rgert to onform” that you are unable to assist me.
Lovely stuff. Couldn’t make it up if I tried.

I’m a bit flabbergasted, actually, but I shouldn’t be. It’s pretty amazing that the global email address for customer relations for what is now one of the world’s biggest banks can spew out ungrammatical and misspelled dross like that, but more important, but that the staff member feels able to shunt responsibility back to the customer is shockingly shoddy.

Repeat after me: Every email sent and received by a member of your staff is an ambassador at large for the organization. Mess it up like this one and your whole brand suffers.

(Also being sent to HSBC PR for their comments.)

The Lost World of Yahoo

This piece was written for a commentary on the BBC World Service Business Daily about Jerry Yang’s decision to resign as CEO.

Back in the early days of the World Wide Web there was really only one name. Yahoo. You could tell it was big because it was what you’d type in your browser to see if your computer was connected to the Internet.

Without fail: Yahoo.com. It’s been around since 1994, since Jerry Yang and David Filo, two grad students at Stanford, built a list of interesting websites, a sort of yellow pages for the Internet. They called it, first, Jerry’s Guide to the World Wide Web, and then Yahoo. By the end of 1994 it had a million hits. By 1996 it had gone public.

And, I reckon, it’s been slightly lost ever since.

Not that you’d know that from the figures. It’s the most popular website in the world. Nearly half that traffic is actually email, according to Alexa, a website that tracks this kind of thing. Nearly everyone on the planet, it seems, has a Yahoo email address.

But there’s also other stuff: search, news, auctions, finance, groups, chat, games, movies, sports. And Yahoo has been pretty consistent for the 14 years of its life: If you look at its homepage, the place where you’d land if you typed in yahoo.com, it wouldn’t look that different in 1995 to what it looked like in 2005. The familiar red Yahoo logo at the top of the page, a little search box, and then some links to directories.

But since then things have got more complicated. The guys at Google made a better search engine, so much so that their name has become a verb, a shorthand way of saying “look up something or someone on the Internet.”

That kind of left Yahoo behind. So far, I’ve not heard Yahoo used as a verb, or a noun, at least in a positive way. And Google also figured out how to make money from it, which stole another bit of Yahoo’s thunder.

But it hasn’t stopped there. Internet speeds have got faster. We’re now connected most of the time, via computer or cellphone. Upstart bloggers have toppled big media conglomerates. So now all the big players—Microsoft, Google, Yahoo—are not quite sure what they are: Media companies? Advertising companies? Software services company? A mix of all three?

So it’s no surprise that Jerry Yang has been unable to articulate what, exactly Yahoo itself is. If you’re not sure what your company is, never mind that you founded it, you shouldn’t be sitting in the CEO’s chair.

The truth is that there are two Yahoos. Ask an ordinary user and they’ll know about Yahoo. The email program. The instant messenger. The news portal. To millions of people Yahoo is comfortable and familiar.

Ask a geek and they’ll talk about another Yahoo: all the cool stuff the company engineers are doing. Pipes, which lets you mash data together in interesting ways. Fireeagle, that blends together information about where you are. And there’s the stuff they’ve bought that most people don’t even realise belongs to Yahoo: delicious bookmarks, for example, or Flickr photos.

People may be down on Yahoo right now, and the share price isn’t pretty. But it’s still a big brand, known around the world. And, despite their frustrations, beloved by many geeks.

One day someone will come along and find a way to package all this stuff together, or sell bits of it off. Then Jerry’s Guide to the World Wide Web will find its way again. It just doesn’t look like that person is going to be Jerry himself.

The Financial Crisis in Charts

Thought I’d offer a brief history of the financial crisis as seen through Google Insights, which measures the popularity of a search term over time.

image

Interest in the word subprime spiked a couple of times in 2007 (above) before we figured out it was all about toxic debts (below):

image

and credit crunches:

image

Then we realised suddenly we had to learn a bit more about Freddie Mac and Fannie Mae:

image

and even basic terms like liquidity:

image

Useful information. And it wasn’t just an economics lesson. We had to gen up on countries that we had recently given little attention to, like Iceland:

image

Although it’s worth keeping it all in perspective. Search for the word meltdown, a commonly used term to capture the excitement of the past few weeks, and you get this. Clearly rising interest, but that spoke in 2005? It’s linked to Ice Age: The Meltdown, which grossed $70 million at the box office in its debut week:

image

The Financial Crisis in Charts

Thought I’d offer a brief history of the financial crisis as seen through Google Insights, which measures the popularity of a search term over time.

image

Interest in the word subprime spiked a couple of times in 2007 (above) before we figured out it was all about toxic debts (below):

image

and credit crunches:

image

Then we realised suddenly we had to learn a bit more about Freddie Mac and Fannie Mae:

image

and even basic terms like liquidity:

image

Useful information. And it wasn’t just an economics lesson. We had to gen up on countries that we had recently given little attention to, like Iceland:

image

Although it’s worth keeping it all in perspective. Search for the word meltdown, a commonly used term to capture the excitement of the past few weeks, and you get this. Clearly rising interest, but that spike in 2005? It’s linked to Ice Age: The Meltdown, which grossed $70 million at the box office in its debut week:

image

Hollywood still trumps global financial disaster, I guess.

Poffertjes and Power

Continuing my search for a place to plug in and work at airports, I was pleasantly surprised to find that HSBC has laid out the red carpet for its Premier account holders, at least at Jakarta’s Soekarno-Hatta Airport. If you have one of their fancy accounts, anywhere in the world, you and your partner can partake of their lounge services.

It’s all a bit new, and, dare I say it, charmingly Indonesian: More people (three men watching one female doing the work) were involved in making my poffertjes (a Dutch batter treat popular in the former colony) than there were actual poffertjes:

20012008221

HSBC’s Poffertje-Making Team (4)

20012008227

HSBC Poffertjes (3)

But that’s not to say I wasn’t pathetically grateful. Food is never good at these kinds of places, so that the HSBC PMT (Poffertje-Making Team) took such care with my poffertjes was in itself a cause for celebration.

What impressed me, though, was that there was ample room there to work — several little cubicles, a couple of actual offices, and, blow me backwards, lots of power outlets — either in the walls, or in the floor. Like these, which pop up at the flick of a little switch. No Wi-Fi or anything, but you can’t have everything. Well done, HSBC.

20012008223

Goertzel, Rugby and the Sweet-talking Scam

The South China Morning Post reports (I’ve got the hard copy here; everything there is behind a subscription wall, so no full link I’m afraid) of a clever scam where the bad guys steal just enough stuff — cards + identity — from a victim to be able to social engineer their way into trust, but not enough for the mark to realise there’s anything missing before the sting. This takes some doing.

This is how it works: The fraudsters swipe a wallet or handbag from under chairs and tables at a weekend sporting event in Hong Kong. They remove bank ATM card and a business card of the owner and replace everything else. They then research the individual (presumably online, though they may have access to other information, I guess, from associates on the inside at a bank?).

They then wait a day and then call up the mark, identifying themselves as from the victim’s bank, asking some personal details and then asking if they’ve lost their ATM card. This may be the first time the mark has realised the card is lost. Along with a professional and comforting tone, and any personal details that the fraudster has been able to unearth online, this would further lure the victim into a false sense of security.

It’s then the fraudster would say he will cancel the cards and provide a temporary password once the account holder has typed their PIN into the phone. I like this bit; it would be easier and tempting, as in other scams (like this one in the UK) to try to persuade the victim to just give out their PIN verbally. But asking them to enter it into the keypad of their phone adds to the ‘illusion of formal procedure’ that social engineering relies so heavily on. The fraudster, of course, is easily able to attach a device to their phone to capture the tones of the PIN and decode it. They could even just record the tones and play them back against a set of tones. (Each digit has a different tone, according to something called dual tone multifrequency, or DTMF. Tones can be decoded using the Goertzel algorithm, via software like this.)

Once the PIN is handed over, the account is emptied. In the case cited in the SCMP, some HK$47,000 was removed with 82 minutes of the fraudster obtaining the PIN.

So, the obvious and slightly less obvious go without saying:

  • Never give your PIN to anyone, even a smooth-talking fella calling himself “Peter from HSBC.”
  • Regularly check your purse to see whether all your cards are there. If not, cancel them immediately.
  • Don’t put your name cards, or other revealing personal details, in the same place as your credit cards.
  • Don’t ever accept a call from your bank without taking down the person’s name and number and a telephone number you can verify independently (on statements or online.) Then call the bank back. Banks don’t like to do this, because it might mean you call them up when they don’t want to, but tough.
  • Give your bank hell every time they call you up and start asking you questions like “you have a credit card with us, is that right, sir? Would you like to up the limit on that card?” This is just asking for trouble, since calls like that are one small step away from a social engineering attack “Please just give me the card details and some personal information and we’ll increase that limit rightaway, sir”. If not that, it at least sows the idea in the customer’s mind that their bank phones them, and that somehow that’s OK.
  • Be aware that Google et al can, when combined, a pretty clear picture of who you are, even if you’re not a blogger or other form of online exhibitionist. So don’t be lulled by someone calling who seems to know enough about you to be able to pretend to be someone official. 

Anyone at the Rugby Sevens this weekend, take note.

Pumping Stock, Spam and the Criminal Underworld

If you ever feel the urge to trade on a spam stock tip, I offer this unsolved whodunnit as a cautionary tale.

If you’ve been getting an extra dumpster of spam in your inbox lately, it’s probably because of a little known company called Cana Petroleum. If you open the email in question (and I’ve counted nearly 300 in my spam dumps in the past three days alone) you’ll find it’s a pretty straightforward pump and dump scam, where the sender tries to raise buying interest in the stock (the pumping bit) to push up the price so he can make a killing selling his stock (the dumping bit.)

It worked: according to Don Mecoy of The Daily Oklahoman:

Cana Petroleum shares, which trade on the unregulated Pink Sheets via the over-the-counter market, lost 32 percent on Friday to close at $4. On Thursday, the stock traded as high as $10 a share. Seven months ago, it traded for about a dime.

But is this just a case of some day trader making a quick killing? Or is there something more sinister afoot? The company involved has been in trouble before for promoting its stock. Don says that “Information regarding the company is difficult to find. Internet searches reveal no Web site, and telephone listings for Cana Petroleum led to disconnected or wrong numbers:

The company changed its name, ticker symbol and business model in August. Previously called Global DataTel, the company sold personal computers, mainly in Latin America.

Securities regulators filed a complaint against Global DataTel in 2001, and obtained a judgment against a stock promoter hired by the company. He was accused of spreading groundless price projections and strong “buy” recommendations even as he sold his own shares of the company’s stock. The promoter and two Global DataTel executives were fined.

Global DataTel shut down operations in the spring of 2001, “due to the big financials problems,” according to a regulatory filing.

That’s pretty much where the trail ends. As Don points out, a lot of companies don’t like their stock being manipulated for obvious reasons. The promoter involved in the 2001 case, Stuart Bockler, seems to have kept a low profile since. The SEC complaint describes him as a “corporate public relations consultant who controlled and operated, as the sole employee, three public relations-related companies — International Market Advisors Inc., International Market Call Inc., and Imcadvisors, Inc. — and a related Internet website www.imcadvisors.com.” The website itself is under construction although it does offer an address in Columbus, Indiana and an email address under the name Don Michael. The WHOIS information is the same.

Archived copies of the site indicate it’s been pretty dormant since 2001, when its homepage touted a mailing list of “hot news” for $100 a year. (You can see the buy recommendations IMC put out on Global Data Tel at this archived page: In less than five months it put out six ‘breakout buy’ reports on the company, out of a total of nine. A copy of one of the reports is here.) According to the SEC complaint, Bockler sent out 30,000 emails drawing attention to the reports. The stock rose, according to the SEC, from $7.19 a share on Jan 12 1999 to reach a high of $18.84  in April. Within a month of Bockler’s last report the price had fallen to $2.875.

From there the trail goes cold. Or does it? In 2004 a Beverly Hills lawyer called Allen Barry Witz pleaded guilty in a Newark District Court to manipulating the same stock with the help of four other men. (Bockler was also indicted, but I can find no record of the case having gone to trial.) But more intriguing is the link to a murder case that has not been solved: One of Witz’s unindicted co-conspirators, Joe. T. Logan Jnr, was, according to the Asbury Park Press, closely connected to two pump and dump stock dealers, Albert Alain Chalem and Maier Lehmann, who were murdered execution-style in October 1999, the same time the Global Datatel pump fraud ended. The two men’s stock website, StockInvestor.com, was heavily promoting the stock in the last recorded snapshot of the site before their deaths, about two weeks before they were killed. The most recent news article on the unsolved killings, by AP’s David Porter on October 30, quotes one of the dead man’s attorneys as saying:

“It sounded like an extremely professional hit,” he said. “It sounded like the perpetrators were on a plane back to Eastern Europe before they even found the bodies.”

It all may be a coincidence, of course. But the killings, the indictments and the fraud in the Global Datatel case might help to remind us that the links between stock scams, spam and criminal organisations with access to ruthless killers are not the stuff of fiction.

Technorati tags: , , , , , , ,

Elitism’s Big Security Hole

You would expect that if you choose an elite, premium product or service that it was more secure than its lesser, bog standard one. But after an incident today I’m not so sure.

I happen to have a fancy premium account at my bank. I didn’t really want it, and object to such things on champagne socialist grounds, but it happened that way. So I arrive in town, and am looking for an ATM. I espy the logo of my bank on the airport concourse and head that way. Three members of staff stand around the branch entrance, doing that half-welcoming, half-bouncer thing that staff do. I asked if there was an ATM inside, and they said yes, but instead of letting me in, pointed me back across the vast concourse to the railway terminus. “None in here?” I asked, surprised. By then I was fishing inside my wallet for my ATM card and they caught a glimpse of its fancy charcoal greyness. Their attitude changed in a flash to one of abject obeisance. “This way, kind sire,” they said (or something like that) and ushered me inside the darkened interior, round a couple of corners to my very own ATM machine, before withdrawing to a discreet but accessible distance. Butlers passed bearing flutes of champagne; customers carrying men’s purses perused glossy brochures with names like “Managing Your Family’s Wealth So You Can Have Trouble-free Weekends in Your Phuket Condo With An Office Secretary” or something.

Offputting, but I was happy to get some my hands on some cash. Until I realised I had forgot my PIN. No problem, one of the staff said, and led me around more corners to a bank of eager customer advisor executives, or something, all with perfect teeth and wide smiles. They happily gave me cash and balances, none of it requiring any proof of identity on my part. I got to suck a sweet while they did. The three bouncers led me outside as if I was the King of Siam collecting tribute.

I was happy with all the deference and genuflecting, but it made me realise that premium service isn’t really about premium service; it means paying through the nose not to be troubled by impertinent little serfs asking me for proof of identity when I want to move millions of dollars around/see my jewelry collection in a bank vault/pass through immigration. It’s actually about dismantling security, not about enhancing it.

It’s a simple equation: Companies charge more fees to these kinds of people, providing what looks like a Rolls Royce service. People love getting star treatment, assuming that fake veneer and snow-white smiles equate quality. Of course all it really means is that the basic service — in this case the ATM machine — has been moved off to a remote corner for the unwashed who refuse to pay for the premium service. But more importantly, the actual quality that should be a feature of the improved service is severely compromised, if not entirely absent, since the implicit agreement is that customers won’t be asked for proof of identity. That may seem like an advantage to the customer, but if someone had stolen my wallet they would have been able to empty my account without breaking a sweat. They might even have been offered a shoulder massage while the staff counted the money.

There must be a name for this skewed security thinking. And it must apply to all sorts of services.

Me? I’m downgrading my account and rejoining the plebs. It’s safer there: They won’t let me in the branch without flashing my ID card.