The Heartbleed bug has been big news recently. Most of us will have heard something about it. Despite this, a couple of companies have taken the trouble to contact me on the subject, to make sure that I know what’s happening. I won’t tell you who they are. I’m not here to advertise for them.
The first is a supplier of domain names. I used to deal with them, but haven’t for some time. Even so, they have emailed me with information about this problem and given me advice. They have also provided me with links to other sites that might be helpful to me.
Why would they do this? I’m not a customer anymore. What’s in it for them?
I can only assume that this company hopes that I will be a customer again, or will recommend them to friends. They want me to form a good impression of them.
The other company supplies my anti-virus software. Heartbleed is not a virus, so this organisation has no duty to protect me from it. That hasn’t stopped them emailing me with advice, and giving me access to a tool that will show whether sites that I share information with have been vulnerable to attack.
Why have they taken the trouble to contact me and all of their other customers in this way? Probably for the reasons that I have already given. They want me to think that they have my best interests at heart. It’s unlikely that they have, but it’s to their advantage that I believe it.
You may wonder why I am spending so long talking about something that I know nothing about. It’s because I want to contrast and compare.
These companies have become aware of something that threatens their customers. They have felt a duty to inform them.
Now let’s turn to our glorious banks. What happens when they become aware of a danger to their customers? If the banks aren’t directly responsible, and won’t have to reimburse anyone, nothing happens.
The more likely it is that customers will suffer a total loss, the less effort the banks will make to warn them.
I’m not the only one to think this. There have been repeated calls for the banks to do more to warn customers about the ‘vishing’ type of frauds, for instance. These are the ones where you think that you’ve ‘phoned your bank, but you’re actually talking to fraudsters. You can imagine the rest.
Banks defend their lack of action on this by claiming that it’s impossible for them to contact every customer individually to warn them about every fraud. The task is Herculean, and it’s unreasonable for anyone to expect them to take it on.
So, what about the two companies that I mentioned earlier? If it’s against the laws of physics to communicate information to every customer, how have they done it? It’s easy, really. They have discovered the efficiency of electronic mail, compared to that of hand-written letters delivered in person by a uniformed lackey.
Santander Bank is at least honest in its approach. It believes that it has no duty to warn about these dangers. If customers can’t be bothered to find out about these matters by scouring the news media, then they deserve everything that they get.
The banks are currently spending vast amounts of cash on advertising aimed at convincing us that they have changed. They want us to believe that they now put their customers first. Perhaps they believe it themselves. Unfortunately, they have no idea how it’s done.
- What Heartbleed Can Teach The OSS Community About Marketing (kalzumeus.com)
- 25% of adults at risk of new ‘vishing’ phone con (thisismoney.co.uk)