PR 101: Don’t leave customers in the dark when it comes to their money

Assiniboine Credit Union fails its members (again)

Highlights of this post:

  • Large number of Assiniboine Credit Union members locked out of accounts
  • ACU president and CEO responds to security threat to members, offers little explanation (AUDIO)
  • ACU ignores social media conversation, allows members to fuel discussion about situation (SCREEN SHOTS)
  • ACU board of directors nominees largely ignore opportunity to address member concerns regarding attempted account hack

There is a saying that customer service ain’t what it used to be. And that couldn’t be more true after what Manitoba credit union customers (or “members,” as they try to glam up the title) experienced last week and continue to today. I was one of those people.

Like most people I pay my personal bills online. Traditionally it’s from the computer in my home office. If I’m travelling for work and the reminder goes off on my phone, I might use the financial institution’s app.

Last Thursday, I was surprised, along with dozens (if not hundreds) of Assiniboine Credit Union customers to find my accounts had been locked. It led to failed attempts trying to log in on a computer or mobile device. The direction from ACU: Call in and we’ll fix it. Problem is, Assiniboine Credit Union doesn’t offer round-the-clock support and has minimal hours Monday to Saturday, and is closed on Sunday. As they say: You’re SOL otherwise.

The question is: Is that acceptable in today’s 24-7 world? Most people would say it’s not. If you ask ACU members affected by this recent lockout (and I’ll get to the vague responses from ACU in a bit), they say it’s totally unacceptable. And I’m not speaking for them. They’ve told me. They’ve made it loud and clear on social media. ACU’s lack of response has only fuelled its own PR nightmare.

The first thought I had when I tried to access my account was that I previously attempted too many log-ins and got shut out. It’s happened to me before and I was more than willing to accept blame even if I didn’t recall doing it recently. Things seemed fishy when I made three attempts to call in at random times last Thursday and had to hang up because I couldn’t dedicate the hold time to speak to a rep. I was unwilling to have a “call back.” The phone lines to Assiniboine Credit Union were jammed. Something was up.

Friday rolled around and I had the same problem. I attempted four calls and was still unsuccessful. I emailed, per instructions on the app, but didn’t get a reply in a timely manner. The call volume to their contact centre remained through the roof. This was smelling extra fishy.

Saturday morning a reminder went off on my phone to call in again so I could pay my bills. After 20 minutes I gave up and set the reminder for the afternoon because I couldn’t commit to a day of attempting to gain access to my money. I briefly browsed social media and didn’t see any posts from ACU accounts addressing a security concern, save for posts from members reaching out and complaining of getting locked out and experiencing long hold times when calling for assistance.

The credit union’s website did have this message on the contact page: “We are currently experiencing higher than normal call volumes. We apologize for the inconvenience while we work on improving call answer times.” (Note that at the time of this post on Feb. 11, the message remained there.)

Putting me more on edge was that I had fallen victim to a widespread credit union hack in December 2014. Barely two weeks before Christmas, hundreds of ACU custome… uh, members, had their accounts drained. There was no word from the banking institution. I discovered the hard way by being unable to use my debit card to pay for a $4 lunch at a coffee shop. (Thankfully I have a business account with a bank so I wasn’t completely, well, SOL.) Nevertheless, it was only through media reports that I heard about the hack – reports that started the day prior.

Yes, media reported it the night before but there was no word from my credit union (that gave my money to a hacker in New York) that there was a problem. This was over 12 hours later. Granted, none of us wants to be woken up in the middle of the night, but certainly some sort of message in the morning — be it an automated call, a text, an email… something — could have been arranged to alert us. Instead, we had to find out for ourselves we were affected.

Thankfully during that lunchtime I was around the corner from a branch and was able to join the long lineup of concerned members eager to get answers from the counter staff. Problem was, the employees couldn’t offer up much to put us at ease. There were conflicting reports in the moment about how it happened, how long it would take to get our money back, how many people were affected. That fuelled the rage the would-be Christmas shoppers had as they had to step away from their day jobs to seek answers about their empty accounts. Members overheard other tellers giving conflicting information and it led to tense arguments with people wondering what was happening, allowing for even more dialogue amongst the people impatiently waiting in line.

So, my insistence on getting answers ASAP in last weekend’s lockout is justified. Fortunately, as a member of the media, I can not only play the customer card but utter the threat, “I need a media comment for this story NOW.” Though my initial email and two phone calls didn’t immediately get answered, I was able to get ACU’s marketing director on the line shortly thereafter. He called me back on a Saturday afternoon quicker than the average member would get through to a customer service representative. Sadly, he didn’t have any information to pass along despite being listed as ACU’s “media contact.” He instead referred me to the credit union’s president and CEO, who would apparently get back to me. I was getting brushed off but working my way up the ladder to someone who could speak to the situation with authority. I had high hopes. Once again, Assiniboine Credit Union let me down.

It was Grammys weekend for us entertainment reporters. We didn’t have the luxury of sitting around waiting for the phone to ring. I was preoccupied with my work but when I saw the ACU president’s name appear on my phone, I made sure I was right in front of my microphone to capture the anticipated statement from the credit union. If anyone were to have the answers and put members at ease, it would be Kevin Sitka, right? Nope.

I immediately got to questioning the prez with the expectation he could explain what was happening. He failed to do so, seemingly downplaying the idea that there was an issue. He was quick to suggest that users likely caused the lockout themselves after too many failed attempts to log in. You can hear the audio for yourself HERE. See if you would be happy with someone so high up being so clueless about what could potentially be a massive security breach.

While talking to Sitka, one of our other office phone lines on hold with member support finally got connected to an operator. It was exactly at the 50-minute mark that someone interrupted the obnoxious hold music to assist. With that call live and the prez still on the other line, I let Sitka hear for himself the response from his employee. Sure enough, she confirmed that there was a higher-than-normal volume of people calling in about locked accounts. It was only then that Sitka had a noticeable change in his tone. Maybe I’m editorializing but it sounded like an “Oh shit, maybe there IS a problem here” moment.

Even then he seemed to show no urgency about looking into the matter. It appeared he was only saying things for the sake of ending the uncomfortable call. I asked him to “commit” to following up with me but like his other answers, his response was hedgy at best. (As of this posting, Sitka has still not followed up with me about this even though he has my cellphone number and email address.)

I immediately got his non-statement posted for the public to hear and it did little to comfort ACU members. In fact, it started a conversation on Twitter that ACU stayed out of and did nothing to stop — or at least get ahead of.

Twitter user @jazip tweeted to me, “They tried to tell me I had tried my password too many times and it locked me out. I knew that wasn’t true …interesting that it was more than just me. Took hours to reach someone.”

User @Amandageddon chimed in: “Same thing, kind of. Spammers were trying to get into accounts and locked a bunch of people out. I don’t know if they got into any accounts though.” When I replied and asked if she was concerned that the prez/CEO didn’t know anything about the situation, she tweeted, “Actually, yeah. It does concern me. Even if the spammers don’t get anything, he should still be aware of it.”

Another Twitter’er added his experience: “garden city branch had NO idea how to fix my account…then Was on the phone twice for at least ten minutes until they offered a call back… called me back 5 hours later.” Engaging with @jonismrnibs (Jonathan), I asked if it bothered him that ACU says there’s nothing wrong on their end. He replied, “It’s a huge piss off.. it said I unsuccessfully attempted to login three times (which wasn’t true) contact your branch… so I went to the Garden city branch (and) they didn’t know how to fix it or reset it… said I had to call… so I did and it took way longer than it should have.”

I pressed Jonathan further, asking publicly if he trusted ACU. “I do not trust them,” he replied, adding, “I’ve been trying to move to a different bank for over a year but unfortunately I have to wait until my gics (GICs) mature in 3 years. I’m gone after that.”

Having stirred the pot that Saturday afternoon, I was interested to see how the story would play out and if ACU would get ahead of the story (if at all) and save itself from a PR nightmare. It didn’t.

One of the things Sitka told me on the call was that his priority would be to reduce queue times at the call centre. I had hoped he would’ve taken a more commanding and authoritative stance than something so meek and timid. A true leader would have stepped up and said, “Thanks for bringing this to my attention. You’re absolutely right. We need to act on this right now. I will talk to our security people and get answers ASAP.” Instead it was seemingly, “Piss off, it’s Saturday afternoon, leave me alone” attitude. Hear it for yourself! I’ve got the entire audio online for you.

To its credit, ACU did post on Sunday – all the while ignoring the times their handle was used during our conversations the day before — that the call centre would be open and operators providing assistance. Admittedly, the hold time was shorter (about 25 minutes) but unfortunately for the random rep that got my call, she wasn’t expecting the pointed questions that I had. 

She was hesitant to make a declaration that there had been a hack — or even an attempted hack. She suggested lockouts happen because of user error. Once I regained access to my account I pressed her for more. I wanted answers. I realize she wasn’t intending to comment on the record but I was ready to do a public service and step in to relay messages since customers couldn’t count on the people we trust with our money. She handled it nicely and tried hard to put me at ease despite how much I grilled her. Kudos to her. She was an awesome representative.

It’s true, I tried to back her into a corner and confirm whether or not there was a hack — or even an attempted hack. Her choice of words indicated there was an attempt, as unsuccessful as it might have been – but it was an attempt nonetheless. That was still more info than the prez offered up 24 hours earlier. Admittedly, maybe they did know a bit more on Sunday afternoon than they did Saturday afternoon, but that’s no excuse for not having answers at least three full days after the situation started. Remember, I noticed the suspicious activity Thursday afternoon. Fast forward several days and what should be a trusted financial institution isn’t providing any details, except to spin it and blame the user.

When your money — potentially your life savings — is on the line, you expect an organization to act quickly, professionally and communicate with as much transparency as possible. The last thing you want is to receive “You did this, and that’s why this…” customer support. You want your concerns heard. You want to be put at ease. Moreover, you expect your concerns to be heard. You expect to be put at ease. Hell, you demand your concerns are heard and you demand to be put at ease. ACU failed across the board… again.

Now, speaking of the board. There is a board of directors election happening right now. Members can meet the candidates and vote online. I decided to reach out to each candidate on Saturday and ask them the same series of questions. They were informed that their answers would be made public. The questions posed to candidates:

  1. Are you concerned that the ACU president/CEO is unaware of this problem more than 24 hours after it started?
  2. Are you happy with the response (or lack thereof) from ACU ‎regarding a trend that is happening with member accounts? Hold times in excess of one hour, branch staff unable to assist members in person, no notes on social media to put people at ease, and an exec in the dark about the situation.
  3. Should ACU be more active on social media or stay away and let customers control the conversation? (because I’m revving up members in your absence)
  4. In a 24-7 world, should ACU be available at all times to address customer concerns? People unable to get through on Saturday are now without access to their accounts until at least Monday.

Here’s how (and who) responded. Spoiler: There’s little response which seems par for the course with people at ACU. (Note: This will be updated as/if more results come in.)

Members: Think about the DID NOT RESPOND crew when you cast your vote.

Frieda Krpan BrandesDID NOT RESPOND

Joe Kupfer

  1. This certainly sounds like a breakdown in ACU’s internal communication and possibly identifies a weakness in process as well.  Next to financial stability / ensured continuity, service should be the highest priority of the organization.  Call centre queue times would be an easy performance indicator to review on a regular basis, and technical issues involving critical systems such as Member login should trigger notification to the entire Executive team.  I would be interested to know what the Credit Union’s target queue time is, and what their strategy is to achieve their goal.  It also begs the question, what are the Executives’ KPIs daily/weekly/monthly…  What about the Board?  How many of those revolve around Member service?
  2. Best practice from organizations across all industries is to issue a statement informing public and media. This is done for a number of reasons: basic customer service, reducing the burden on the call centre (and queues), confidence in the institution, controlling the narrative. Certainly we would expect our Executive team and the Board Chair to be in front of any developing story.  Very curious to know the true increase in number of technical related problems.  Is there actually a meaningful increase or is Social Amplification exacerbating the issue by overloading support resources?  Interestingly, Wells Fargo has been reporting major system outages this week including digital banking services being taken offline.  Perhaps this is related back to a larger technical issue at a financial services vendor partner.  Either way, communication could be greatly improved.
  3. All successful organizations today are active on Social Media, you’re completely correct. Executives as well are expected (and should want to) actively monitor dialogue across all digital platforms including Social Media. What better way to learn how customers really feel? On a related note, the response you received from the call centre employee when pressed indicated she was aware of a wider systemic technical issue.  However her initial answer to you, the answer other Members are reporting receiving, and the answer from our CEO were all uniform to the point of sounding coached – it’s curious to say the least.  Were they instructed to feign ignorance and downplay?
  4. Absolutely. A Credit Union servicing 100,000 Members should be able to find a solution and resources to accommodate 24/7 on a regular basis. At bare minimum service hours should be extended in times of crisis. An auto-attendant phone system allowing a phone number to be inputted for call back is a basic first step to improve service to Members.  Certainly not a perfect solution but a very inexpensive way to leverage technology for the betterment of Member service.

Marlene Lock – DID NOT RESPOND

James Magnus-Johnston – DID NOT RESPOND

Priti Mehta-Shah – DID NOT RESPOND

Alain Molgat – DID NOT RESPOND

Deb Radi – Replied but didn’t answer questions directly, instead sent a link to FAQ from ACU (Feb. 13)

Leandro Silva – DID NOT RESPOND

Virginia Torrie – DID NOT RESPOND

At the beginning of this, I noted “customer service ain’t what it used to be.” In a world with social media and 24-hour communication tools, you’d expect an up-and-coming business or organization to embrace technology and trends. Excuses like being “small” or having no money (though you’re a goddamn financial institution) is BS. All it takes is someone with a cellphone to tweet out a message. Think about it: My niece broke a fingernail and hundreds of us knew about it on Facebook within seconds.

You can’t be the leader of an organization and be that ignorant about people needing answers in a timely manner and in the way they expect to get them. I certainly wouldn’t consider myself a social media expert but I do know that people will flock to social channels when they want to know what’s up. And PR 101 is that you get ahead of and lead the conversation rather than be dragged through the mud by customers/members destroying you in a public forum. I pay my fees so absolutely that entitles me to such actions and I will gladly do it for the benefit of so-called valued members.

But, ACU – for me, right now – stands for “Absolutely Completely Useless.”

Were you affected by this ACU problem? Were you happy with the credit union’s response? Let me know. I’ll reply to you even if they don’t.

One thought on “PR 101: Don’t leave customers in the dark when it comes to their money

  • February 17, 2019 at 5:31 pm

    I was locked out last week. I also waited on the phone for too long and did not get through so I went to the branch and spoke with a service rep over the counter. He was very quick to say “well we will issue a new card and wipe out your old one and its login data” but he did not give me a reason why the account was locked. So I pressed him because I had a feeling that it was a login attempt failure since I know I had no failed attempts. He seemed flustered and had someone come up from the back and I overheard them mention “too many login attempts failure”. So I asked them if this is what happened but they wouldn’t answer me directly and brushed it off. I never pursued it further at the time. I thought that maybe it was some issue with their system since they were vague about the reason I was locked out.
    My wife also has a card and online account so I had her check when I got home later that day and she logged in without any problem. So I thought that was it. Until today. Now she is locked out. And I can guarantee that it is not because of her failing login attempts. Now I know digital information systems and I know that things like this do not “just happen” so I googled “Assiniboine Credit union hack” and got your article. I believe that they have been compromised and are not telling their members or the press either the truth of the matter. That is a breach of trust in my opinion and it needs to addressed. Also I wasn’t too worried about voting before since I thought that things were fine. I have changed my opinion on that after seeing the “no responses”. Thank you for pressing this. It’s folks like you that will help keep our society strong and true!!


Leave a Reply

Your email address will not be published. Required fields are marked *

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.