Wednesday, May 18, 2016

IPI Keynote Speaker 2016

Dennis Snow was the keynote speaker at this morning's Welcome General Session at the IPI Expo in Nashville. He is an ex-Disney executive who got his first job at Walt Disney World in 1979 driving the submarines at the 20,000 Leagues Under the Sea ride. Fast forward a few years and he is a top exec at the happiest company on Earth.

I thought his speech was very entertaining and informative. He focused on customer service and its importance in any business. He started off by asking the room full of hundreds of people to shout out their answers to this: "What stands out to you about your trip to Disney World? What does Disney World do well?" First answer? "It's very clean." Next? "Very organized." "They call you by your first name." After a few minutes he said, "Notice that no one said 'the rides'?! Even though that is kind of the point of Disney World." All these little things that the employees do for you while you are visiting the Magic Kingdom add up to a magical experience that somehow even trumps the reason why you went in the first place. But maybe they are the reasons you keep coming back.

A Few Quotes
"Intolerable service exists because intolerable service is tolerated." (He said this is not his quote.)
"The customer experience = value (to the customer.)"
"The longer we do what we do, the more we assume that customers know what we know. They do not." (So they will need help from time to time and should not be treated like idiots just because we know the answers to their (sometimes stupid) questions.)
Have an "Experience mentality" at your business instead of a "Task mentality."
"Never let a coaching moment go."

Smoking Cinderellas
Do you have a smoking Cinderella at your place of business? I hope not. Mr. Snow cited as an example a female employee in full Cinderella costume taking a break next to the castle in Disney World. A little girl runs up to her with her autograph book all ready to go and tugs on the Cinderella's dress, who turns around, cigarette in one hand, coffee in the other, and says, "I'm on a break, kid!" Experience = ruined by one employee in one instant.

Tuesday, May 17, 2016


In Nashville, TN this week for the IPI Convention (International Parking Institute). Took off from Philly at 10:05 A.M. and landed in Nashville at 11 A.M. I was in my hotel eating a burger by 11:45.  Not too bad.

Met with a vendor and attended two educational sessions already. Heading out to an event tonight, and then tomorrow morning is the key note speaker (who hasn't been revealed).

I'm waiting in my hotel room to Facetime the twins so I can help them with some math prep for a test tomorrow. Angie says they need some extra guidance to make sure they "get it." We shall see. They should be calling soon...

Monday, September 14, 2015


Last year (July 2014) I took the PCI Professional online course and passed the exam at a Pearson VUE testing center in Mt. Laurel, NJ.  This year I had to take the PCI-Internal Security Assessor course because it became a requirement at my place of employment.  This past Friday I passed the exam at Pearson VUE so I am now a certified PCI-ISA, and I still hold my PCI Professional title as well.  The PCI-ISA certification lasts only one year, so I'll have to re-certify each year, but the PCI-P certification lasts three years.

I felt that these two tests had a lot of overlap, so if you already have the PCI-P certification I would highly recommend going for the PCI-ISA certification if your company is a PCI participating organization and will sponsor you.  The PCI-ISA certification is only valid as long as you work for the sponsoring company.  So if I quit tomorrow or get laid off, I lose the PCI-ISA cert.

If you are taking the PCI-ISA course now and are getting ready to take the exam, I would recommend studying all of the PCI requirements and making yourself very familiar with certain specifics (be aware of things like keeping online logs for 3 months, but keeping additional logs retrievable for 1 year; passwords should be a minimum length of 7 characters and set to expire every 90 days; employees should acknowledge reading the information security policy annually; etc.).  There were quite a few questions on my exam about encryption key management, too.

All questions were multiple choice, with only one correct answer.  No question asked me to choose more than one answer.  There were a handful of True/False questions, but not too many.  I had 90 minutes to complete 75 questions, but I was able to flag any question that I wanted to come back to at the end (whether I selected an answer or not).  I had about 50 minutes left on the clock when I ended the exam, so I had used a little more than half the time.  But I had studied as much as I possibly could have prior to taking the exam.  Despite this, I still flagged about 6 questions early on that I just did not recall studying.  When I went back to them at the end I didn't change my initial answers so I felt pretty good about them.  Of course, you won't find out which questions you got wrong (if any); you just find out whether you passed or failed.

Good luck!

Tuesday, May 19, 2015

Amazon scam

I recently became victim of an Amazon scam that "isn't that uncommon," according to the scammer.  Yes, that's right.  I had an e-mail conversation with the scammer.  More on that later.

The first warning came when I received an e-mail from Amazon thanking me for updating my account's e-mail address.  "What?" I thought.  "I didn't make any changes to my e-mail address for my Amazon account.  This must be a spam e-mail or a phishing attempt."  But no, it's not.  Upon examination of the e-mail, I saw that it was a legitimate message from Amazon Customer Support.

I immediately got to a computer and logged in to my Amazon account.  I usually have the "Remember Me" setting flagged in my browser at home, so when I opened I was greeted with "Hello, Mark."  "Good," I thought.  "My account is probably safe."

But when I clicked on the "Your Account" link to check my e-mail address, Amazon asked me to re-enter my password.  Curiously, the Username field was populated with an e-mail address that was not mine (incidentally, it was a Gmail address for someone named Sir Francis Robble 2).  When I tried to erase that name and put in my real Amazon Username and Password, I was greeted with the dreaded "Your username or password is incorrect.  Please try again."  At this point, I knew I was screwed.

I Googled "Amazon Support Phone Number" and found a toll-free number to call.  The customer rep that I spoke with asked if I had recently chatted with them that day.  I said, "No. of course not."  They asked me to confirm that I was indeed that account holder by providing them with a recent order number.  I had placed an order (and received) a Google Chrome book a couple of months prior so I found the confirmation e-mail and gave the rep the number.  He then asked me to confirm my home address, which I did.  Amazingly, none of that information was changed - only my e-mail address and username (which are, in fact, one and the same with Amazon).

The rep went on to tell me that someone had gotten into my account, changed the e-mail address and username, and then initiated a Chat Session where he claimed to have never received the Chrome Book.  Amazon then issued a Gift Card Balance in the amount of the Chrome Book's purchase price and placed it in my account.

The rep immediately put a freeze on the account, which even prevented me from using it.  The scammer was not able to spend the gift card money because the account was frozen too quickly.  But had I not made the phone call, he would have been able to make a purchase with the gift card balance and have it shipped to a different address than one I have on file.

So now I was locked out of my own Amazon account while the "Fraud Team" took a look at the situation.  I was told that I would be contacted within 24-48 hours by someone from Amazon Fraud Department.  The next day was a Friday, so I didn't expect to hear from anyone until Saturday at the earliest.

In the meantime, I figured I would e-mail the scammer since he was so kind to provide a new e-mail address on my Amazon account.  I basically e-mailed him and called him a name.  Someone named Charlie Muffins responded with this:

"Oh crap yeah I just realized you're not able to get in...
Just give them the billing address and you should be good lol
Well enjoy your $170 of credit."

So I responded with some questions.  I wanted to know "Why me? Why my account? And what did he gain by doing this?"  And I received this reply:

"You buy Amazon accounts which have been used, and check the orders. You then contact amazon and say that you got your order but the box was empty, and then they refund you to a gift card balance.  I was going to use the balance to buy a Moto 360 kek.  Someone was selling your account - and I bought it. It really isn't that uncommon BTW."

Amazing...  So I can just go somewhere online and buy someone else's Amazon account, complain about not receiving a recent order, and receive a full refund in the form of a gift card balance into the account that I purchased?  Wow.  And then you just spend the money on the Amazon item of your choice and ship it to an alternate address, which I'm sure is masked from the real destination in some way.

I asked him if you receive the account's password when you buy the account, and I also wanted to know if he had received the gift card.  (At the time, I assumed a physical gift card was sent back to the scammer.)  The response from Mr. Muffins:

"You buy them with the email and password. They usually include the answers for security questions, if the account needs it.  Not sure how people steal the accounts to begin with. I think they get a list of emails and passwords (dunno how they get those) and run it through a program that checks them for amazon accounts.  And no, the credit was stuck on the account."

After a few days went by (more than the 24-48 hours they told me to wait), I called Amazon again and spoke with another rep who assured me that my account was frozen, no purchases were being made, and that someone would be contacting me soon.  After another day went by and I hadn't heard from anyone (this was a total of five or six days after I first contacted them), I called again and explained that I just wanted to reset my password.  After verifying my identity again, this time the rep allowed me to reset the password and begin using the account again.

I'm not even sure if changing my password regularly would have helped me because it seems like either: A.) it's an inside job (someone at Amazon selling account info), or B.) the scammer can simply initiate a chat session with a tech rep and supply known information about the account (e-mail address, recent order number, home address), and then ask for the refund.

Beware!  Stay vigilant!  Contact support as soon as you are notified about any activity on your account that you didn't initiate yourself.