Solution: People Pay and FIS Global’s Horrific Customer Service
I recently got a “people pay” payment from someone who uses ByLine bank. ByLine bank is a local Chicago bank that uses a web based banking services from FIS Global called ibanking.
Link Received to claim payment:
https://ppl.ibanking-services.com/PP_071001533/PeoplePayExternalIXpNEWHShxxK7nz4hXys
When I click the link in the email I get the error:
We’re sorry, but the system is currently unavailable. Please contact customer support.
I called byline bank support to resolve the problem. I was told to visit: http://peoplepay.pgfinancial.com
Which I did, and saw that the domain name was for sale! I triple checked the spelling with the representative. He said to call back during business hours the next day. How can they be giving customers invalid URLs?
I called today, and was told numerous times they could only help the customer who sent the transfer.
How can they not support the person who received the payment? They are both using the same system! The person who sent the money is not having the problem.
While on the phone with the agent, I realized that the link looked to have a variable, but that variable didn’t have a variable name, or even a question mark (?) indicating the beginning of the variable part of the URL string. I removed the variable data, and the link worked!
https://ppl.ibanking-services.com/PP_071001533/PeoplePayExternal
I was able to solve a problem in 2 minutes, which 3 people at the software vendor were unable to do in over an hour. In fact, the support I got was wrong! They are lucky the domain name was for sale, and not phishing customer data!
I asked to report a bug, but was unable to do so, since, I’m not a customer! Thinking I could file a security breach bug, and that would make it to the right people, I asked to do that, and again, I was unable to do so, because I was not a customer. I pretended that I could access a customers data, and that vulnerability should be filed, but I quickly fell out of the representatives process, and was unable to even file one of those. Truly unbelievable.
The problems I see with this series of interactions:
- Un-empowered employees; not given the tools to help third-party customers
- A bank that is relying on an incapable 3rd party software provider to handle the majority of their customers interactions and transactions.
- ZERO testing from developers to test if the URL which is being generated is valid
What a mess.