Review: I had contacted CNS because I had a issue with [redacted] compliance. When I called, I told them my issue and that I did not have a server on my network. I was transferred to their to the IT Manager, [redacted], who told me they could fix it. They said the rate was $150/hour and that it would take less than a full hour. I asked her if they are sure if they can fix my issue, she said yes. She then told me that if in the rare occurrence they could not, I wouldn't be charged at all. So I agreed. I was contacted by their engineer the next morning. They spent 15 minutes looking at my set=-up and told me they can't fix it because he doesn't know what is wrong. So I told them to leave it and that I would work it out with the company that does my [redacted] Scans. I was then contacted by them 5 days later saying I had to pay. I told what happened and the woman transferred me to [redacted] again. I told what happened and she said it doesn't matter. I had to pay because they did work on my network. They didn't do anything, I fixed the issue after talking to my scanning company. CNS told me they had no idea what was wrong. So I told her I wouldn't pay. She told me they would pursue and take legal matters. When I received the bill from them, they charged my for a full hour, when they only did work for 15 minutes, and the bill say they work between 11:00-11:30am. SO they are trying to over charge me. I was going to just bay the $37.50 for they 15 minutes but not for time they didn't do anything. Also, on the bill they said they accessed my router, when the tech made me sign in and connect.Desired Settlement: I would like to get CNS to honor what they said. They did not resolve my issue and so I shouldn't have to pay like they said. IF anything, I would like to be charged for they time they did work, 15 minutes and 37 seconds. Not one hour. I have a call log the shows how like I was on the line with them.
We were contacted by [redacted] on Wednesday June 18th regarding an issue he was having with [redacted] compliance. If you are unsure what that is; [redacted] is Payment Card Industry Data Security Standard ([redacted] DSS). It is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. According to the audit [redacted]’s company had failed vulnerability scans on specific ports. [redacted] contacted CNS directly to see if we could assist with the issue. He had contacted his internet service provider, they had told him that they could not help and recommended that he contact an IT company to assist. Our receptionist fielded the call and transferred [redacted] to me to see what we could do to help. Due to the nature of our business we do not generally assist companies that are not under contract with us, we have a limited staff and we want to make sure that they are available for our regular clients. With [redacted] however, we felt sympathetic to his case. We have a lot of experience with [redacted] compliance and I had a Senior Level engineer available the next day to assist. [redacted] and I agreed to a rate of $150/ hour with a one hour minimum. [redacted] sent us all of the information for his systems including his notification of failure on the [redacted] scan as well as his user names and passwords. I scheduled our engineer Fred Hattersley to work with [redacted] the next day at 11am.
Fred contacted [redacted], connected to his PC and then connected to the [redacted] router to review the open ports. While in the router we determined that there was in fact no open ports on the router. Over the next half hour we assessed the client’s infrastructure and came to find that they have a Wireless Access Point that was on the network and open for the public to use (free wifi). We notified [redacted] that we suspect that this appliance was what caused port 8181 open during the compliancy tt
. We suggested that he disconnect this appliance and have the audit re-ran and that this should remediate the issue. Fred closed the case and it went on to our Accounting team to invoice.
When the invoice was generated our accountant called [redacted] to get a credit card for payment. [redacted] did not agree that he should have to pay for the service and was transferred to me. I discussed the issue with [redacted] and let him know that I apologized if he felt that the service he received was not what he was expecting, but we did in fact complete work and assist him with the issue and we had an agreed upon amount for services rendered. [redacted] said that he would not pay the bill. I let [redacted] know that I will not be perusing the bill over the phone, however we will mail him the invoice.
Later that week in a management meeting myself and the other staff were discussing the events that occurred. We decided unanimously that it was an unfortunate situation and it was not worth perusing payment. We wrote of the expense and tried to contact [redacted] by phone on several occasions. We have still yet to hear back from [redacted].
I have attached the invoice to this email that includes the notes from our engineer about the work that was completed. I have also attached a screen shot of the accounting system that shows that this charge was written off. We would really love to be able to contact [redacted] to make sure that he knows we have taken the steps to get this resolved. If you could assist in this process in any way we would really appreciate it!
I have reviewed the response made by the business in reference to my concern, and find that this resolution is satisfactory to me.
As for being contacted, after the first time they tried to get me to pay I was never contacted again except for a bill. It must have been a communication error. It is unfortunate it had come to this, but I'm glad it was resolved so as to that I don't not have to pay for a service that wasn't completed as requested.