This post is not to be confused with my position on devolution (which I completely support, thank you for asking).
We have had our gas and electricity supplied by Scottish Power for some years. About 4-ish months ago we came to the end of our tariff. so I fannyed about (or is it fannied about?), got some quotes, and Scottish Power came back with the offer of a whole new tariff which fixed our combined energy payments at just over £120/month. Marvellous.
Fast forward 4-ish months to where we have just set up a new joint bank account, from where we can collectively administer all household expenses. Previously we’ve been paying household bills out of our respective joint accounts.
Wanting to switch our energy payments over, I spoke to Scottish Power, cancelled the standing order from my account and set up a new SO from the lovely new joint account.
A couple of days ago I got an email from Scottish Power saying that they couldn’t collect the payment (from the old account) so they were changing the payment method from standing order to full bill payment. They will now issue us with a monthly bill and we have to pay the full outstanding amount each month. Given that our account balance with Scottish Power is currently £180 in credit, we’re completely unbothered by this. But I was perplexed and felt needful of an explanation.
I rang Scottish Power and spoke to a nice young lady who said we weren’t allowed to change standing orders on an existing energy tariff. But if we wanted to go down the new standing order route, instead of the full monthly payment route, she’d get a quote for us. Being curious I asked her to go ahead.
You can imagine how shivered my timbers were when she came back with a quote of over £320/month. That’s some increase! And all for the convenience of wanting to pay our energy bill on a monthly standing order?
I hastily declined the new tariff. We’ll just continue bumping along at £120/month (or, very likely, much less than that now!) until our current tariff expires, and then I’ll do the dance of energy suppliers all over again.
But I can’t help feeling that Scottish Energy haven’t thought their position on this all the way through.
However, my Scottish Energy saga has only reached the halfway point here. What follows is quite shocking (pun not intended).
Once the nice young lady and I had done with standing orders and tariffs, she moved the conversation on to the topic of Smart Meters. When would I like one fitted?
I told her never. She asked why. I explained that Smart Meters are inherently insecure. That none of the S4 security protocols for smart devices have been incorporated into the British designs. I told the young lady that there is an inherent design flaw in that once connected to the AMI any Smart Meter has a downrange security loophole as the AMI provides a feature-rich access point for hackers and other malicious actors. I explained that as smart meters transmit data 24/7, they essentially leave an all-day window open for attack either through the AMI and indirectly through database weakness, or through API weaknesses. I also told her that even the UK Government’s National Cyber Security Centre (an arm of GCHQ) will not certify that Smart Meters are 100% secure.
The nice young lady came back at me saying that I would have to have a Smart Meter eventually as they were mandatory. That was the word she used. Mandatory.
I explained that was untrue. She was adamant that mandatory take-up of Smart Meter was a fact.
Now I have no issue with the nice young lady. But I do have an issue with people in Scottish Power who have briefed her because the mandatory take-up of Smart Meters is a complete lie of Johnsonian proportions.
This is the second time that a member of staff at Scottish Power has attempted to force a Smart Meter on me by uttering this lie. It’s obviously this is how the staff have been briefed, back at Scottish Power HQ. And it’s how their customer contact scripts have been written.
The truth is that the security design for Smart Meters has been arrived at through the lowest-cost model of securitisation, rather than either the highest-cost model or median-cost model. This means that Smart Metering has been designed to accept points of failure, rather than having points of failure designed out of the solution.
The reason for this approach? Because designing a secure system based on the highest-cost/least acceptable point of failure model would be too expensive for the energy companies. It’s all about saving the energy companies money which, given that this is their data, and it is their systems that are most at risk, is the biggest piece of data security lunacy ever adopted.
But all this really proves is that energy companies haven’t correctly evaluated the risk to their own systems, and have made security decisions based on design and implementation cost, not on functionality. Bloody lunatics!
Scottish Power sound wonderful… you try getting British Gas to understand and solve a problem as simple as paperless billing. I gave up after three months of trying.
I ain’t so well versed in this as wot you are, but I know that the smart meters that we fit are pretty secure, as the Pen Test people were able to break in and read one of our meters, eventually, but that was only after they had taken it apart in the lab and physically connected a sniffer to it… they never managed to access it over the secure wireless connection. Even then, the only data they got was the meter serial number and how many units had been used, because that is all that is transmitted.
Ah, we’ve never tried the British Gas route. Generally, I find Scottish Power easy to get hold of and a pleasure to speak to. I suppose that’s at least half the battle these days.
Paperless, I hear you say. I’ve been getting my credit card bill by email since — checks emails — June 2020. This month I received a personally addressed letter… in an envelope… in the letter box… stating that from such and such date there would be a surcharge to receive paper bills, and I could — don’t you know — elect to receive them via email instead. Errrr.
Banks and credit card companies have largely been paperless in these parts for ages. I had to check, the last bank statement I received in the post was 14 years ago. Utilities companies though… Well.