Why outsource to call centres in India?
May 25, 2017
The Indian Call Centre Industry Rise, Demise, New Beginnings
May 25, 2017
Show all

Security Legalities of the Call Centre Industry

In December 2004, four call centre employees, working at a renowned BPO facility in India, obtained PIN codes from four US customers of one of their most prestigious clients. These individuals were not authorized to obtain these PINs.

Working in collusion with others, these call centre employees opened new accounts at Indian banks using false identities. Within two months, they used the PINs and account information garnered during their employment at the BPO to transfer money from the bank accounts of those customers to the new accounts at Indian banks.

By April 2005, the Indian police had been tipped off to the scam by a US bank, and rapidly identified the entities involved in the scam. Arrests were made when the miscreants attempted to withdraw cash from the falsified accounts. $426,000 was stolen, and the amount recovered was $230,000.

With the rising number of personal data thefts reported from call centres, data privacy and information security relating to outsourcing are the biggest concerns for Indian BPOs today. This is especially true in the case of businesses that have IPRs (Intellectual Property Rights) to protect or banks and other organizations that must maintain the confidentiality of their customer records.

Fraud is an omnipresent problem. Consequently, implementing ethical practices for client confidentiality – addresses, phone numbers, credit card information etc. – is mandatory. This trend is assuming enhanced prominence as higher service quality levels become the norm. In such an environment, robust certification and regulatory compliance can help a BPO company stand out.

It is essential that strong security policies be in place in an ITES-BPO organization. Extensive security policies and proper configuration right from access level control for data to configuring firewalls and IDS systems are imperative. These need to be complemented by regular audit and review mechanisms by the internal IT team as well as by third party auditors. Alternative measures include proper incidence management, and clearly documented and tested escalation plans.

Delving into the specifics, the compliance initiatives of most BPOs essentially include the following:

  • Assessing internal controls
  • Refining business intelligence
  • Managing and optimising financial reporting processes
  • Consolidating information for managing business performance
  • Providing financial models for high-risk operations and programs to manage risk
  • Improving records management and audit trail
  • Review and modification of existing company policies as required
  • Ensuring fraud detection and prevention

Broadly speaking, there are typically three identifiable types of illicit activities concerning fraud emanating from call centers and BPOs:

  • Crooks masquerading as legitimate call centres
  • Hackers attempting to gain access to call centre information through illegal means
  • Call centre agents who illegally misuse the information they have access to in call centres.

While items 1 and 2 are chiefly subject to police action, BPOs can utilize internal procedures to minimize risk. Prevalent mitigation measures include:

  • Creating a paperless environment, preventing employees from writing down and removing information by ensuring that all work processes are done on the computer, without having to record anything on forms or notes
  • Prohibiting paper, pens and digital recording devices from being brought onto the floor
  • Prohibiting the use of cell phones and cameras on the floor
  • Preventing internet access for employees on the floor
  • Limiting functionality and access of personal computers or terminals used by call center agents (for example, disabling USB ports)
  • Employing data loss prevention software to block attempts to download, copy, or transmit any sensitive electronic data
  • Monitoring all facilities through electronic surveillance
    Conducting thorough background employee checks, including scrutiny of school and college records.

Draconian and intrusive as these measures may appear, they reflect the determination of Indian BPO companies to prevent data security and privacy breaches.

Employee safety is another major concern for BPOs, especially in the light of diverse heinous criminal activity directed at female employees, which has been rising to alarming levels of late. The growing use of drugs and alcoholic elements in the BPO industry poses another major challenge, affecting the health as well as the safety of the employees.

Some popular measures taken to ensure employee security include:

  • Retaining trained security personnel around the clock within company premises
  • Pick up and drop to and from doorstep for female employees working late nights
  • Female employees accompanied by a security guard for solitary transportation
  • Maintaining extensive records, including photographs, fingerprints and addresses, of all cab drivers responsible for dropping staff members home
  • Addressing drug and alcohol abuse through counselling and other in-house methods

The reputational risk is enormous, says Anand, manager of corporate intelligence and investigation at United e-Services. Having employees attacked or robbed at gunpoint isnt good; people worry that if you cant protect yourselves, how can you protect others—and their data?With call centers already the focus of security concerns around keeping data safe, the escalating crime rate around BPO employees is a salutary reminder that its also important to keep safe the people who work with that data.

Leave a Reply

Your email address will not be published. Required fields are marked *