Information security has emerged as a significant concern for banks, mobile phone companies and other businesses that use call centers or business process outsourcing, or BPO. There have been instances of theft of personal data reported from call centers.
Britain's Financial Services Authority examined standards in India in April 2005 and the Banking Code Standards Board audited eight India-based call centres in 2006, handling more than a million calls per month from the UK. the examinations did not extend to Africa-based call centres staffed by workers of Indian origin.
The BCSB report stated that "Customer data is subject to the same level of security as in the UK. High risk and more complex processes are subject to higher levels of scrutiny than similar activities onshore."
India's NASSCOM has said that they take breach in security extremely seriously and will assist the police in their probe.
BPO security Wikipedia
There are three identifiable types of illicit activities concerning fraud emanating from call centers:
- Crooks who pretend to be legitimate call centres.
- Hackers who gain access to call centre information through illegal means
- Call centre agents who illegally misuse the information they have access to in call centres.
- 3rd and 4th party software implementation, allowing for "back-doors" to be entered remotely, sometimes under the "credentials" of security.
While items 1 and 2 are mostly subject to police action, call centres can use internal procedures to minimise risk. Such mitigation measures include but are not limited to:
- Creating a paperless environment, preventing employees from writing down and removing information by ensuring that all work processes are done on the computer, without having to record anything on forms or notes.
- Prohibiting the use of cellphones and cameras on the floor.
- Prohibiting paper, pens and digital recording devices from being brought onto the floor.
- Preventing internet access for employees on the floor.
- Limiting functionality and access of personal computers or terminals used by call center agents (for example, disabling USB ports). Companies may also use data loss prevention software to block attempts to download, copy, or transmit sensitive electronic data.