has emerged as a significant concern for banks, mobile phone companies and other businesses that use call centers
or business process outsourcing
Theft of personal data has been reported from both US-based and India-based call centers. In one case, one of the alleged criminals has stated that the data he offered for sale was fake. ,
Britain's Financial Service Authority examined standards in India in April 2005 and the Banking Code Standards Board audited eight Indian call centres in 2006, handling more than a million calls per month from the UK.
The BCSB report stated that "Customer data is subject to the same level of security as in the UK. High risk and more complex processes are subject to higher levels of scrutiny than similar activities onshore."
India's NASSCOM has said that they take breach in security extremely seriously and will assist the police in their probe.
There are three identifiable types of illicit activities concerning fraud emanating from call centers:
- 1. Crooks who pretend to be legitimate call centres.
- 2. Hackers who gain access to call centre information through illegal means
- 3. Call centre agents who illegally misuse the information they have access to in call centres.
While items 1 and 2 are mostly subject to police action, call centres can use internal procedures to minimise risk. Such mitigation measures include but are not limited to:
- 1. Creating a paperless environment, preventing employees from writing down and removing information by ensuring that all work processes are done on the computer, without having to record anything on forms or notes.
- 2. Prohibiting the use of cellphones and cameras on the floor.
- 3. Prohibiting paper, pens and digital recording devices from being brought onto the floor.
- 4. Preventing internet access for employees on the floor.
- 5. Limiting functionality and access of personal computers or terminals used by call center agents (for example, disabling USB ports). Companies may also use data loss prevention software to block attempts to download, copy, or transmit sensitive electronic data.