BPO security
Encyclopedia
Information security has emerged as a significant concern for banks, mobile phone companies and other businesses that use call centers or business process outsourcing
, or BPO. There have been instances of theft of personal data reported from call centers.
Britain's Financial Service Authority examined standards in India in April 2005 and the Banking Code Standards Board audited eight Indian call centres in 2006, handling more than a million calls per month from the UK.
The BCSB report stated that "Customer data is subject to the same level of security as in the UK. High risk and more complex processes are subject to higher levels of scrutiny than similar activities onshore."
India's NASSCOM
has said that they take breach in security extremely seriously and will assist the police in their probe.
While items 1 and 2 are mostly subject to police action, call centres can use internal procedures to minimise risk. Such mitigation measures include but are not limited to:
Business process outsourcing
Business process outsourcing is a subset of outsourcing that involves the contracting of the operations and responsibilities of specific business functions to a third-party service provider. Originally, this was associated with manufacturing firms, such as Coca Cola that outsourced large segments...
, or BPO. There have been instances of theft of personal data reported from call centers.
Britain's Financial Service Authority examined standards in India in April 2005 and the Banking Code Standards Board audited eight Indian call centres in 2006, handling more than a million calls per month from the UK.
The BCSB report stated that "Customer data is subject to the same level of security as in the UK. High risk and more complex processes are subject to higher levels of scrutiny than similar activities onshore."
India's NASSCOM
NASSCOM
The National Association of Software and Services Companies of IT software and services related activities for use of both the software developers as well as interested companies overseas....
has said that they take breach in security extremely seriously and will assist the police in their probe.
Common countermeasures
There are three identifiable types of illicit activities concerning fraud emanating from call centers:- 1. Crooks who pretend to be legitimate call centres.
- 2. Hackers who gain access to call centre information through illegal means
- 3. Call centre agents who illegally misuse the information they have access to in call centres.
While items 1 and 2 are mostly subject to police action, call centres can use internal procedures to minimise risk. Such mitigation measures include but are not limited to:
- 1. Creating a paperless environment, preventing employees from writing down and removing information by ensuring that all work processes are done on the computer, without having to record anything on forms or notes.
- 2. Prohibiting the use of cellphones and cameras on the floor.
- 3. Prohibiting paper, pens and digital recording devices from being brought onto the floor.
- 4. Preventing internet access for employees on the floor.
- 5. Limiting functionality and access of personal computers or terminals used by call center agents (for example, disabling USB ports). Companies may also use data loss prevention software to block attempts to download, copy, or transmit sensitive electronic data.