Security Loopholes Worry Call Centers  

A recent incident wherein an agent was arrested from a Noida-based call
center for misusing information from its customer database has raised an
important question. Will customer database security prove to be the sector's
Achilles' heel?

The agent was handling the account of a US-based pay-TV channel and had
access to the credit card number and other personal details of subscribers.
During that time, there was an online scheme by Sony targeted at NRIs to order
gifts for relatives in India. The agent used the personal details of one NRI to
order gifts online and then sold them off. Subsequently, the incident came to
light when the subscriber saw his credit card bill and raised a hue and cry.

By and large Indian call centers have taken adequate measures to prevent such
misuse and have brushed aside this incident as a stray case, confident that most
call centers have mechanisms to control such acts. In fact, a major deterrent
would be the destination point of goods to be delivered. With most customers of
call centers being US-based, purchases are usually within the country. Remote
destinations like India would be enough to ring the alarm bells and apply more
caution in the transaction. Industry experts point out two aspects of the issue:
One is the inherent security of the call center's networks and second is the
security from human failings, which could be inadvertent or intentional. Call
centers go to inordinate lengths to ensure the inherent security of their
networks. Said Pavan Vaish, Sr VP at Daksh, "Ensuring the security of
customer's database is very sacred for call centers and is one of the areas that
receives maximum attention. All our Fortune 100 and Fortune 500 clients first
satisfy themselves with our security arrangements before signing any deal."
Daksh has sought the help of KPMG to help them with their security practices. It
adheres to the British security standard of BS 7799, which seeks strict
compliance by its users. Besides, the company has also installed very high-end
firewalls from CheckPoint and Cisco to prevent hacking into their network. The
company also has an encrypted VPN in place so that they can access software from
their customer's premise in a secure manner.

The other aspect of security, which could arise from human failings is
difficult to control but not unmanageable. Agents are educated during the
orientation about the criticality of customer database and the need to treat it
with utmost caution. Agents are informed about the liabilities arising out of
carelessness in handling customer database. Said Raman Roy, Vice Chairman of
Spectramind, "There are lots of checks and balances in the system. We
undertake an immense amount of cross-reference when recruiting agents. Each and
every movement of our agents at work is monitored. With our monitoring,
verification and control mechanism we are not unduly worried about agents
misusing information." Most credible call centers have set up central
monitoring systems which monitor the movements of agents at all times. Cameras
are installed at the workplace to observe agent behavior. Among other
precautionary measures, agents are not allowed to carry pen and paper while
working.  Some call centers also have comprehensive liability insurance in
place in order to cover them from any human failings that may occur.  One
thing is certain. However much this incident is brushed aside by the big guys in
the sector as a stray incident, this is not an isolated case. "In fact most
centers do not even have a legal infrastructure in place to address such issues.
In most cases, we are asked to solve cases amicably outside the court. There are
many such cases which are hushed up since corporate are wary about the bad
publicity," said Pavan Duggal, Advocate, Supreme Court and a specialist in
cyber crime. At a time when the call center business in the country is touted as
the biggest bet the country could have its hands on, it is important to focus on
some seemingly minor issues lest it boomerangs on the sector as a whole.

(CNS)