Recently, the agent for a Noida-based call center was arrested for misusing
information from the customer database. While his fate is to be decided in
court, it raised a critical question–will customer database security prove to
be the Achilles’ Heel for BPO operations in India?
The agent was handling the account of a US-based pay-TV channel and had
access to personal details and credit card numbers of subscribers. During his
tenure, Sony launched an online scheme targeting NRIs–they could order gifts
and get them delivered to relatives in India. The agent used the personal
details of one NRI to order gifts online and then sold them off. Subsequently,
the incident came to light when the subscriber saw his credit card bill and
raised a hue and cry.
By
and large, Indian call centers have taken adequate measures to prevent such
misuse and have brushed aside this incident as a stray case, confident that most
have mechanisms to control such acts. A major deterrent is the destination point
of the goods to be delivered. With most customers of call centers being
US-based, purchases are usually within the country. Remote destinations like
India are enough to trigger careful scrutiny and more caution.
Experts point out two aspects of the issue–one, the inherent security of
the call center’s networks; and two, the security from human failings, which
could be either inadvertent or intentional.
Call centers go to great lengths to ensure security of their networks. Pavan
Vaish, senior V-P at Daksh eServices–"Ensuring the security of customer
databases is sacred for call centers, and one of the areas that receive maximum
attention. All our Fortune 100 and Fortune 500 clients satisfy themselves with
our security arrangements before signing up."
Daksh has sought the help of KPMG to help it with security practices. It
adheres to the British security standard of BS 7799, which seeks strict
compliance by all users. Besides, the company has also installed high-end
firewalls from CheckPoint and Cisco to prevent hacking of its network. The
company also has an encrypted VPN in place and can access software at its
customers’ premises in a secure manner.
The other aspect of security, that arising from human failings, is difficult
to control but not unmanageable. Agents are educated about the criticality of
customer databases during an orientation program, and trained on the need to
treat it with utmost caution. They are also informed about the liabilities
arising out of carelessness in handling customer databases. Raman Roy, the
vice-chairman of Spectramind, says–"There are lots of checks and balances
in the system. We undertake a huge amount of cross-reference while recruiting
agents. Every move of our agents is monitored. With our monitoring, verification
and control mechanism, we are not worried about misuse of information."
Most credible call centers have set up central monitoring systems which check
the movements of agents. Cameras are installed at the workplace to observe agent
behavior. Among other precautionary measures, agents are not allowed to carry a
pen and paper while working. Some call centers have comprehensive liability
insurance in place–protecting them from "human error".
But there are indications that much as companies brush aside any incidents of
misuse of personal information, there are many that do take place. "Most
centers do not have a legal infrastructure in place to address such issues. In
most cases, we are asked to solve cases amicably, out of court. There are many
cases which are hushed up since corporates are wary about bad press," says
Pavan Duggal, advocate and cybercrimes expert. Most operators seem to have got
their act together. The few that don’t would do best to follow suit.
Balaka Baruah Aggarwal/CNS in New Delhi