Dial in for Details

Recently, the agent for a Noida-based call center was arrested for misusing

information from the customer database. While his fate is to be decided in

court, it raised a critical question–will customer database security prove to

be the Achilles’ Heel for BPO operations in India?

The agent was handling the account of a US-based pay-TV channel and had

access to personal details and credit card numbers of subscribers. During his

tenure, Sony launched an online scheme targeting NRIs–they could order gifts

and get them delivered to relatives in India. The agent used the personal

details of one NRI to order gifts online and then sold them off. Subsequently,

the incident came to light when the subscriber saw his credit card bill and

raised a hue and cry.

By

and large, Indian call centers have taken adequate measures to prevent such

misuse and have brushed aside this incident as a stray case, confident that most

have mechanisms to control such acts. A major deterrent is the destination point

of the goods to be delivered. With most customers of call centers being

US-based, purchases are usually within the country. Remote destinations like

India are enough to trigger careful scrutiny and more caution.

Experts point out two aspects of the issue–one, the inherent security of

the call center’s networks; and two, the security from human failings, which

could be either inadvertent or intentional.

Call centers go to great lengths to ensure security of their networks. Pavan

Vaish, senior V-P at Daksh eServices–"Ensuring the security of customer

databases is sacred for call centers, and one of the areas that receive maximum

attention. All our Fortune 100 and Fortune 500 clients satisfy themselves with

our security arrangements before signing up."

Daksh has sought the help of KPMG to help it with security practices. It

adheres to the British security standard of BS 7799, which seeks strict

compliance by all users. Besides, the company has also installed high-end

firewalls from CheckPoint and Cisco to prevent hacking of its network. The

company also has an encrypted VPN in place and can access software at its

customers’ premises in a secure manner.

The other aspect of security, that arising from human failings, is difficult

to control but not unmanageable. Agents are educated about the criticality of

customer databases during an orientation program, and trained on the need to

treat it with utmost caution. They are also informed about the liabilities

arising out of carelessness in handling customer databases. Raman Roy, the

vice-chairman of Spectramind, says–"There are lots of checks and balances

in the system. We undertake a huge amount of cross-reference while recruiting

agents. Every move of our agents is monitored. With our monitoring, verification

and control mechanism, we are not worried about misuse of information."

Most credible call centers have set up central monitoring systems which check

the movements of agents. Cameras are installed at the workplace to observe agent

behavior. Among other precautionary measures, agents are not allowed to carry a

pen and paper while working. Some call centers have comprehensive liability

insurance in place–protecting them from "human error".

But there are indications that much as companies brush aside any incidents of

misuse of personal information, there are many that do take place. "Most

centers do not have a legal infrastructure in place to address such issues. In

most cases, we are asked to solve cases amicably, out of court. There are many

cases which are hushed up since corporates are wary about bad press," says

Pavan Duggal, advocate and cybercrimes expert. Most operators seem to have got

their act together. The few that don’t would do best to follow suit.

Balaka Baruah Aggarwal/CNS in New Delhi