Leader: Call centre security lessons

Cries of 'told you so' are likely to be ringing in the ears of the pro-offshore outsourcing lobby today with news that three Indian call centre workers allegedly stole $350,000 from the accounts of US Citibank customers.

Those on the anti-offshoring side have long been citing concerns about the security of customer data belonging to Western firms who outsource IT and call centre operations to countries such as India, South Africa, the Philippines and others in Eastern Europe.

And they aren't going to be mollified by the response of Indian call centre firm Mphasis, which was the target of today's particular breach. In a statement, the company said it was "quite pleased" that its own detection systems had worked and said the incident actually enhances the reputation and credibility of the entire system.

Certainly, Mphasis' detection systems helped track down the culprits, but it wasn't until Citibank customers found their accounts had been emptied and contacted the bank that the theft was discovered.

It will take more than 'move along, nothing to see here' statements like this to reassure businesses and customers about the security of offshore operations and the breach will undoubtedly lead to more calls for stronger Indian data protection and cybercrime laws.

But at the same time, we need to put this into perspective and ensure this breach is not used as any kind of crude racist attack on the Indian offshoring industry and Indian workers.

Breaches like this have always happened, and still do, at call centres the world over. It's the nature of the beast, where you're dealing with high turnover of often low-paid staff who see it as a dead-end job and yet have access to sensitive and confidential customer details.

Indeed, silicon.com has heard of a call centre operation in Glasgow that was targeted by local criminal gangs who intimidated and threatened workers into handing over confidential customer details.

The lesson here is that organisations cannot afford to be complacent about the security of their customer-facing call centre operations - wherever they are located.

Call centres will always be a potential weak link in the security chain and as such will be targeted by criminals. This means businesses need to have aggressive security, monitoring and auditing processes in place to ensure that when that breach does occur, the first time they hear about it isn't when the customer calls up asking why their bank account has been emptied.