Outsourcers play down security risk

The offshoring industry has attempted to allay fears that the recent security
breach in an Indian call centre, which saw UK customer details offered for sale,
was a ‘rare’ occurrence and could be avoided through good project and data
security management.

Following reports that City of London Police are investigating claims that an
Indian call centre sold information on 1,000 UK bank accounts, observers
suggested that lax security in Indian operations could lead to companies
rethinking plans to outsource business processes and call centres abroad.

But industry experts have described the security breach as ‘rare’. National
Outsourcing Association chairman Martyn Hart suggested that such a breach ‘could
happen anywhere’. ‘You can never outsource the risk, but you can try and
understand it better and mitigate it.’

He said that, within the processes of an offshored operation, businesses must
make sure that the workers can not access all vital customer information from
one place. ‘If the process is done correctly staff shouldn’t be able to get all
the information, or if they do, then the access should show up on audits or

A recent FSA report into offshore operations warned that the high rate
of staff attrition in India was an area of concern. Neil Meddick, a chartered
accountant and director of service desks at Computacenter, agreed that staff
‘churn’ was the biggest issue for FDs to question when thinking about offshoring
business process or customer service operations.

‘FDs have to ask about the length and service of offshore staff, as they can
be a transient workforce. If that is the case then the vendor won’t know their
quality very well. The client should have the opportunity to question who is
manning the desks.’

Meddick also urged FDs or finance staff dealing with an offshore project to
visit the offshore site.

David Poole, VP of business process outsourcing operations at Capgemini, said
that companies building and managing their own offshore operations don’t put as
much effort into data security issues, instead ‘trusting’ their own employees.

‘The perception is that by owning your own call centre or offshore operation,
they’re less risky,’ said Poole. ‘But everyone should take advice regarding data
security measures. Working with “pros” mitigates that risk.’

Some of the world’s largest companies have outsourced business operations to
India. US businesses such as American Express, Citibank, and Merrill Lynch have
offshored, while UK corporates including HSBC, BT, and Prudential are using
Indian operations to deal with customers.

A recent report on offshoring by Datamonitor revealed that one in 24 call
centre agents serving US customers is offshored, and predicted this would rise
to one in 15 by 2008.

Related reading

Life Belt with Computer Folders
HMRC banknotes