Securing intellectual properties in call centers

A recent incident wherein an agent was arrested from a Noida-based call center for misusing information from its customer database has raised an important question. Will customer database security prove to be the sector's Achilles' heel?

The agent was handling the account of a US-based pay-TV channel and had access to the credit card number and other personal details of subscribers. During that time, there was an online scheme by Sony targeted at NRIs to order gifts for relatives in India. The agent used the personal details of one NRI to order gifts online and then sold them off. 

Subsequently, the incident came to light when the subscriber saw his credit card bill and raised a hue and cry. By and large Indian call centers have taken adequate measures to prevent such misuse and have brushed aside this incident as a stray case, confident that most call centers have mechanisms to control such acts. In fact, a major deterrent would be the destination point of goods to be delivered. With most customers of call centers being US-based, purchases are usually within the country.

Remote destinations like India would be enough to ring the alarm bells and apply more caution in the transaction.

Industry experts point out two aspects of the issue: One is the inherent security of the call center's networks and second is the security from human failings, which could be inadvertent or intentional.

Call centers go to inordinate lengths to ensure the inherent security of their networks. Said Pavan Vaish, Sr VP at Daksh, "Ensuring the security of customer's database is very sacred for call centers and is one of the areas that receives maximum attention. All our Fortune 100 and Fortune 500 clients first satisfy themselves with our security arrangements before signing any deal."

Daksh has sought the help of KPMG to help them with their security practices. It adheres to the British security standard of BS 7799, which seeks strict compliance by its users. Besides, the company has also installed very high-end firewalls from CheckPoint and Cisco to prevent hacking into their network. The company also has an encrypted VPN in place so that they can access software from their customer's premise in a secure manner.

The other aspect of security, which could arise from human failings is difficult to control but not unmanageable. Agents are educated during the orientation about the criticality of customer database and the need to treat it with utmost caution. Agents are informed about the liabilities arising out of carelessness in handling customer database. Said Raman Roy, Vice Chairman, Spectramind, "There are lots of checks and balances in the system. We undertake an immense amount of cross-reference when recruiting agents. Each and every movement of our agents at work is monitored. With our monitoring, verification and control mechanism we are not unduly worried about agents misusing information."

Most credible call centers have set up central monitoring systems which monitor the movements of agents at all times. Cameras are installed at the workplace to observe agent behavior. Among other precautionary measures, agents are not allowed to carry pen and paper while working. 

Some call centers also have comprehensive liability insurance in place in order to cover them from any human failings that may occur. One thing is certain. However much this incident is brushed aside by the big guys in the sector as a stray incident, this is not an isolated case. "In fact most centers do not even have a legal infrastructure in place to address such issues. In most cases, we are asked to solve cases amicably outside the court. There are many such cases which are hushed up since corporate are wary about the bad publicity," said Pavan Duggal, Advocate, Supreme Court and a specialist in cyber crime.

At a time when the call center business in the country is touted as the biggest bet the country could have its hands on, it is important to focus on some seemingly minor issues lest it boomerangs on the sector as a whole.

(CNS)