TOPIC: Television Program on Call Center Data Theft Prompts Investigation

Original Source: The Register (UK)

A recent television program has prompted the UK's Information Commissioner's Office to launch an investigation into security breaches at Indian call centers that have exposed UK citizens' bank account information. The ICO will look into the practices of the mobile phone companies that have outsourced call centers to India. The ICO has the authority to prevent the companies from sending work outside the country.

[SANS Editor's Note (Pescatore): Will they also investigate the call centers that have *not* been outsourced? There is a lot of jingoism going on - an outsourced call center might be less secure, or it might be more secure, than the original corporate one. Enterprises who make security a top criterion in outsourcing decisions can maintain or increase security. Those who rush to outsource without considering security can drastically reduce security - but those enterprises are also the ones most likely to be doing a bad job at running their own call center securely. ]
[SANS Editor's Note (Schultz): The downsides of "offshoring," especially security-related liabilities, are becoming increasingly evident. I thus predict a reversal in the trend to outsource work to countries where it can be done much more cheaply.]

Personally, I've been complaining about this subject -- long and loud -- for quite a while now. There are several stories of employees from these outsourced call centers in India (and elsewhere) stealing financial data from customers. Since the laws for this type of crime are much more lax in foreign countries, US and UK citizens (who are the groups hit hardest) get little relief from law enforcement authorities in places like India. We ALL need to refuse to deal with outsrouced call centers -- and demand that companies such as Dell, Gateway, Alcatel, HP/Compaq (and many non-tech firms) bring call centers back home!