New Delhi: Even as the Indian BPO industry grapples with the pitfalls of a sting operation by British TV channel Channel 4, a Forensic Accounting Services agency claims the industry has been facing "repeated security failures” and “shocking data protection breaches” thanks to three inherent problems.
The main reason behind such incidents is not lack of information security norms, but lack of whistle-blowing policies, Indiaforensic Consultancy Services (ICS) says, adding that the BPO industry has become vulnerable to such practices due to the lack of fraud response plans and ethics training to the employees.
On Thursday night, Channel 4 aired a sting operation showing two Indian middlemen selling personal and confidential financial information of UK citizens they allegedly obtained from Indian call centres.
A study conducted by ICS's founding promoters Mayur Joshi and Pradeep Akkunoor, says there is an urgent need for whistle-blowing policies in the industry.
In a spot-poll conducted by ICS among call centre employees in Pune, over 90 per cent of the respondents said they were not aware of any whistle-blowing policy.
"The focus of information security standards remain at the process and infrastructure levels, and rarely do they deal with the 'people' aspect of security," the ICS study suggests. "The real expertise in drafting whistle-blowing policies, fraud response plan etc rests with anti-fraud professionals like fraud examiners," they say.
With such a massive growth in the industry, incidents of fraud were bound to occur and the industry has been hit by some serious fraud charges in recent years, because of which it has been under the scanner for sometime now.
BPO employees have been accused of selling personal and confidential financial information of UK citizens to those willing to pay a price. There have been instances of employees selling bank account and credit card details of customers and even sharing of personal details like phone numbers etc.
Yet the industry doesn't even have a defition as to what constitutes a fraud. As per the ICS survey, "most call centre employees would treat frauds just like any other complaint."
"Fraud means that social security numbers should not be noted but I have seen many employees noting it; even our boss notes them down sometimes, so to whom we are supposed to report the fraud,” a BPO employee was quoted as saying in the survey.
PAGE_BREAK
ICS also advocates for whistle-blowing policies and training on ethics to the employees in the call centre industry. It says absence of anonymous emails and an ethics hotline are a big handicap and this discourages internal policing and development of certain ethical standards within an organisation.
For instance, ICS cites an instance where a BPO employee had smelt foul-play by one of his colleagues but could not do anything about it. "I have observed a colleague constantly talking on phone in a South Indian Language in a suspicious manner, but I was unable to understand the language and hence did not report it. My bosses would have asked me for explanations,” the ICS study quotes the employee as saying.
In another instance, another BPO employee knew about his colleague's fraudulent designs, but never spoke up. "I have seen a person, who was leaving the job, noting down a list of some credit card numbers and their expiry dates. I knew it was wrong but why create problems for the person who was quitting," he told the ICS surveyors.
As for ethical training, ICS says this is one area the BPO industry should attach some importance to. "Call centres concentrate on training individuals in English language, Voice Modulation and soft-skills. They do not consider training on dealing with complaints on fraudincident important enough - despite the fact that most of the employees are barely out of their teens and ill-equipped to cope with such complaints," the Forensic Accounting Services agency observes.
Comments
0 comment