A Sunday Times investigation last weekend revealed that IT consultants working across the call centre industry in India are offering up the most sensitive personal details on thousands of UK residents. Worse still, British companies know it is happening but are turning a blind eye for fear of negative publicity. That strategy has now backfired.
A police source quoted in the report says that the illegal sale of data is “out of control” in India, but companies frequently decline to press charges to keep the matter quiet. Data on offer include account details from all the major high street banks, and transaction details apparently collected by UK financial, retail and telecoms brands, among others.
They also include medical records and computer IP addresses. It’s enough to allow criminals to commit multiple kinds of fraud, identity theft, spamming and intimidation, targeting individual consumers by name.
It might seem unfair to tar all Indian phone operators with the same brush but the point is that customers will now be suspicious any time they call a company and the phone is answered with a foreign accent. Whether warranted or not, off shored call centres already have a bad name in terms of customer service.
If, as alleged, British companies are intentionally letting data thefts go unpunished, then customers will be justified in ignoring any assurances those companies want to give. The public simply won’t trust them, because they know the real reason for outsourcing is that the operators are paid less than they would be in the UK.
It also throws into sharp relief just what a valuable selling point UK call centres could be for companies that choose to market themselves that way. It will be interesting to see whether brands such as Churchill and First Direct benefit.
The Information Commissioner’s Office will now investigate the Sunday Times’ accusations. Parliamentary committees could also demand a government review. If nothing else, it should mean companies with offshore operations in India tighten their controls over data in the short term.
But any government or industry-wide action to improve the overall state of call centre security is likely to be slow coming. If you use an outsourced call centre, your customers might not give you that long to make a strategic decision on what is more important – cutting operational costs, or making sure people feel safe doing business with you.
If you don’t get a grip on your data security now, you’ll be watching those customers slip through your fingers.