European Contact Centre blog: Call centre worker gaoled for data theft

Tuesday, April 15, 2008

Call centre worker gaoled for data theft

An interesting article on Finextra about the recent theft at a Royal Bank of Scotland call centre.

This isn't the first, and certainly won't be the last, example of security breaches from staff. There's been a lot of recent focus on the risks of external attack and how biometrics can help deal with this but the internal threat has been neglected. I've posted on the external attack on Barclays ("Security, Call Centres and Fraud"), when fraudsters stole the identity of their chairman for a credit card application, and there's been some good posts on Finextra (see "Biometrics - what's that all about then?" by Dave Griffiths and "Who's in your Wallet?" by Jarvis Kandik both last month).

In fact, inside threats are perhaps as serious as the risk of external attack. In 2006 HSBC lost £233,000 after it's Indian call centre suffered inside attack (here for the BBC report). Last year the BBC also reported how HSBC and HBoS had been targeted by an organised gang which both penetrated the banks and laundered the proceeds of their crimes.

An internal threat is nothing new - fraud from dishonest employees is something that banks have had to deal with almost from the start of banking. What is new is the level of the threat and its organisation. As an example, Strathclyde Police (who cover the west of Scotland where many call centres are located) believe that organised gangs have infiltrated perhaps one in ten of the call centres there (full report here).

In the end, as I've argued with biometrics, the criminals will be beaten by process, not technology point solutions. If the defences against external attack are strong, then criminals will seek to get on the inside. The correct response is not to strengthen the exterior with biometrics (though I'm not sure biometrics do strengthen it), but instead to make sure that staff are vetted, exceptions or unusual activity is identified and monitored and good management is in place.

Process is not terribly exciting, but it will be the element that determines whether technology defeats criminals or not.

No comments:

Post a Comment

About this blog

The European Contact Centre blog looks at the transition of call centres to contact centres and other major trends that I see in European contact centres.

The blog looks at all main technology vendors (especially Cisco, Avaya and Genesys) and their related partners. As I work for Cisco, obviously IP Telephony and IP Contact Centre are considerable interests of mine but that does not mean that TDM will be ignored. Similarly the offshoring of call centres will undoubtedly be a discussion topic, as will other business trends. As we see the increasing growth of networked based technology (Cisco or otherwise), the contact centre will be an increasingly strategic part of the enterprise.

All opinions in the blog are mine alone and do not represent the opinions of Cisco or any previous employer.

European Contact Centre blog

Tuesday, April 15, 2008

Call centre worker gaoled for data theft

No comments:

Tag it:

Subscribe Now: Feed Icon

Technorati

Top 5 Posts

Cisco diaLog - a great site from my French colleagues

Blog Archive

About Me

Label Cloud

About this blog