31Consumerist has published an insider report that gives a disturbing look into the data security threats present when call centers are outsourced.
The insider, a former Chase call center rep, tells the story of a thief able to repeatedly commit credit card fraud by calling an outsourced security department. All he needed to know was a name, Social Security number and a mother’s maiden name.
The Chase call center employee, who worked in the US, flagged the caller as a potential thief. He had called repeatedly trying to sleuth out all the security questions that come up when attempting to access an account. As a result, the Chase employee forwarded the call to security – which had been outsourced to the Philippines.
The US security department had access to LexisNexis to verify more personal information, while the Philippine security department did not. As a result, for weeks the thief would be bumped to security, only to be approved and cleared back to the call center to complete his transactions. Some employees knew enough of the situation to block the transaction, but enough “newbies” did not so that the account holder (the same one each time) was stripped of more than $40,000 over time.
Although the account was repeatedly locked, the thief was able to unlock it with these details over and over again. Why? Because the handbook that the call center went by, the how-to guide that was followed word-for-word, was not set up to deal with this scenario. Although the US security department flagged the account and put on blocks and notes, the outsourced security department would unblock the account. The fraud only ended when the thief was caught.
This is just one example of the issues that arise when security is outsourced. Cultural issues, such as the gender associated with a name, could also come into play. Security is not a cut and dry issue, so many clever thieves are taking advantage of black-and-white security manuals in the hands of outsourced security departments to commit fraud.
Here are some additional stories I was able to dig up on outsourced call centers:
- Security Karma – Outsourced Call Centers + Security = !Sleep
- Paid article – Outsourced or Outsmarted?
- Tech Republic – Outsourcing, good and bad.
- Dark Reading – Hacking the Call Center
Image: milica sekulic