Call centre employees more dangerous than phishers

Call centre employees more dangerous than phishers

Summary: Banks are fighting to keep their call centres free from criminals that pose as -- or become -- call centre staff in order to steal customer details.

SHARE:

Banks are fighting to keep their call centres free from criminals that pose as -- or become -- call centre staff in order to steal customer details.

Just two years ago, phishing was the greatest threat to the security of JP Morgan Chase's customers. Today, the company is far more worried about the people manning its call centres.

Staff have been caught stealing customer information using mobile phones, cameras and USB drives, said Iain Johnston, fraud specialist at JP Morgan Chase Asia Pacific.

Speaking at a Financial Times event called Securing the Bank last Thursday in Sydney, he said: "We have found incidences where screenshots have been taken by mobile phone or where people are writing texts at incredible speed under their desks".

He told the conference that the bank has tightened its hiring policies for call centres located in India, the Philippines, Indonesia and Ethiopia but monthly staff intakes of between 200 to 600 recruits makes the task challenging.

While the Indian Government has established a national database of call centre employees to help prevent crime, police corruption in Indonesia makes reporting breaches difficult.

"We had an instance where a staff member had stolen money from the till ... if you want to report that to [the Indonesian] police, you have to pay them US$10,000 to secure an arrest," he said.

Identity theft is the fastest growing type of fraud -- in Australia alone fraud costs AU$6 billion per year, according to Dr Clive Summerfield, deputy director of the University of Canberra's National Centre for Biometric Studies.

"We know from people's behaviour that fraud is likely to be committed by people inside an organisation," he said.

Although staff at offshore call centres are accused of higher rates of criminality, the real problems with offshore call centres is the flow of data across borders and differing privacy legislation, said Dr Summerfield.

"If your identity is ripped off overseas -- whilst local organisations may have back-to-back contracts with outsourcers -- there's a long chain of events to acting on that," Summerfield told ZDNet Australia.

Voice biometrics a solution?
A University of Canberra developed voice-based biometric authentication system may offer a solution, said Summerfield.

"One of the things that it does is to authenticate the caller without the need for a call centre to see your personal information. Because you authenticate the caller within the system, when you get transferred to an operator for a transaction there is no need for them to know your address or date of birth. All that appears on screen is how sure your computer is the account holder is same as person [as the caller]," said Summerfield.

He explained that this kind of authentication means organisations that hold sensitive information are able to retain the authentication process within the customer's country of origin -- therefore resolving the problem of cross-border data flows.

Topics: Security, Malware, Privacy, India, IT Employment

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Quick outsource at any cost

    Just goes to show that IT security is just a buzz word when a bank can save a few dollars. This will always be a problem when you outsource to a country where wages are so low that ID and account theft is very attractive option. Banks accept that this will happen and as long as it is at an acceptable level they don't care. Just hope it does not happen to you
    anonymous