Financial
institutions must make sure their offshore outsource suppliers are
free of criminal gangs working in them.
The call comes in
the wake of a Sun newspaper investigation that has revealed that
customer details, including bank accounts, passport numbers, mobile
numbers and even medical records, can be bought from poorly paid
Indian call centre workers for small amounts of cash.
The paper reported
that its investigator was able to buy financial details of 1,000
people for only £3 a time.
There are fears that
such freely available details could be used by criminals to clone
credit cards, buy goods over the internet or clear out customers’
bank accounts.
National Outsourcing
Association (NOA) chairman Martyn Hart said, “What the Sun
investigation reveals is that Indian employees are no less errant
than employees in the UK or anywhere else in the world.
“What banks and
offshore companies must do is ensure that they have the right
security procedures in place to defend against fraudulent
employees, and that offshore operations are managed carefully.
“There is always an
element of risk where sensitive data is stored, and companies must
do their utmost to reduce this risk and provide the tightest
security procedures possible."
Donal Casey, a
consultant at Diagonal Security, a division of IT services group
Morse, said, “It’s shocking to see that one individual could get
their hands on such complete, confidential information.
“Quite simply, this
should not be possible. Banks have multiple layers of security, and
they should be tracking and auditing who within both their
organisation and the outsourcer has access to and is using
confidential customer data.
"This should enable
them to spot any suspicious behaviour. It shouldn’t be possible for
one individual to collect this level of detail on thousands of
customers. Something clearly has gone wrong in this instance."