“London: A leading London daily today claimed that credit card data, along with passport and driving licence numbers, are being stolen from call centres in India and sold to the highest bidder."
“Middlemen are offering bulk packages of tens of thousands of credit card numbers for sale. They even have access to taped telephone conversations in which British customers disclose sensitive security information to call centre staff,” The Sunday Times reported quoting “an investigative” report by Channel 4 to be shown next Thursday."
"Last June, an HSBC employee in Bangalore was arrested after £230,000 was stolen from British customers’ accounts. HSBC said the theft in Bangalore was an isolated incident and the new investigation did not highlight any breaches in its security.”
For me it was only a matter of time before these kinds of stories about the theft of sensitive data in India would break. That, along with the other concerns that I have planned from the start to deal with - (perceptions of) the exploitation of labour, health and safety and a host of other issues that you have to be there and experience in order to understand and prepare to mitigate against.
At almost every meeting since we set up Global Back Office, we discussed issues of security and their answer was always the same – “whilst we are relatively small our systems and processes will give us adequate protection - but if ever we get to the size of some of the big BPO’s, then it will be different and we may have to do things differently”.
The fact is that for the moment we know everyone on our team at a personal level. Most of our team has been with us since we made the mistake of inviting all the new recruits to a bonding breakfast at the local hotel only to realise that most of them would be uncomfortable in such surroundings! Strict vegetarians and meat eaters alike - sons and daughters of Brahmin families who could only eat food prepared by special people in special ways, Hindu’s, Sikhs and Christians. Most of them, at that stage, were glad to have a job and simply expected to be told what precisely was required of them.
That minor disaster was a learning curve and they continue to learn and make small mistakes from time to time despite having the in-house advice of one of the Punjab’s finest families - what else does one say about a matriarch Sikh married to a Muslim who refused, at partition when he wanted to move from India to Pakistan and with it the farm, told the courts – “we are not married, my children are bastards, the land is mine” - and in the same family a paternal grandfather who was one of the first Indians to make Deputy Commissioner under the British Raj!
All of which is my way of making it clear that what I am about to say comes from honest observation by someone who believes absolutely in what they have been doing - and who admires and loves India although from time to time I grow to dislike much of what it is and what it stands for.
You have to realise also that I have demonstrated the capacity for idiocy throughout my life! Although honestly inspired by a desire to be fair and do the right thing, I had trouble in understanding that elsewhere it might be different. In a previous life, having taken over as GM of an office in Riyadh and at my first interview to appoint a Purchasing Director I was the clown who, fed up with conversations about family connections between the interviewee and the owner, asked the candidate, first, about his experience and qualifications in front of an aghast panel and then followed up that significant bit of professionalism by asking what salary the applicant wanted. In the silence that followed - and a pause that seemed endless - the man who was bidding to be Procurement Director for a multinational project replied: “There is a salary also!!?”
So you will understand that when it came to issues of security and corruption I was well prepared – or that was what I thought!
In India, that was a big mistake. It is not that corruption is rife in India, it is that it is so endemic that many people neither recognise it nor think it wrong. Let me elaborate in order to set the context of what I mean. Over dinner, a much venerated and delightful uncle, patriarch of the golf club describes his day. On his way to meet a police chief in order to “arrange” a parking ticket picked up by his driver his car breaks down. No problem, the police chief sent his jeep and driver to collect my uncle and another team to repair the tyre so that they could make their arrangements and no one would be inconvenienced!
Near the lake a young/old woman with baby-on-hip is cooking and selling roasted corn cobs to eke out some sort of a living. The policemen who are patrolling the area reach down and help themselves to a couple of the cobs, their body language challenging her to protest at her peril.
My friend (whose body I later had to drag down from a mountain, but that is another story), who had spent 20 years in California where he now lived, drives through a road block - something he would not dream of doing at home. When stopped later, he finds that the policeman who, recognising from the family name that he knew my friend’s august father, prefers to waive all charges and send him on his way. No money changed hands in any of these transactions but they build up favours and that is the way it works at one level.
It is not actually corruption as it exists elsewhere – it is rather, in some areas and for some people, a culture. Yes corruption makes it possible but in many cases it is about family and being practical and loyal. Our accountant was on record as saying: "If I offer someone something to do a job - it is corruption. BUT if he knows that I am pleased with what he has done and I give him a gift - I am saying 'Thank you'. It is merely being polite!"
The real danger for the West in this context is that the people concerned in the scams so far reported have no real idea of the value of the data they are extracting. Even a well-qualified graduate who aspires to earn $500 per month and who has never had a credit card has no real understanding of what credit data can do or what it might be worth to others. That means that the price is so cheap it becomes a significant threat when exploited by the real operators.
We changed and upgraded the security in our building. In the process we installed sliding glass doors, barriers and made the entrance and stairway look fantastic. Nonetheless, I pointed out that a Security Guard, no matter how smart his uniform and how tight his instructions but paid £80 per month and used to being ordered around, who was unlikely even to want to stop a powerful person stepping imperiously past him, was unlikely to be an effective way of denying entry to visitors who had not been announced.
Our solution to that small problem was effected with the same approach as we tackle all such issues – a combination of process, task breakdown and allocation coupled with on-going training.
It is partly a question of scale. HR and RPO do not face the same degree of sensitivity, or threat, as do those holding banking and credit details. Nor do we run call centres as such and so, because of these two basic but important differences, we face a different threat level. Of course an industry like recruitment (that enjoys about the same levels of respect as is accorded Estate Agents, Politicians and Journalists!) will be the first to wonder about security and the honesty of everyone else, especially potential partners and suppliers. A notable lack of trust is endemic in the industry. Certainly none of us would like to lose (or share with others without knowing it was happening) our candidate or client data bases which would be a “bad thing” but not quite as devastating as giving away the details of Aunt Maud’s offshore bank account or the credit account that Uncle Billy uses to pay that lady in Brighton.
We looked at the way we hold, enter, extract and distribute data, breaking down the various parts of the task into their basic elements so that all our data is held in discrete sections on servers that are located and managed outside India. That allowed us to ensure that only a mass attempt over many hours by everyone in the business would make us vulnerable in any serious way. We then looked at the recruitment task – everything from research to distributing to job boards and on-boarding – and broke those down in a similar way. We examined relationships making sure that everyone was a part of a distinct team so that in a pleasant but effective way everyone not only worked with but also watched over everyone else in their team. Ultimately we set up processes that ensured that every one was watched over by THE CONSULTANT whose word is, of course, Law!
As it happens I am sure that at current levels of operation there is, and has been no threat. We set tests such as discrete shoppers from time to time – but it helps to know that we have answers in place if and when the need arises.
But the problem is not necessarily what is happening or what has happened. It is more difficult to deal with perceptions that are not actually based on anything to do with your business. Thus corruption and data security in a large banking operation are a problem that hits the headlines but our little operation where there is no such risk can get mired in the same puddle.
Nor does it stop at corruption and data security. In the background lie much bigger threats - which one hears little or nothing about. Issues of exploitation raise their head from time to time when someone films little kids working in a garment factory. Bad news for, say Nike, but as I often point out, what would happen if the Board of one of our larger US clients awoke to read about poor workers working in poor conditions, running their outsourced HR or RPO? It would be unthinkably horrible and seriously damaging for everyone.
Health and Safety offers even more potential for total disaster. Again, India really is a different country. We sit under a direct line-of-sight link to a major ground station so bandwidth is good. However we still laugh when we think of the day we finally got our local phone line and two guys with a roll of wire and phone arrived, without tools, to do the installation. Later when one of them was observed on the roof of another part of the campus over the road passing the wire to a colleague who had climbed a tree outside our window …… we had learned something new and the office was thereafter ever to be known, literally, as the branch office!
The building management committee was justly proud of what we achieved with refurbishing our building - but could genuinely not understand my concern that the HKV input for power and comms was a cobbled together junction of huge wires, joined by tape and left open on the wall in a box without doors. Or that without a banister to stop people falling four stories over an unprotected stairwell, there would not be enough money in India to pay the damage claim by a US citizen who chose to throw himself over the edge.
When you try to explain that a visiting client would see that and close down the operation immediately – there is genuine bewilderment and a sense of relief that no one has seen what happens in the main building that is hosting international conferences about centres of excellence.
You must see this in the context of a landmark and recent judgement in India when the clown who ordered all the safety exits locked at a cinema that burnt down was at last held responsible in law. Before that judgment it was felt to be reasonable and normal to lock safety doors some people might have sneaked in without paying. It is all such a long way from our - "someone must be to blame" - culture that it is difficult to comprehend the difference.
afford it. It is, as I said, inevitable that from time to time horror stories will break. Some will be true, some will be true but out of context and others will be nothing more than fabrications – often at the hands of those to whom outsourcing is the new devil. But the issue is this. Businesses in the West – especially those who operate in professional services - cannot just partake of all the many benefits of HR and RPO, they must also take the trouble to inform themselves and understand those issues that they, and their customers, must be protected from. Donald Rumsfeld talked about the unknowns we know and those we don’t know. We in RPO & BPO – providers and customers - don’t need that and cannot afford it.
* * *
|Euronet Search | Career Navigator | First Resource | GBOPS | Chandigarh Gateway|