The Business Process Outsourcing Information


Visitors Insurance to USA 



BPO Home

























































































































BPO Security



Some Security breaches:

    Karan Bahree, an employee of Infinity e-Search sold information on 1,000 accounts and number of passports and credit cards for about £2,750 to an undercover reporter. And this hit the roof and every one talks about lack of Security in Indian BPOS.

   Earlier some ex-Mphasis people were caught playing around with others bank accounts!

   This never happened earlier? This happens as long as people are greedy – either for money or just for the kick of cheating the system.

   In 2005, a laptop containing the names and credit card numbers of about 80,000 employees U.S. Department of Justice was stolen from the Fairfax , Va. , headquarters of Omega World Travel, a travel agency handling the DOJ account. 

   In the same year, the largest U.S. banking security breach in history came to light where 676,000 consumer accounts involving New Jersey residents who were clients at four different banks were attacked.

    Orazio Lembo, 35, has been charged with one count of racketeering and eight counts of disclosing data from a database for his alleged role in the crime ring. The suspects manually built a database of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work.

   The information was then allegedly sold to more than 40 collection agencies and law firms. Lembo used his home as an office for DRL Associates and that he hired the upper level bank employees to access data, including names, account numbers and balances, from the banks.  

    The bank employees worked for Wachovia Corp., Bank of America Corp., Commerce Bancorp Inc. and PNC Bank NA. Lembo, who was also charged with narcotics, forgery and theft counts, faces up to 130 years in prison and $1.47 million in fines

    Microsoft suffered a $400 million loss due to a two-month delay in releasing Windows 2003 due to attacks from viruses 'Nimda' and 'Code Red',

    In the US , thieves hacked into a DSW Shoe Warehouse database and stole card details of 1.4m credit cards.

    UK ’s fraud prevention service, reported 18,900 identity fraud in the first quarter of current year

    BPO companies have to address Security from the aspect of their own information as well as the customers. In no situation the data shall be tampered with.

    Some common information security management standards being adopted are ISO 17999 and BS 7799

    BPO companies need to address many issues as below:


Physical Security

Security personnel shall be deployed in all entry and exit points. No one shall be allowed without proper ID.  Biometric or some advanced technologies may be used to track the employee movement.  Policies must be in place to ensure that any movement of material and people.  Any material movement must be authorized by the concerned person and must able to be tracked. Avoid employees in critical areas from carrying mobile phones, with or without cameras. A facility to attend calls from near and dear may be allowed at a spot away from their work desk.


Privacy is the right of individuals to determine how much data can be shared and to what extent. For a BPO, privacy includes all the data of the client and its’ customers. Hence BPO company has to maintain the confidentiality of data through physical security, Technology, policies etc and shall use this data only for the purposes by its owner. This may include non disclosure of Social security numbers, passport details, bank details, PAN (of Income tax), Health information, financial/loan details etc.


Data protection


Data must be checked when it is received from the customer. Ensure that the data is received intact and not tampered with. Record if there are any flaws or deviations. Once data is received, the onus is on the company to maintain the data integrity. Data should be exchanged over the broadband through the secure server. All entry/exit points are secure and all movement is logged. The customer data is dynamically backed-up and mirrored frequently at different physical locations.


Image capturing devices like scanners or photocopiers may not be allowed in the work spot... Some companies seem to have banned internet access in the entire office, and a few computers may be set up in the cafeteria with internet access.


The computer in the working area may be secure against data duplication. All the computer systems that agents work may not be provided with hard disks or floppy drives.


Web Security

Generally the BPO may not need a web page through public domain for a client. Virtual Private Network between the supplier-customer enables better secure communication. Ensure that any transaction/ communication are logged and tracked.


LAN/WAN Security


Provide a Firewall of repute. Do not compromise. The firewall to be configured to the servers & ports identified with the customer. Intranet server and the data server handling client information shall not be on the same server.

Security against Malicious Programs/ Virus/Worms/Trojans


Strong anti virus procedure shall be implemented. While the virus may or may not steal information, they may corrupt the database or the server itself. Ensure that the servers and client machines are protected properly.

Secure Login and Logout of Resources with tracking

Attendance recording system must be in place. Every employee logs in to their systems. Email system shall take care of all SPAM and open port issues to stop others exploiting your open SMTP ports, if any.



Irrespective of security breaches, every BPO must have a Security policy and ethics policy. Go through Service Level Agreements (SLA) and define the required security policy, if required, a different one for each client.


Almost all the security breaches happen due to the people. Machines are not so intelligent today to originate the fraud. And more often the security breaches are due to the own employee mischief.  Hence have a good screening mechanism while recruiting people. HR is burdened with getting more people on board. We can understand the pressure, but any laxity in checking the credentials of the candidate may become more expensive for the company.


Back ground checking/ credential checking plays a major role in the absence of a common database of the people in the job market. 


If you are interested in providing a secure BPO operations


§         Have a strong security policy and implement with out any concessions and reservations

§         Do not compromise on   quality and integrity of people

§         Do not compromise on  processes

§         Do not compromise on equipment

§         Be ruthless on any violations and strengthen the policy.