Offshoring raises customer concerns

Sep 28 2005 by Brian Amble Print This Article

While many customers say they are concerned about banks setting up call centres and processing operations in offshore locations, very few have bothered to find out more about their own bank's position.

Over two-thirds of Britons (67 per cent) told a survey by KPMG that they would be very concerned if they knew that their personal banking details were held in a customer service centre outside the UK and not subject to UK Data Protection laws. A further 28 per cent said they would be 'slightly' concerned.

More than eight out of 10 (83 per cent) said that they would be likely to move their bank account if they found out that their account details had been compromised or that other customers had lost money as the result of a fraud carried out by an employee of a third party company.

But despite their avowals of concern, very few customers have actually found out whether or to what extent their bank or credit card provider outsourced any operations.

Over three quarters (77 per cent) of respondents admitted that they had 'no idea'.

And when asked whether they were aware of the steps their bank or credit card provider took to protect their personal information or money from misuse or theft, a mere one in five said that they were.

The survey suggested that 3 per cent of us have lost money from our bank account as the result of a fraud in the last five years, and 4 per cent from credit cards. But 93 per cent of have not experienced any fraud.

"Many UK customers seem confused in their attitude towards the offshoring of banking," Karen Briggs, Head of Regulatory Services at KPMG Forensic, said.

"On the one hand, there are clear concerns around the concept of overseas call and data centres, and their perceived vulnerability to data breaches – and there have already been widely-publicised instances of the selling-on of customer data. On the other hand, these concerns are not leading customers to actually find out more or do anything about it.

"Are their concerns simply a knee-jerk reaction then, or are they deep-rooted? The crunch is likely to come if and when there is a breach of their account details and a fraud is committed. That is when the evidence shows that customers are very likely to defect.

When asked for their top fraud concerns, customers most commonly listed 'cloning' over the internet, 'cloning' face to face (when swiping their card), and identity theft by stealing documents from the post or bin.

According to Karen Briggs, most of these concerns have already been met by the introduction of Chip and PIN technology. But as a result, the focus of many fraudsters has shifted to getting hold of large amounts of customer information in one quick hit – and the target for getting hold of these can often be by compromising call centres.

"That is why it is so critical that banks keep on reviewing and monitoring security arrangements at all their sites, UK or overseas," she added.

"There can be no let up, as fraudsters' use of technology is developing all the time. The benefits to banks of getting this right will be considerable – not least because responsibility for customer data security cannot be outsourced, and the regulator is likely to come down hard on those firms whose controls are seen to be weak."

Older Comments

Not only do UK banks offshoring to India remain subject to the UK's Data Protection Act, but in India we have also implemented a range of additional tough security measures. Outside experts who have visited Indian customer service centres tell us that we have some of the best security measures that they have seen.

The fact that the Indian offshoring sector takes security and data protection issues so very seriously is a major reason behind the sector's growth.

Sunil Mehta, Vive-President of NASSCOM, the trade body for the India-based IT & BPO sector India

The solution can't be seen only in terms of 'security measures'. The law should also prohibit the possibility of useage of stolen data. The same problem exists in case of technology theft. We can't only secure the access to databases but we also need to control the market in terms of data and technology spread (illegal transfer). Such trend is still much more visible in European countries then in Asian states.

Łukasz Figarski Warsaw