View Single Post
Old 02-14-2004, 11:17 PM   #14 (permalink)
Astrocloud
Apocalypse Nerd
 
Astrocloud's Avatar
 
Just more food for thought

http://www.internetwk.com/breakingNe...cleID=17603388

Quote:
Overseas Outsourcing Leads To Identity Theft Risks

By Antone Gonsalves



As business process outsourcing to low-wage countries increase, so does the concern over protecting data.

Personal information contained in patient medical records and income tax documents heading to India or Pakistan must be protected against thieves who would use it to fraudulently obtain credit, merchandise and services under someone else's name.

Identity theft is expected to cost consumers, businesses and government organizations $221 billion in losses worldwide in 2003, according to market researcher Aberdeen Group. Worse yet, those losses are escalating at a jaw dropping 300 percent compound annual growth rate, and could reach $2 trillion by the end of 2005.

Call centers comprise a large portion of the business process outsourcing market. By 2007, 5 percent of estimated 4.78 million agent positions worldwide will be located in countries outside a company's home, according to a recent study by analyst firm Datamonitor.

Increasingly, however, companies with facilities overseas are contracting with U.S. hospitals, accounting firms and insurance companies. The services these outsourcers provide include tax preparation, processing of insurance and medical claims and transcribing dictation from doctors relating to all areas of the health-care process, from patient visits to surgical procedures.

Such activities involve sending personal information to foreign countries, which add to the difficulty of guarding against identity theft. After all, most experts agree that security in protecting data is only as strong as the weakest link.

"The weakest point in the chain -- and that can be anything from a human problem, to a data problem, to an encryption problem, to a policy problem, to a customer service problem -- can jeopardize the security of your system," said Benjamin Jun, vice president of Cryptography Research, a San Francisco security consulting firm.

Contractors to the financial, insurance and medical industries insist that their foreign operations are as secure as in the U.S.

"If the processes and systems are identical, then the security should be identical," David Wyle, chief executive of tax preparer SurePrep LLC in Newport Beach, Calif., said.

In general, overseas facilities in countries where cut-rate work enables outsourcers to offer services at half the cost of similar work in the U.S. are often referred to as "paperless environments." This means workers enter the office without any writing materials, or handbags and briefcases that could be used to sneak out documents.

"Basically, they walk in to the office with the clothes on their back, and that's it," Mark Albrecht, chief executive of Xpitax LLC in Braintree, Mass., said. Xpitax contracts with a third party for facilities in Chennai, India.

Computers used within these offices do not have hard drives or the ability to copy information to floppy disks or CDs. There are no printers, and workers often use dual screens, particularly in tax preparation, where they call up the source material on one screen, and fill out the forms on the other. Source material is view-only, and filled-out forms can only be filed into the facilities' central servers, or sometimes to data centers located in the U.S.

Clients usually are provided the software to encrypt and upload their data the contractor's server via file transfer protocol. Information moving between the U.S. and overseas facilities is usually over virtual private networks.

Despite these precautions, which have become commonplace in the industry, problems can occur.

A Pakistani medical transcriber last year threatened University of California, San Francisco, Medical Center with posting patient's medical records online. The home worker was upset over money she claimed was owed to her by a man who was a subcontractor of the subcontractor who worked for Transcription Stat, the Sausalito, Calif., firm hired by the hospital.

UCSF Medical Center, which has a "practice" of not sending transcription work to offshore companies, was unaware that patients' records were going overseas, a spokeswoman said. The Pakistani woman was paid some of what she claimed she was owed and no patient records were compromised.

David Stephens, vice president of sales and marketing for BPO Frontline Inc., Saratoga, Calif., insists that no reputable company with overseas facilities serving the financial and medical industries would use people working out of their houses.

"Once that data reaches someone's home, then they can do virtually anything they want with it," Stephens said. BPO, which provides medical transcription services, insurance claims processing and call centers, has facilities in the Philippines, Jamaica and India.

Nevertheless, Cryptography's Jun says the best protection against misuse of data sent overseas is a clear description of which company in the chain is liable for fraud that occurs in the process.

"If you recognize that a certain portion of the transaction is your responsibility and you're going to be left holding the bag if there's a problem, then you're going to do what you can to minimize that risk," Jun said.

Illegal recording of new films in movie houses is an example of the kind of problems that can occur when there is no liability, Jun said. Theater owners are not held accountable for movies recorded in their businesses, so there's no incentive to spend more money on security to catch people with video recorders in the back of the theater.

Before doing business with an offshore outsourcer, chief information officers should scrutinize processes ensure the outsourcer is able to meet the same quality standards as if the work was done in-house.

In addition, the contractor has to prove it can protect data against unexpected disasters, such as earthquakes, power outages and major computer failures.

Finally, its data protection policies must encompass technology, people and facilities, because security is only as strong as its weakest link.
Astrocloud is offline  
 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360