Orange to investigate security lapses at UK call centres
By Rene Millman,
Mobile phone and broadband provider Orange is investigating claims that poor security practices at its call centres that could expose customers to the threat of identity theft.
An investigation by an undercover reporter for Channel 4 News found at one call centre in North Tyneside, employees with access to sensitive information, such as customer's bank details and dates of birth, were told to share passwords and usernames.
Gary Quinn, a former Orange employee, claimed that when a customer rang up a call centre to pay a bill with a credit card, that customer had no idea that the operator could be logged on "under completely false identification and therefore completely untraceable."
The employee however said that he was unaware of any fraudulent activity taking place at the call centre.
Orange responded to the accusations and said all frontline staff were given unique usernames to access sensitive databases.
"The security of customer information is paramount to Orange. It is Orange policy that no member of staff should log in using any username other than their own," the company said in a statement.
Orange said that last month, a temporary employee told his team leader that he was aware of some members of Orange frontline staff sharing their logins. It said it immediately issued a communication to frontline staff, "reinforcing our policy and then began to thoroughly investigate the claim."
Experts said the report showed businesses that it was important to segment sensitive data from general available content, in order to defend against the theft of intellectual property and identity information.
"Doing so protects both the owners of that data and the users who may be compromised in order to affect a theft," said Alex Raistrick, Northern Europe director at ConSentry Networks.
"There are a number of ways in which this data can be stolen, including a breach of the network perimeter from an external source, through the coercion of an honest member of staff, by stealing a computer belonging to the company and using it for access or theft by a rogue authorised member of the company," he said.
Raistrick added that to defend sensitive information, the most effective approach was to allow only appropriate and authorised users access to the data whilst creating a full usage log, giving a trail of activity if a breach of security is discovered.
"Understanding what machine is connecting to your network, who the user is and what access they require to do their job enables an organisation to segment data without impacting productivity," said Raistrick.
advertisement
Latest Internet Features
Microsoft: One year under Steve Ballmer
It's been one year since Bill Gates left Microsoft in Steve Ballmer's hands. What kind of year have we seen?
- The top ten UK web brands
- Can Microsoft make a success out of Silverlight?
- A short history of Phorm
- Top of the flops: 10 pieces of tech that died before they’d lived
- Can Google or Microsoft get any bigger?
- Focus on... Flexible working
- 10 big internet names that have fallen
- The history of search engines
- Top 10 mobile Twitter apps
Latest Internet Reviews
Mozilla Firefox 3.5 review
Rating: 
advertisement
Latest News Videos in Internet
Video: How to set up a Smoothwall firewall
PlayWe take you through how to setup your own low-cost firewall system using nothing more than a low spec PC and free software.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?