Orange to investigate security lapses at UK call centres
By Rene Millman,
Mobile phone and broadband provider Orange is investigating claims that poor security practices at its call centres that could expose customers to the threat of identity theft.
An investigation by an undercover reporter for Channel 4 News found at one call centre in North Tyneside, employees with access to sensitive information, such as customer's bank details and dates of birth, were told to share passwords and usernames.
Gary Quinn, a former Orange employee, claimed that when a customer rang up a call centre to pay a bill with a credit card, that customer had no idea that the operator could be logged on "under completely false identification and therefore completely untraceable."
The employee however said that he was unaware of any fraudulent activity taking place at the call centre.
Orange responded to the accusations and said all frontline staff were given unique usernames to access sensitive databases.
"The security of customer information is paramount to Orange. It is Orange policy that no member of staff should log in using any username other than their own," the company said in a statement.
Orange said that last month, a temporary employee told his team leader that he was aware of some members of Orange frontline staff sharing their logins. It said it immediately issued a communication to frontline staff, "reinforcing our policy and then began to thoroughly investigate the claim."
Experts said the report showed businesses that it was important to segment sensitive data from general available content, in order to defend against the theft of intellectual property and identity information.
"Doing so protects both the owners of that data and the users who may be compromised in order to affect a theft," said Alex Raistrick, Northern Europe director at ConSentry Networks.
"There are a number of ways in which this data can be stolen, including a breach of the network perimeter from an external source, through the coercion of an honest member of staff, by stealing a computer belonging to the company and using it for access or theft by a rogue authorised member of the company," he said.
Raistrick added that to defend sensitive information, the most effective approach was to allow only appropriate and authorised users access to the data whilst creating a full usage log, giving a trail of activity if a breach of security is discovered.
"Understanding what machine is connecting to your network, who the user is and what access they require to do their job enables an organisation to segment data without impacting productivity," said Raistrick.
advertisement
Latest Internet Features
Netbooks vs. Smartphones: Making business mobile
What we traditionally think of as a smartphone is changing, as data is overtaking voice in terms of use. However, netbooks are beginning to become more and more pocketable – but which is better for someone who wants an office on the move?
- How to be a successful online fraudster
- Q&A: DNS inventor Paul Mockapetris
- Q&A: Cuil co-founder Tom Costello
- What does Internet Explorer 8 mean for you?
- Blogging for business
- Social networking in business and branding
- Internet search secrets
- Big IT for CERN's particle smashing experiment
- The saga of Scrabulous
Latest Internet Reviews
Fortinet FortiGate-3810A
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with Easynet Connect's Chris Stening
PlayIT PRO spoke to Chris Stening, managing director of Easynet’s SME division, about whether ISPs are giving businesses the service they deserve.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?