Monday, October 27, 2008

From Consumerist: Surprise offshoring security isn't a good idea

There's an interesting post at Consumerist about some of the challenges Chase is having with their offshored security people.

It turns out that Chase is offshoring their overnight security representatives to call centers in the Philippines. The security representatives use a restricted set of fraud and identity theft detection tools and just aren't very good at stopping theft. Consider the following excerpt.
The few of us who knew this account was being raped could do nothing to protect it. Some newbie wouldn't know about the situation and would let the thief have his way with the account. The US security department became aware of the issue and put blocks on the account as well as incredibly long notes that explicitly said to not remove the block for any reason at any time. But sure enough, over and over, the guy would call in overnight, talk to the out-sourced security, and the block would be removed. Again, they were only able to verify with him with information that he was already known to have, yet that never seemed to deter them from clearing him.
What a mess. That is very typical of my experience working with offshored people. There is just too big of a communication gap to establish any sort of trust with the offshored teams.

This is really a three punch combo of incompetence. Put unqualified and incapable people in charge of security, take away a bunch of their tools, and have them follow a flawed process. I really hope that the people who are responsible for this vulnerability are made to pay for it.

Who am I kidding? If Chase gets exposed to too much liability they will just fail like so many other banks. What a wonderful mess we've made ourselves.

No comments: