Bobsurplus, not sure if you're trying to cause FUD for your own benefit, but I agree with your concerns about the remote workers and the risk to customers' personal information.  For all we know, CS reps could be using laptops they used to surf shady sites with and these machines could be infected with malware. Could the malware include a keylogger or take screen shots of the company's database and transmit your name, dob, address, bank account # , etc. to an attacker?   By the way, how are identity verifications completed - are they done by these work-at-home CS reps or by an actual risk management/security team, and where copies of your driver's license/passport/proof of address/etc. stored?