Insecurities over Indian outsourcing

(continued from previous page)

elaborate systems which are constantly reviewed, to ensure and protect client confidentiality."

Among its rules, Tas said, are that cell phones aren't allowed in call centers, given the ability of some of them to take pictures. In addition, between 2 percent and 5 percent of calls are monitored at Mphasis BPO facilities. This is consistent with the norms in the industry, according to the company.

Tas said the alleged fraud is not a sign of security problems specific to shipping call center work overseas. "We believe this is something that can happen anywhere," he said.

But losing control of sensitive data abroad is particularly worrisome, argues Peter Gregory, chief security strategist at consulting firm VantagePoint Security.

"Outsourcing America's corporate business processes to overseas countries not only makes accountability difficult to enforce, but it puts our national sovereignty at risk," Gregory said in a statement. "In this, the Information Age, a country like India could disconnect itself from the Internet and hold America hostage--a provocative action that would be tantamount to an act of war."

In its report earlier this month, Gartner offered a much less grave assessment. The idea that offshore business process outsourcing presents special risks is a "largely incorrect perception," the firm said.

But Gartner and others seem concerned the perception alone could torpedo the industry. In a statement earlier this month, Mphasis appeared to acknowledge the fraud could have a potentially large impact on India's BPO industry.

"We have instituted our own internal inquiry and taken necessary short-term and long-term measures in consultation with Nasscom and the bank concerned, to protect our clients and their customers, and safeguard the security and integrity of the BPO business in India," an Mphasis representative said in the statement.

Some see a silver lining for offshoring in the fraud case. Tas said the response by police in India shows that the system of laws and law enforcement in India "works well, and it works swiftly."

"India is fast becoming the outsourcing capital of the world, and this kind of incident, while unfortunate in itself, when successfully dealt with, highlights and reaffirms the existence of an effective framework of laws and a commitment to enforcing them in India," Nasscom President Kiran Karnik said in a statement.

Nasscom has set up an Indo-U.S. security forum to make its members aware of security and privacy issues when they handle sensitive information from foreign companies. Nasscom also recently launched a security initiative in Pune with local IT companies and police.

That may not be enough to satisfy the public, however. Earlier this month, Sen. Dianne Feinstein, a California Democrat, introduced legislation to ensure that Americans are notified when their most sensitive personal information is part of a data breach that puts them at risk of identity theft.

Politicians in India as well would be wise to act, McCarthy argues. "To bolster its offshore credibility, India will also have to tighten its data protection and privacy laws," he wrote in his report.

He also suggests that companies sending tasks offshore take an active role in managing their remote work, even going so far as to mandate pencil-free offices: "Customers are going to have to implement their own aggressive requirements, such as eliminating writing instruments in their offshore centers."

[sanenazok]

It's happened here in the US

Within the last two months the Chicago Sun Times reported that DMV employees stole confidential information and used it to create new credit cards. This type of theft will happen anywhere proprietary information is found, just because that's where it's accessible. Afterall one robs the bank as that's where the money is.

[bobeld]

Outsourcing

Identity theft is a worldwide problem. Most employees of companies, outsourced or domestic, are honest but there are always a few who will abuse their position for personal gain.
My concern regarding outsourced identity theft would be in the legal remedies available to correct a problem outside of the U.S. Would the government of (place your favorite outsource nation here) have the resources (or the resolve)to follow through on thefts occuring to outsiders (i.e. U.S. citizens)?

[b2bhandshake]

One swallow doesn't make a summer

The expression that comes to mind reading this and other mentions of the incident in the press is ...One swallow doesn't make a summer... And to add to this the issue here is about Credit Card Fraud and not about BPO or Offshoring, though the fact that it happened in an offshored BPO context cannot be ignored&
- Mohan B, Author
<a class="jive-link-external" href="http://www.offshoringmanagement.com" target="_newWindow">http://www.offshoringmanagement.com</a>

[Que.Ball]

Outsourcing to US is dangerous too.

It is interesting to note that the Canadian government is
currently concerned with outsourcing of government services
especially healthcare data to US based business. The reason is
that under the USA patriot act the USA government could
secretly request this data and there is nothing to prevent abuse.

See link for example:
<a class="jive-link-external" href="http://www.nationalreviewofmedicine.com/issue/2004_04_22/" target="_newWindow">http://www.nationalreviewofmedicine.com/issue/2004_04_22/</a>
goverment_medicine01_08.htm

A very similar argument.

[vijaymaurya]

Insecurities arising over self diffidence

The US is paranoid over losing jobs due to their inadequecies. An easy option is to blame the Indian Outsourcing Firms - as if credit card and bank frauds are nonexistent in the US. I feel a more mature method has to evolve out of this exercise and further strenghten the system rather than dig holes.

[doctorsoos]

get real

US paranoid about losing jobs due to inadequecies. Get off your crack pipe pal. It is due to greedy corporations not our skills. You have no idea what you are talking about whatsoever. And you are insulting to those of us in the workforce in the US. Go to india and see if you can get a job (if you are not indian of course). You won't, they don't hire foreigners.

Unbelievable...that's all I can say about your comment. Certainly has no merit whatsoever.

India - the 51st state ?

The basic problem is that right now, other countries, where offshored jobs now reside are NOT accountable, in the same way, workers are in the US - they don't haveUS laws &#38; regulations.

If India, Singapore, China, et al. want to continue to do these jobs, let them be subject to US laws &#38; penalties. Make India the 51st state. Want to bet that, if workers (and companies) in other countries were subject to the same laws, regulations &#38; penalties, the profit margin would start to shrink?

Clearly, there is a saving, hiring people with a lower cost of living, on lower wages. But accountability costs too.

India is digging it's own grave

The negligence from the part of Government of India (GOI) to make laws to guarantee the security of the datas off shored are encouraging data theft by the BPO employees. The latest data theft is <A HREF=" http://timesofindia.indiatimes.com/articleshow/msid-1201198,curpg-1.cms "> reported from Gurgaon </A> , literally sitting under the nose of India's governing machinery. While similar laws (cyber law) have been implemented to prevent <A HREF="#"> child porn </A> being circulated and selling of unauthorized personal details, GOI is still lagging behind many developed countries to adopt a data protection standard. While ranked 7th in the internet penetration list, India still has no unified laws to regulate the Misuse of internet and related technologies