• On GameSpot: Wii Fit tells 10-year-old she's fat

April 26, 2005 12:00 PM PDT

Insecurities over Indian outsourcing

A case of bank fraud involving an India-based outsourcer has rekindled a debate about using overseas contractors for tasks involving sensitive data.

Some say there's little risk, while others warn of serious hazards, including a threat to America's national sovereignty.

In the incident, former call center employees of Mphasis are accused of taking part in a theft of $350,000 from U.S. consumers' bank accounts.

News.context

What's new:
A case of bank fraud involving an Indian outsourcer has rekindled debate about using overseas contractors for tasks involving sensitive data.

Bottom line:
Some observers warn of serious hazards in shipping data abroad, including a threat to America's national sovereignty. Not everyone agrees, but even the perception of danger could hurt the market.

More stories on this topic

In the wake of the theft, some observers have voiced concerns about the security of data being handled by outsourcers in India, including worries about weak procedures for checking employee backgrounds. According to this school of thought, the Mphasis breach could dramatically dent the amount of call center work shipped to outsourcers operating offshore.

"This was not a lapse of judgment or an issue of poor customer service: The incident was an organized and systematic plot to steal customers' money," John McCarthy, an analyst at Forrester Research, wrote recently. "Forrester believes that this breach, coupled with recent onshore disclosures of sensitive customer data, will have far-reaching negative connotations for the offshore BPO (business process outsourcing) space."

Not everyone shares this view. But even the perception of danger could hurt the market.

A report from rival researcher Gartner played down the security risks but made no bones about the seriousness of the situation. "The entire Indian offshore industry ecosystem--including...the Indian government--must act quickly and decisively to counter the perception that Indian BPO poses a severe security risk," the report said.

Business process outsourcing, or BPO in industry parlance, refers to farming out tasks such as customer service and transaction processing to a separate company. The work could be done in the United States, or completed in lower-wage countries such as India or Mexico. In addition, some organizations have set up their own operations offshore. Shipping tasks offshore has become a controversial issue for U.S. labor advocates.

At the moment, U.S. organizations devote only a small fraction of their budgets for information technology services--including BPO--to low-cost countries, according to a recent Merrill Lynch survey of chief information officers. But that share of the budget is expected to grow over time, from 0.9 percent in 2004 to 1.6 percent in two-to-three years.

According to the Merrill Lynch report, security fears are the main reason CIOs aren't moving IT work offshore faster: The "key inhibitor preventing companies (from using) offshore outsourcing remains data security," the report said.

Earlier this month, news broke that police in India arrested three former Mphasis call center employees who allegedly stole U.S. customers' personal account information and transferred about $350,000 to fake accounts in Pune. Among other people arrested in the case was a

CONTINUED: ...
Page 1 | 2 | 3

See more CNET content tagged:
Mphasis BFL Ltd., BPO, outsourcing company, call-center, offshore

Add a Comment (Log in or register) 8 comments
It's happened here in the US
by sanenazok April 26, 2005 5:25 PM PDT
Within the last two months the Chicago Sun Times reported that DMV employees stole confidential information and used it to create new credit cards. This type of theft will happen anywhere proprietary information is found, just because that's where it's accessible. Afterall one robs the bank as that's where the money is.
Reply to this comment View reply
One swallow doesn't make a summer
by b2bhandshake April 26, 2005 8:27 PM PDT
The expression that comes to mind reading this and other mentions of the incident in the press is ...One swallow doesn't make a summer... And to add to this the issue here is about Credit Card Fraud and not about BPO or Offshoring, though the fact that it happened in an offshored BPO context cannot be ignored?
- Mohan B, Author
http://www.offshoringmanagement.com
Reply to this comment
Outsourcing to US is dangerous too.
by Que.Ball April 27, 2005 12:41 AM PDT
It is interesting to note that the Canadian government is
currently concerned with outsourcing of government services
especially healthcare data to US based business. The reason is
that under the USA patriot act the USA government could
secretly request this data and there is nothing to prevent abuse.

See link for example:
http://www.nationalreviewofmedicine.com/issue/2004_04_22/
goverment_medicine01_08.htm

A very similar argument.
Reply to this comment
Insecurities arising over self diffidence
by vijaymaurya April 27, 2005 3:11 AM PDT
The US is paranoid over losing jobs due to their inadequecies. An easy option is to blame the Indian Outsourcing Firms - as if credit card and bank frauds are nonexistent in the US. I feel a more mature method has to evolve out of this exercise and further strenghten the system rather than dig holes.
Reply to this comment View all 2 replies
India is digging it's own grave
by August 16, 2005 6:46 AM PDT
The negligence from the part of Government of India (GOI) to make laws to guarantee the security of the data?s off shored are encouraging data theft by the BPO employees. The latest data theft is reported from Gurgaon , literally sitting under the nose of India's governing machinery. While similar laws (cyber law) have been implemented to prevent child porn being circulated and selling of unauthorized personal details, GOI is still lagging behind many developed countries to adopt a data protection standard. While ranked 7th in the internet penetration list, India still has no unified laws to regulate the Misuse of internet and related technologies
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right