Insecurities over Indian outsourcing

A case of bank fraud involving an India-based outsourcer has rekindled a debate about using overseas contractors for tasks involving sensitive data.

Some say there's little risk, while others warn of serious hazards, including a threat to America's national sovereignty.

In the incident, former call center employees of Mphasis are accused of taking part in a theft of $350,000 from U.S. consumers' bank accounts.

News.context

What's new:
A case of bank fraud involving an Indian outsourcer has rekindled debate about using overseas contractors for tasks involving sensitive data.

Bottom line:
Some observers warn of serious hazards in shipping data abroad, including a threat to America's national sovereignty. Not everyone agrees, but even the perception of danger could hurt the market.

More stories on this topic

In the wake of the theft, some observers have voiced concerns about the security of data being handled by outsourcers in India, including worries about weak procedures for checking employee backgrounds. According to this school of thought, the Mphasis breach could dramatically dent the amount of call center work shipped to outsourcers operating offshore.

"This was not a lapse of judgment or an issue of poor customer service: The incident was an organized and systematic plot to steal customers' money," John McCarthy, an analyst at Forrester Research, wrote recently. "Forrester believes that this breach, coupled with recent onshore disclosures of sensitive customer data, will have far-reaching negative connotations for the offshore BPO (business process outsourcing) space."

Not everyone shares this view. But even the perception of danger could hurt the market.

A report from rival researcher Gartner played down the security risks but made no bones about the seriousness of the situation. "The entire Indian offshore industry ecosystem--including...the Indian government--must act quickly and decisively to counter the perception that Indian BPO poses a severe security risk," the report said.

Business process outsourcing, or BPO in industry parlance, refers to farming out tasks such as customer service and transaction processing to a separate company. The work could be done in the United States, or completed in lower-wage countries such as India or Mexico. In addition, some organizations have set up their own operations offshore. Shipping tasks offshore has become a controversial issue for U.S. labor advocates.

At the moment, U.S. organizations devote only a small fraction of their budgets for information technology services--including BPO--to low-cost countries, according to a recent Merrill Lynch survey of chief information officers. But that share of the budget is expected to grow over time, from 0.9 percent in 2004 to 1.6 percent in two-to-three years.

According to the Merrill Lynch report, security fears are the main reason CIOs aren't moving IT work offshore faster: The "key inhibitor preventing companies (from using) offshore outsourcing remains data security," the report said.

Earlier this month, news broke that police in India arrested three former Mphasis call center employees who allegedly stole U.S. customers' personal account information and transferred about $350,000 to fake accounts in Pune. Among other people arrested in the case was a

[sanenazok]

It's happened here in the US

Within the last two months the Chicago Sun Times reported that DMV employees stole confidential information and used it to create new credit cards. This type of theft will happen anywhere proprietary information is found, just because that's where it's accessible. Afterall one robs the bank as that's where the money is.

[b2bhandshake]

One swallow doesn't make a summer

The expression that comes to mind reading this and other mentions of the incident in the press is ...One swallow doesn't make a summer... And to add to this the issue here is about Credit Card Fraud and not about BPO or Offshoring, though the fact that it happened in an offshored BPO context cannot be ignored?
- Mohan B, Author
http://www.offshoringmanagement.com

[Que.Ball]

Outsourcing to US is dangerous too.

It is interesting to note that the Canadian government is
currently concerned with outsourcing of government services
especially healthcare data to US based business. The reason is
that under the USA patriot act the USA government could
secretly request this data and there is nothing to prevent abuse.

See link for example:
http://www.nationalreviewofmedicine.com/issue/2004_04_22/
goverment_medicine01_08.htm

A very similar argument.

[vijaymaurya]

Insecurities arising over self diffidence

The US is paranoid over losing jobs due to their inadequecies. An easy option is to blame the Indian Outsourcing Firms - as if credit card and bank frauds are nonexistent in the US. I feel a more mature method has to evolve out of this exercise and further strenghten the system rather than dig holes.

India is digging it's own grave

The negligence from the part of Government of India (GOI) to make laws to guarantee the security of the data?s off shored are encouraging data theft by the BPO employees. The latest data theft is reported from Gurgaon , literally sitting under the nose of India's governing machinery. While similar laws (cyber law) have been implemented to prevent child porn being circulated and selling of unauthorized personal details, GOI is still lagging behind many developed countries to adopt a data protection standard. While ranked 7th in the internet penetration list, India still has no unified laws to regulate the Misuse of internet and related technologies