Insecurities over Indian outsourcing

By Ed Frauenheim
Staff Writer, CNET News.com Published: April 26, 2005 12:00 PM PDT

Tools

Related Stories: LexisNexis flap draws outcry from Congress
April 12, 2005; Indian police make arrests in outsourcing fraud
April 8, 2005; LexisNexis break-in spurs more calls for reform
March 9, 2005; Clearing up the confusion over outsourcing
August 9, 2004; Tech professionals group wary of offshoring
March 18, 2004; IT firms expand from PCs to payroll
January 14, 2003

A case of bank fraud involving an India-based outsourcer has rekindled a debate about using overseas contractors for tasks involving sensitive data.

Some say there's little risk, while others warn of serious hazards, including a threat to America's national sovereignty.

In the incident, former call center employees of Mphasis are accused of taking part in a theft of $350,000 from U.S. consumers' bank accounts.

News.context

What's new:
A case of bank fraud involving an Indian outsourcer has rekindled debate about using overseas contractors for tasks involving sensitive data.

Bottom line:
Some observers warn of serious hazards in shipping data abroad, including a threat to America's national sovereignty. Not everyone agrees, but even the perception of danger could hurt the market.

More stories on this topic

In the wake of the theft, some observers have voiced concerns about the security of data being handled by outsourcers in India, including worries about weak procedures for checking employee backgrounds. According to this school of thought, the Mphasis breach could dramatically dent the amount of call center work shipped to outsourcers operating offshore.

"This was not a lapse of judgment or an issue of poor customer service: The incident was an organized and systematic plot to steal customers' money," John McCarthy, an analyst at Forrester Research, wrote recently. "Forrester believes that this breach, coupled with recent onshore disclosures of sensitive customer data, will have far-reaching negative connotations for the offshore BPO (business process outsourcing) space."

Not everyone shares this view. But even the perception of danger could hurt the market.

A report from rival researcher Gartner played down the security risks but made no bones about the seriousness of the situation. "The entire Indian offshore industry ecosystem--including...the Indian government--must act quickly and decisively to counter the perception that Indian BPO poses a severe security risk," the report said.

Business process outsourcing, or BPO in industry parlance, refers to farming out tasks such as customer service and transaction processing to a separate company. The work could be done in the United States, or completed in lower-wage countries such as India or Mexico. In addition, some organizations have set up their own operations offshore. Shipping tasks offshore has become a controversial issue for U.S. labor advocates.

At the moment, U.S. organizations devote only a small fraction of their budgets for information technology services--including BPO--to low-cost countries, according to a recent Merrill Lynch survey of chief information officers. But that share of the budget is expected to grow over time, from 0.9 percent in 2004 to 1.6 percent in two-to-three years.

According to the Merrill Lynch report, security fears are the main reason CIOs aren't moving IT work offshore faster: The "key inhibitor preventing companies (from using) offshore outsourcing remains data security," the report said.

Earlier this month, news broke that police in India arrested three former Mphasis call center employees who allegedly stole U.S. customers' personal account information and transferred about $350,000 to fake accounts in Pune. Among other people arrested in the case was a

CONTINUED: ...
Page 1 | 2 | 3

More from News.com on this story's topics: Asia
Create an email alert | RSS feed; Government
Create an email alert | RSS feed; IT outsourcing
Create an email alert | RSS feed; Data security
Create an email alert | RSS feed; Outsourcing
Create an email alert | RSS feed; Operations
Create an email alert | RSS feed; Offshoring
Create an email alert | RSS feed

See more CNET content tagged:
Mphasis BFL Ltd., BPO, outsourcing company, call-center, offshore

Add a Comment (Log in or register) 8 comments (Page 1 of 1)

It's happened here in the US
by sanenazok April 26, 2005 5:25 PM PDT: Within the last two months the Chicago Sun Times reported that DMV employees stole confidential information and used it to create new credit cards. This type of theft will happen anywhere proprietary information is found, just because that's where it's accessible. Afterall one robs the bank as that's where the money is.; Reply to this comment View reply
Processing

One swallow doesn't make a summer
by b2bhandshake April 26, 2005 8:27 PM PDT: The expression that comes to mind reading this and other mentions of the incident in the press is ...One swallow doesn't make a summer... And to add to this the issue here is about Credit Card Fraud and not about BPO or Offshoring, though the fact that it happened in an offshored BPO context cannot be ignored?
- Mohan B, Author
http://www.offshoringmanagement.com; Reply to this comment

Outsourcing to US is dangerous too.
by Que.Ball April 27, 2005 12:41 AM PDT: It is interesting to note that the Canadian government is
currently concerned with outsourcing of government services
especially healthcare data to US based business. The reason is
that under the USA patriot act the USA government could
secretly request this data and there is nothing to prevent abuse.

See link for example:
http://www.nationalreviewofmedicine.com/issue/2004_04_22/
goverment_medicine01_08.htm

A very similar argument.; Reply to this comment

Insecurities arising over self diffidence
by vijaymaurya April 27, 2005 3:11 AM PDT: The US is paranoid over losing jobs due to their inadequecies. An easy option is to blame the Indian Outsourcing Firms - as if credit card and bank frauds are nonexistent in the US. I feel a more mature method has to evolve out of this exercise and further strenghten the system rather than dig holes.; Reply to this comment View all 2 replies
Processing

India is digging it's own grave
by August 16, 2005 6:46 AM PDT: The negligence from the part of Government of India (GOI) to make laws to guarantee the security of the data?s off shored are encouraging data theft by the BPO employees. The latest data theft is reported from Gurgaon , literally sitting under the nose of India's governing machinery. While similar laws (cyber law) have been implemented to prevent child porn being circulated and selling of unauthorized personal details, GOI is still lagging behind many developed countries to adopt a data protection standard. While ranked 7th in the internet penetration list, India still has no unified laws to regulate the Misuse of internet and related technologies; Reply to this comment