Dark side of Indian outsourcing!!!

Last Updated: Thursday, 16 June, 2005, 22:42 GMT 23:42 UK

E-mail this to a friend Printable version

Outsourcing exposes firms to fraud
By Zubair Ahmed
BBC News, Mumbai

Thousands of call centre jobs have sprouted up in India in recent years
The arrest last week of a man in western India in an alleged call-centre fraud case went unreported. This was despite the high-profile reporting on the case in April when 16 others were arrested.

This suited India’s business process outsourcing (BPO) companies, especially Mphasis, whose four employees have been implicated in the case. They are yet to recover from the shock of the alleged fraud of nearly $400,000.

Amid calls for tightening BPO regulations and more effective cyber laws the country’s call centres are busy taking adequate security measures. Another one or two such cases and the industry is doomed, they admit.

Police, who are still investigating the case, believe it was well thought through and very organised.

Investigating officer Sanjay Yadav says the latest arrest just highlights how well-planned and widespread the fraud was.

Backlash fears

Police say some of the 17 people currently languishing in jail opened fake accounts, and allegedly transferred large sums from the bank accounts of four American customers of Citibank whose back office work was being done by Mphasis in Pune near Mumbai.

Fake degrees and documents are a major concern of our clients

Yogesh Bhura, Quest Research

Mr Yadav says they went on a luxurious holiday to Bangkok and kept transferring more money into their fake accounts from the Thai capital.

The industry, fearing a backlash from clients in the West, has started to get its act together.

One of the security steps the BPO centres are taking is the stringent background screening of new employees.

Yogesh Bhura, whose company, Quest Research, undertakes this task, has more than 250 BPO customers.

He has clients all over Asia, but many of his new customers are Indian.

But Mr Bhura’s main challenge remains “educating people of the need to make this critical activity an integral part of their recruitment policy.”

He reveals that 10-25% of applicants to call centres provide false and incorrect information.

“Fake degrees and documents are a major concern of our clients,” he says.

Screening

But verifying an applicant’s criminal background remains the most challenging task for companies such as Mr Bhura’s and he admits it: “It’s a grey area: there’s no central data of criminals, there’s no standardised process of data storage in police stations. It’s a continuous challenge.”

Many believe background screening is not enough. Mr Bhura is quick to add a rider: “It’s a risk mitigation and not a risk elimination activity.”

Mr Singh says IT infrastructure management is inadequate

But one of his clients, Intellinet Global Services, a joint venture between HDFC and Barclays, says background verification is not the only security tool it’s applying.

“We take a lot of precautions,” says Manuel D’Souza, the company’s HR head.

“We don’t allow mobile phones in the office, no e-mail access is provided; pen and papers are not allowed in and all employees are screened when they leave the office.”

But experts say call centres are a young industry in India. It still doesn’t have a comprehensive security management system in place.

Vinod Singh, boss of Bangalore-based security management company Ilantus, is alarmed by the state of affairs the BPO companies are in.

“Our understanding of most of the BPOs that we have been surveying is that they have put the basic IT systems in place, they have put in a lot of money, but the management of IT infrastructure is not up to the mark,” he says.

This is one of the major problems with the $4bn BPO industry, which began to flourish in India just five years ago.

Security hole

According to industry estimates, 80% of BPO companies don’t use integrated security management tools. That probably explains why some current and former employees of Mphasis, which has a security certification from an international trade body, allegedly stole huge sums belonging to its clients in the U.S.

Ilantus surveyed seven call centres in Bangalore and to its horror found that the digital IDs of the former employees still existed, which potentially can be misused.

But Mr D’Souza says most companies would immediately delete the IDs of the employees who are leaving them.

Growth brings in its own pressures. Back office business is one of India’s sunshine industries, growing at 30% annually. The workforce is young, loyalty is low as the young boys and girls move to greener pastures at the first opportunity.

For most of them it’s not a career option, but a good first job out of college. The workforce turnover is as high as 40%. Work from the US and Europe is pouring in thick and fast.

Cyber squad

Industry players admit they know security is the top priority, but they say there is no time to implement all the security measures.

Pune police are providing a safe environment for BPO customers from the West

Sanjay Yadav, Cyber Crime Cell

Mr Bhura says background screening is just one of the security measures: “Internal security control has to be the most important component of the overall security system”.

Mr Singh of Ilantus too cannot guarantee a foolproof internal security system.

“Our system is not 100%, but it dramatically reduces the risks.”

But one can take a lot of satisfaction from the fact that a relatively small city like Pune has a Cyber Crime Cell.

The alleged fraud was committed in Pune-based Mphasis and it was busted by the city’s Cyber Crime Cell.

As Mr Yadav of the Cell says: “We have acted swiftly to bust the fraud and recovered most of the money siphoned off. Pune police are providing a safe environment for BPO customers from the West.”

Till the time the authorities come up with tighter legislations, the Cyber Crime Cells in Indian cities are the best bet.

BBC NEWS | Business | Outsourcing exposes firms to fraud

now banks will think twice to outsource to India. and if there are two three more cases - booom can become bust.
but I can guess the temptation of call centre employees

lets see how it folds.

Re: Dark side of Indian outsourcing!!!

True. Let the other countries aspiring for a piece of the pie learn some lessons.

Did you guys read about the US bank who lost a lot of customer account information because of a screw up by their courier agents in the US? Nothing is foolproof. Make sure you check your accounts frequently

Re: Dark side of Indian outsourcing!!!

hahhahahahah.. yet, Private Equity flows to India are growing like money is going out of style. bachchon, siht like this happens in any country. Doesn't mean banks will not outsource to India.

Re: Dark side of Indian outsourcing!!!

These jerks should be delt with iron hands. Sale desh ka naam badnam karte hai.

Re: Dark side of Indian outsourcing!!!

ok one example., UBS moving back and now hiring heavily in own IT department.
**** like this doesnt much happen in any country but only in third world ones, and when country have data protection laws, bank will also breach this by doing this and anyone in outsourcing commit this crime to leak this info.

anyway this will not have effect immidiately but scams like this in future surely do the harm.

when something is wrong accepting and correcting is much better option.

Re: Dark side of Indian outsourcing!!!

^ UBS is a drop in the bucket. When Citi or Bank of America take their thousands upoon thousands of resources back, then it is an issue. And it will never happen.

UPS just lost retail and institutional info for citibank clients in the US. Every day ID fraud is uncovered due to poor data protection infra in western banking institutions. Indian IP and data protection laws are at par with the best in teh world. You need some lessons on this industry. Laws are there to deter and prosecute, they don't prevent someone frm stealing if they want to. It is not endemic ot the industry.

Re: Dark side of Indian outsourcing!!!

India does have to face up to the inevitable slow down and shrinkage of export oriented IT - whether because of crimes such as this (unlikely) or regional tension (not likely until Musharaf stays) or internal issues.....

However that may not be a too huge an issue as long as sufficient diversification takes place. It is an over populated country - needs some sort of a multi-decade infrastruture program such as Highway, Riverway, etc

Re: Dark side of Indian outsourcing!!!

ok PSD here is another fresh one for you - which i was suspacting about the data protection issue

so its happenning!!

Indian call centre ‘fraud’ probe
Cash machine
Information passed on could have been used to clone credit cards
Police are investigating reports that an Indian call centre worker sold the bank account details of 1,000 UK customers to an undercover reporter.

The Sun claims one of its journalists bought the personal details from an IT worker in Delhi for £4.25 each.

They included account holders’ secret passwords, addresses, phone numbers and passport details, it reports.

City of London Police has begun an investigation after being handed a dossier by the newspaper.

While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare
City of London Police

The centre worker reportedly told the Sun he could sell up to 200,000 account details each month.

Details handed to the reporter had been examined by a security expert who had indicated they were genuine, the paper said.

The information passed on could have been used to raid the accounts of victims or to clone credit cards.

‘Reflect on decision’

More than one bank is thought to be involved in the fraud.

A police spokeswoman said officers were not yet aware of “the breadth of what we are going to be investigating”.

“While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare,” she said.

The Amicus union said it had warned of the “data protection implications” of offshoring financial services.

“Companies that have offshore jobs need to reflect on their decision and the assumption that cost savings benefiting them and their shareholders outweigh consumer confidentiality and confidence,” senior finance officer Dave Fleming said.

Re: Dark side of Indian outsourcing!!!

^ nothing wil happen. Trust me chanda. I have bought and sold more ITO/BPOCompanies than you have months of experience. Do you know the instances of ID theft in the west compared to the Indian call centre environment? 1500% more...now stop getting your chaddis on fire..UK will outsource more and more ot India.

Re: Dark side of Indian outsourcing!!!

well let-me say somethin here.
'm with the call centre industry, since an year or so.

all that is true, but BPO industry is still on a boom in india.

we are doin a UK process, and we follow DPA(data protection act) very strictly and have about 7 huge cleints from UK and Us.

the quality matters, thats the reason india stands tall for BPO

Re: Dark side of Indian outsourcing!!!

Are you trying to say that regardless of trust issues that people will keep outsourcing to India. One or two incidents might not matter but if it becomes widespread than it will have an impact. Only today it was on all the main news channels that employees at these centres have been selling bank details of clients of these banks. If people lose confidence than there will be problem. No harm in admitting there is a problem whether it is a minor or major one.

Re: Dark side of Indian outsourcing!!!

That’s really worrisome for some and good news for others. Bad for the asian countries that were hoping to have more businesses outsourced from Western countries.

Good for the people living in west so they might get back to work.

**Indian call centre ‘fraud’ probe **
Police are investigating reports that the bank account details of 1,000 UK customers, held by Indian call centres, were sold to an undercover reporter.
The Sun claims one of its journalists bought personal details including passwords, addresses and passport data from a Delhi IT worker for £4.25 each.

But, in a BBC interview, the worker named by the paper denied the claims.

India’s top software body said India was a “trustworthy” location and would treat the claims “extremely seriously”.

The National Association of Software and Service Companies said it would work with authorities in the UK and India to ensure criminals were “promptly prosecuted and face the maximum penalty”.

While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare
City of London Police

“The problem is not unique to any single nation - it is one that affects us all - and each of us has a responsibility to take on the criminals,” its statement added.

Meanwhile, India’s information technology and communications minister said the government had nothing to do with the “freak” incident, and would step in only if legally required.

The Sun alleged the computer expert told the reporter he could sell up to 200,000 account details, obtained from fraudulent call centre workers, each month.

Details handed to the reporter had been examined by a security expert who had indicated they were genuine, the paper said.

The information passed on could have been used to raid the accounts of victims or to clone credit cards.

But, in an interview on BBC World Service radio, the worker said he had been asked to make a presentation about his company by someone described as an associate of the Sun’s reporter.

He said the associate then asked him to give a CD to the reporter, but that he did not know what was on the CD and did not receive any payment.

‘Reflect on decision’

Meanwhile, a police spokeswoman said officers were not yet aware of “the breadth of what we are going to be investigating”.

“While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare,” she said.

Lloyds TSB, Barclays and the Woolwich banks said customer security was a top priority and they would be treating the Sun’s allegations seriously.

HSBC said it was investigating the claims but that it was too early to say whether any of its details had been involved.

An Abbey spokesman said: "There is no evidence from the Sun story today that Abbey’s customer data was involved.

Other banks including Halifax, the Royal Bank of Scotland, NatWest and Nationwide said they did not have call centres in India, so were unlikely to be affected.

The Amicus union said it had warned of the “data protection implications” of offshoring financial services.

“Companies that have offshore jobs need to reflect on their decision and the assumption that cost savings benefiting them and their shareholders outweigh consumer confidentiality and confidence,” senior finance officer Dave Fleming said.

The allegations in the Sun follow the April arrests of former call centre staff in western India in April.

They were said to have obtained passwords and then after leaving the company transferred money out of customer accounts.

Story from BBC NEWS:

Re: Dark side of Indian outsourcing!!!

I am certainly not diverting the issue. ID theft and mishandling of info happens not because they are outsourced or inhouse or even offshored It happens because there aren’t enough controls in place. And responsibility of establishing controls happens to fall on the shoulder of the client, as it is their client. Indian companies are responsible for processing-just processing-the transaction, not asuming legal or regulatory risk for doing so. If hte process is not provided with enough controls, then it is the client who bears the liability. This happens with call centers around the world.

Let me tell you how it works, so gain some clarity on what this business is about.

When a company outsources it’s business process, they take the same or tweaked sop’s offshore and ask the vendor to perform the tasks according to how they want it done. for exmple, if someone wants to increase their credit limit on their credit card, they can say my Indian staff does not have the authority and the call will be routed back to their UK facility, or that the Indian staff can authroize an increase of X% etc. They determine the way a process is handled. Rigorous background checks are conducted on employees and the environment that is created is a paperless and internet free environment. Indian call center works do not save the info as they have dummy terminals, have to shred all papers written on during the shift and can only make phone calls outside the building. No call center in America or the UK has such stringent rules, that is the reason outsourcing ever more. If osmeone wants to steal, rob a bank, commit a crime, they will find a way. It is not an industry problem. The Indian industry is far superior in terms of quality and operational controls than the UK or the US.

Nothing adverse is going to happen to the industry. people who outsource know what they are doing.

Re: Dark side of Indian outsourcing!!!

^ Talk about being over sensitive. If you hadn't told me what outsourcing is I would never had known neither would have any one else in the world. so thank you. So stop being patronising. I never said you were diverting from the issue. Now let me tell you something. When you subcontract some of your work you place trust in the hands of your sub contractor. If that subcontractor or his staff than breach that trust thats where the problem comes in. Got it. Now go and read the first post and take off those tinted glasses and you will find not every thing is rosy in the outsourcing world, much as you might think otherwise.

What you have written about outsourcing is simply not true. I was talking recently to a call center in India regarding my bank account as I was making a big payment and they wanted to know that it was my account. They asked me a number of questions which only people who have access to my account would have. So while they can shred it such info is available and they can certainly sell it. As for rigorous background checks, well they were obviously not rigorous enough as the sun reporter found out. Why is it so difficult for you to accept that some people might have done this.

Re: Dark side of Indian outsourcing!!!

No on eis arguing that siht happens ehsan. It is not a death knell for an industry.

Re: Dark side of Indian outsourcing!!!

how is this at all specific to outsourcing? had that call center been in the UK or America, would the operator not have asked you to surrender that exact same information?

Re: Dark side of Indian outsourcing!!!

^ The point is not about surrendering the same info more about that it is available to outsourcing or call centre people and they can use it for personal gain whether they be Indians or western employees.

Re: Dark side of Indian outsourcing!!!

typical case of chaddi on fire...

1 in 1000 call center worker is going to be a crook - in India, in Phoenix or wherever else.

Fact is, the 1000 workers are going to be much more cost effective from India.

SO unless some of you can come up with a foolproof method of 100% employee fidelity in the US (and UK), BPO and outsourced Call enter etc will make sense.

If you need more concrete proof, just look at how much employee fidelity insurance is sold in the US and why ALL corporations buy them

Baseless arguements ho bi kuch limit hona chahiye!

Re: Dark side of Indian outsourcing!!!

^ Typical case of over senstivity. No where have I said that the industry is in danger or that it is the end of economic expansion in India. Get over your insecurities and take criticism where it is due.

Re: Dark side of Indian outsourcing!!!

^ typical case of little understanding of the topic. Get over your inferiority complex regarding India.