|
|
|
|
The emperor strikes back with BPO
sting
By Indrajit Basu
KOLKATA - It saw revenues of over $6
billion for the fiscal year ending March 2005; it
employs over 350,000 people and it is growing at
over 40% a year. But just weeks after India's
first major financial crime in the outsourcing
business surfaced in May, the country's BPO
(business process outsourcing) industry is reeling
under yet another call center scandal, further
exposing chinks in the security of Indian BPO
companies. The latest scandal, the industry fears,
has provided more ammunition to the
anti-outsourcing movement, especially in the US
and UK, which has used security threats as an
issue to stall outsourcing to the developing
world, particularly India.
While India is
still recovering from the BPO scandal revealed in
early May, caused by a bunch of BPO employees who,
using "social engineering" (sweet talking)
siphoned off more than $426,000 from US-based
customers of Citibank, British tabloid The Sun has
published a report that sent further shivers
across the industry. After a sting operation, The
Sun said a call center worker in Delhi had sold
its reporter confidential information on bank
accounts, credit card details and personal data of
1,000 British customers for a little over
US$4,250.
Headlining the report as "Your
life for sale", the tabloid reported that "in a
shocking investigation, the paper bought from
crooks in Indian call centers" British names,
banking details and passwords of accounts with
leading High Street banks and building societies,
including HSBC, Barclays, (Lloyds) TSB, NatWest,
Abbey, Woolwich, Royal Bank of Scotland and
Nationwide. Sun added that the culprit - Karan
Bahree - who sold the data to its reporter, had
also claimed that he could provide a continuous
supply of such data that can be obtained from
various smaller call centers in India.
But
even as Indian BPO professionals and industry
lobby groups, while condemning the incident, are
trying hard to drive home that fact that such
malpractices are "extremely rare", and that "India
is still small fry in the global BPO fraud game",
there is a looming fear that incidents like these
will seriously undermine the BPO sector's growth.
"The Indian BPO sector is reeling from the impact
of frauds," said Sudhin Apte, country manager of
Forrester, saying the latest instance has "big
ramifications for the entire outsourcing
industry".
According to Forrester, while
this fraud may not impact the "Big 3"- IBM/Daksh,
Accenture, and Hewlett Packard, "it could retard
the growth rates of other Indian BPO companies by
over 30% in the next 15-18 months." Apte said that
as the report percolates into the global media,
there will be a greater pressure from BPO service
seekers to address security issues, which in turn
could have a two-pronged impact: "The first one
would be on the sale process, with deals delayed
by more quality checks, more auditing, and
imposition of more regulations from the buyers'
side," said Apte. "From the sellers' side, like
the IT or BPO companies, it will cause additional
spending on the recruitment process and extra
monitoring protocols." Forrester feels the sales
cycle of Indian outsourcing industry could
lengthen, and the ramping up of businesses would
slow down. "We feel that this incident is bound to
result in additional monitoring of the service
level agreements," said Apte.
Some
industry experts however, are more concerned about
the security flaws in the country's BPO sector.
These frauds have indeed highlighted the fact that
despite achieving high international quality and
security standards, like BS7799 and CMM level five
status, security still remains an issue in the
Indian BPO sector. Mahindra SSG, a local firm
specializing in information security, feels that
even as many Indian BPOs follow international
security processes, few pay enough attention to
security issues regarding people. Mahindra holds
that about 1% of total BPO companies in India have
comprehensive security cover while the rest fail
to notice or monitor the behavioral changes that
occur in employees.
Not everyone, however,
is ready to accept that the industry is in for a
rough patch following these revelations. Ashish
Gupta, chief operating officer of Gurgaon-based
advisory firm Evalueserve, feels that this
incident should be viewed in the context of the
evolution of a relatively immature industry that
has been around for five years at most. "These
things happen in all parts of the world. Instead
of harping over the breach, we need to learn from
it and make sure that our systems and processes,
within companies and from the regulatory point of
view, are adequate," he said.
This could
be an upside to the whole saga. The local BPO
industry is already waking up to the fact that, as
Raman Roy, father of the BPO revolution in India,
puts it: "The industry has to get together to put
in place minimum security standards. Even as large
companies follow security processes, the same may
not be true of smaller firms." Agrees Kiran
Karnik, president of industry lobby NASSCOM
(National Association of Software and Service
Companies): "The real impact of this will be that
BPO outfits in India will now go out of the way to
make sure that stronger deterrents are in place
for employees who may even contemplate such
actions."
Meanwhile, even as the smaller
BPOs ramp up their security covers, they can bask
in the comfort that despite the hoopla that the
Sun report has raised in UK and in India, the
scandals in India are still nothing compared to
that of the global back office services industry.
Recently, for instance, an Economic Times report
said MasterCard warned of a security breach that
potentially exposed more than 40 million credit
cards - of all brands - to fraud. In 2003, a
computer hacker breached the security systems of a
transactions processing firm, accessing more than
5 million MasterCard and Visa accounts in the US.
In May this year, as the Citibank scam hit India,
four US banks sent notice to thousands of
customers informing them that one of its employees
had sold screen shots of individual financial
records for $10 apiece. These were then sold on to
collection agencies for up to $100 per account.
In Britain, too, financial frauds are
equally rampant. CIFAS, the UK's fraud prevention
service, reported that in 2004 there had been a
surge in the number of cases and during the period
1997-2004, the total number of cases increased
from 104,000 to over 346,000, representing an
overall 232% increase. "False identity fraud is
once again the area that has shown the most
significant increase, with a rise of almost 8% -
to 18,900 in the first quarter over the same
quarter last year."
That the latest
scandal may not significantly damage the Indian
BPO sector can be concluded from the statement of
the Financial Services Authority, Britain's
government regulatory body, which said in its May
report after touring Indian call centers and
assessing their security standards: "Data security
standards were actually more rigorous in India
than in British call centers" and that there was
no greater risk to data within India than there
was in the UK.
Indrajit Basu is
a Kolkata-based equity-analyst-turned-journalist
with more than 12 years of experience in
business/finance and technology journalism.
Besides writing for Asia Times Online, he also
writes for US-based publications, as well as IT
companies.
(Copyright 2005 Asia Times
Online Ltd. All rights reserved. Please contact us
for information on sales, syndication and republishing.) |
|
|
|
|
|
|
|
 |
|
|
|
|
|
All material on this
website is copyright and may not be republished in any form without written
permission.
© Copyright 1999 - 2005 Asia Times
Online Ltd.
|
|
Head
Office: Rm 202, Hau Fook Mansion, No. 8 Hau Fook St., Kowloon, Hong
Kong
Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
|
|
|
|
