A case of bank fraud involving an India-based outsourcer has rekindled a debate about using overseas contractors for tasks involving sensitive data.
Some say there's little risk, while others warn of serious hazards, including a threat to national sovereignty.
In the incident, former call centre employees of Mphasis are accused of taking part in a theft of $350,000 (£180,000) from US consumers' bank accounts.
In the wake of the theft, some observers have voiced concerns about the security of data being handled by outsourcers in India, including worries about weak procedures for checking employee backgrounds. According to this school of thought, the Mphasis breach could dramatically dent the amount of call centre work shipped to outsourcers operating offshore.
"This was not a lapse of judgment or an issue of poor customer service: The incident was an organised and systematic plot to steal customers' money," John McCarthy, an analyst at Forrester Research, wrote recently. "Forrester believes that this breach, coupled with recent onshore disclosures of sensitive customer data, will have far-reaching negative connotations for the offshore BPO space."
Not everyone shares this view. But even the perception of danger could hurt the market.
A report from rival researcher Gartner played down the security risks but made no bones about the seriousness of the situation. "The entire Indian offshore industry ecosystem — including... the Indian government — must act quickly and decisively to counter the perception that Indian BPO poses a severe security risk," the report says.
BPO refers to farming out tasks such as customer service and transaction processing to a separate company. The work could be done in the UK, or completed in lower-wage countries such as India or Mexico. In addition, some organisations have set up their own operations offshore. Shipping tasks offshore has become a controversial issue for many trade unionists and other workers' advocates.
At the moment, organisations in the US and the UK devote only a small fraction of their budgets for information technology services — including BPO — to low-cost countries. But that share of the budget is expected to grow over time, from 0.9 percent in 2004 to 1.6 percent in two-to-three years.
Talkback
Reading Mr.McCarthy's comment in the last line in the article about companies enforcing the removal of all writing instruments from their offshore BPO/call centre premises, I get a feeling that data/IP security is being discussed in a flimsy/incohesive manner...
Ultimately, the human mind needs to controlled to be assured of utmost security!! eliminating "writing instruments"(beautiful metaphor for a pen/pencil!!) is in no way going to hamper a call centre employee from committing fraud in his job..
Maybe there is a larger issue that needs to be looked at here, individual integrity and working conditions of call centre workers..I do not have first hand experience of what it feels like to attend to phone calls all day, but commonsense tells me that its a damn tough thing to do all day!!
The human factor is the weakest link in all possible fraud detection/prevention measures..Lets work towards addressing this often overlooked but crucial aspect of business process outsourcing!!