Try the new FT.com

April 12, 2005 7:54 am

India software industry plans curbs after online scam

  • Share
  • Print
  • Clip
  • Gift Article
  • Comments

Nasscom, India?s software industry lobby, plans to launch a national employee screening programme in an attempt to curb online crime following a recent alleged theft of money from US customers of Citibank.

Sunil Mehta, vice president of Nasscom, told the Financial Times that the programme could be ?up and running in around four weeks? and will be a voluntary registry of employees in India?s business process outsourcing (BPO) sector.

?In India we don?t have social security numbers or unique identification numbers. The [registry] would enable employees to find jobs quickly and efficiently. For employers it gives them an opportunity to recruit the best,? Mr Mehta said.

Around 350,000 Indians work in the BPO sector performing tasks such as credit card and bank account processing, and managing insurance and medical records. There is no?industry-wide system for checking employee backgrounds.?

But as more Indian outsourcing companies compile sensitive information about customers based mainly in the US and the UK, the industry is facing renewed pressure to secure data to prevent fraud or breaches of privacy.

Last week, three employees of a call centre in the south Indian city of Pune were arrested and nine others questioned after allegedly stealing more than $350,000 from Citibank account holders in New York.

The employees worked for Mphasis, a Bangalore-based outsourcing company, which serves Citibank. According to Sanjay Jadhav, assistant police commissioner in Pune, Citibank officials asked him to investigate a suspected ?racket? operating from the call centre.

Mr Jadhav?alleged three Mphasis employees had gained access to customer PINs and bank accounts through ?social engineering? or identity theft. The employees then set up fake bank accounts and transferred that money to local Indian bank accounts.

Mr Jadhav said Pune police monitored the suspects and within 15 days of receiving Citibank?s complaint arrested the employees after one of them attempted to access the funds.?

Nasscom and Mphasis have applauded the police's swift action but conceded that no data security system is "100 per cent fool-proof."

Indeed, the case is the latest in several incidences of cyber crime that threaten to tarnish the reputation of India?s BPO industry.

Nasscom has repeatedly warned its members to be more vigilant of security and data protection, fearing that rising fraud cases could cost millions in lost contracts.

Nasscom?s latest scheme to set up a national registry follows its ongoing attempts to tighten India?s data protection laws. Some of the leading Indian IT companies, such as Infosys, TCS, and Wipro,?voluntarily comply with US and UK data protection laws - for example the British BS 7799 security standard.

But John McCarthy, Asia Pacific vice-president of technology research group Forrester, said Mphasis?s Pune centre was also BS 7799 certified, but the alleged security breach still occurred.

?Forrester expects that the rising attrition rates in the call center space ? 50 per cent to 100 per cent ? undermine suppliers' ability to adhere to processes and sufficiently check backgrounds," Mr McCarthy said in a report.

Copyright The Financial Times Limited 2017. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.

  • Share
  • Print
  • Clip
  • Gift Article
  • Comments

EMAIL BRIEFING

Sign up to #techFT, the FT's daily briefing on tech, media and telecoms.

Sign up now

NEWS BY EMAIL

Sign up for email briefings to stay up to date on topics you are interested in

SHARE THIS QUOTE