News Stay informed about the latest enterprise technology news and product updates.

Indian BPO providers tighten data security

Indian BPO providers working to protect their reputations and customer data have issued workplace security rules tighter than most in the U.S.

BANGALORE, India -- First, there was backlash. Anti-outsourcing sentiments from the West kept Indian BPO companies on the defense, trying to convince the developed world that outsourcing was not a threat to labor forces around the globe. Now many Indian BPO companies have a new issue to face: data security.

A string of security scandals over the past few months has local BPO companies scrambling to patch any potential security gaps and assure customers their data is safe overseas in India. In an effort to protect the country's burgeoning BPO sector, with revenues reaching more than $6 billion in 2005, Indian BPO firms are tightening processes to a point that goes far beyond, in many cases, what most U.S. companies would allow -- including shutting down employee access to personal e-mail accounts.

Take a look inside a typical BPO outfit, "where you will find airport-style frisking at the entrance a routine," said Raghu Iyer, a Bangalore-based call center worker. Agents (BPO workers) are required to surrender everything they carry, like mobile phones, PDAs, pens, notebooks and even tissue papers, which could enable smuggling data.

Access to personal e-mail accounts is not allowed and firewalls block access to any Web site not necessary for work. At the end of the day, workers have to shred notes of conversation with customers, and workers are forbidden from socializing with non-employees during work hours. Visitors are required to seek permission and are required to sign a document of non-disclosure as well. "Above all these measures, with closed-circuit TV cameras watching your every move, the job of a typical BPO worker has never been so suffocating," Iyer added.

For more information

Learn more about security, privacy and CRM

Read one CTO's account of a data security breach

It may be uncomfortable for many workers, but "BPO firms have little choice but to follow more quality checks and more auditing, and impose more regulations that could be demanded by their customers," said Sudhin Apte, country manager of Forrester Research Inc. "The Indian BPO sector is reeling from the impact of a series of recent BPO-related fraud, which has big ramifications for the entire outsourcing industry."

Early April, four former employees of Mphasis, an Indian call center outfit, were arrested for stealing more than $426,000 from the accounts of U.S.-based customers of Citibank. These employees opened 15 fake bank accounts and transferred the money electronically over four months. They also changed e-mail addresses of the account holders to make notifications of the transfers go unnoticed. The Indian police uncovered later that these four employees worked in conduit with other perpetrators, including ex-employees of Mphasis, and 16 people were subsequently arrested.

As business leaders here were attempting to frame the scams as freak incidents, India's BPO sector was hit with two new cases of fraud. After a sting operation last summer, a British tabloid, The Sun, published a report that sent a chill throughout the industry. The Sun said a call center worker in Delhi sold a Sun reporter confidential information on bank accounts, credit card details and personal data of 1,000 British customers for a little over $4,250. Under a headline that read "Your life for sale," the tabloid reported that "in a shocking investigation, the paper bought from crooks in Indian call centers" British names, banking details and passwords of accounts with leading High Street banks.

And in a similar sting operation mid-August, Australian Broadcasting Corp. alleged that employees of a Gurgaon-based call center were illegally selling personal information for $10 per person. The media organization said its undercover journalists were offered names, addresses, telephone numbers, birth details, medical care numbers, driver's license numbers, ATM card numbers and even passport information of 1,000 Australians.

The fear of fraud is real. Forrester Research's Apte fears that incidents like these "could retard the growth rates of other Indian BPO companies by over 30% in the next 15-18 months." But so far, the data thefts have not put a dent in the bottom line of a lucrative market. "The second quarter results for 2005-06 of some leading IT services players, and other mid-tier ones, demonstrate the growing trend of offshore outsourcing as an integral part of the global supply chain of IT and BPO services," said Sunil Mehta, vice president of Nasscom, which acts as a regulatory body for local ITES services companies.

Over the past few months India's IT sector has initiated several radical moves that experts said have "brought in some amount of confidence back in the sector." India has decided to introduce stiffer laws -- though a revamp of the country's Information Technology Act of 2000 -- that will include laws against a new range of computer crimes to cover areas like privacy, information protection and harming computer systems through viruses. And, "in a bid toward sustaining the growth momentum of the ITES sector," Nasscom said it has initiated a "CAT exam of the BPO industry," which is a certification system for BPO employees that will "not only create an industry standard, which will ensure the transformation of a trainable workforce," but will also will protect their employers against frauds and scams. Besides, Nasscom is preparing a database of ITES employees in the country that will detail the background of each for prospective employers.

p>This article originally appeared on

Dig Deeper on Data governance strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.