| What is the nature of threat? | | | | different from sending data to what were once |
| Recent survey by KPMG says that there is a | | | | called service bureaus or what we now call |
| digression in the Industry nature which is facing | | | | application service providers. It's been done for |
| security threats .Some four years back it was | | | | years and the onus has always been on the |
| the IT outsourcing industry and retail industry | | | | financial services firm to make sure it does its |
| which were most prone to data theft. But now | | | | due diligence before choosing a partner. The |
| the nature has changed. Most of the frauds | | | | security threats, these vendors face abroad are |
| uncovered recently have been faced by | | | | the same threats securities firms themselves |
| companies dealing in financial services. Banking | | | | face when data is housed on site. As a result, |
| Insurance/mutual funds/AMCs are the first | | | | strong firewalls and a formal data security |
| category of company facing threats. The next is | | | | strategy must be in place to prevent hacking, |
| NBFCs, Investment Banks, Venture Capitalists, | | | | viruses or misappropriation of data. The primary |
| Private Equity.the other categories mentioned in | | | | concern, we found is that executives don't like |
| the survey are - Media/Software, Retail | | | | the idea of sending their data to a location where |
| Consumer products, Foods/Beverages, | | | | their competitors' data is also being stored. This is |
| transportation, Power/energy. | | | | an understandable concern, but again, it is no |
| The threat perception of these sectors is | | | | different from sending your back-office data to |
| generally higher mainly on account of the nature | | | | ADP, which processes a good deal of Industry's |
| of their businesses and high growth rates | | | | trades, or to Sun Gard for data storage and |
| achieved by these sectors in the last few years. | | | | back-up. |
| Why are the Organizations threatened by fraud? | | | | The real fear revolves around the mistrust of |
| According to a survey lack of ethical values has | | | | people and what they might do with the data |
| been identified as one of the main reasons for | | | | -such as selling it to a competitor. There are |
| frauds in organizations. Some of the other | | | | certainly unscrupulous people everywhere-and |
| reasons can be enumerated as follows: | | | | quite a few in the US securities industry. Anyone |
| - dissatisfaction among employees | | | | can steal information or data and sell it to |
| - poor internal controls | | | | competitors or use it for their own personal |
| - lack of ethical values | | | | advantage. However, it's no more or less likely to |
| - collusion between vendors and employees | | | | happen overseas. The concerns around |
| - inadequate background checks on prospective | | | | outsourcing security have been exaggerated. This |
| employeesmanagement override of control | | | | issue revolves more around the anger of losing |
| How were these frauds detected? | | | | American jobs, fear of the unknown, and, |
| Majority of these frauds were detected by a | | | | unfortunately, slight prejudice. |
| company's own internal audit or by a third party. | | | | How is India fighting back? |
| Some of the other ways in which an organization | | | | Recent sting operation in UK done by Channel4 |
| lost its revenue and it came to light has been | | | | has exposed the seamier side of doing |
| through: | | | | outsourcing business with India. However in India |
| - expense accounts | | | | there were mixed reactions. |
| - false or incorrect information | | | | The Indian outsourcing trade body, Nasscom, and |
| - personal use of official assets | | | | some senior company executives in India were |
| - forged documents | | | | worried that the program, and sting operations in |
| - secret commissions / kickbacks | | | | past, would damage the country's reputation as a |
| - cheque forgery | | | | location with an abundant supply of low-cost, |
| - forged documents | | | | skilled labor that delivers quality service to |
| - false financial statements | | | | overseas customers. Nasscom said that it had |
| - IP infringement | | | | asked the Channel 4 to provide details of the |
| What is the attitude of organizations towards | | | | allegations but that the request had so far been |
| frauds? | | | | refused. "We are concerned about the verifiability |
| Earlier the trend was that the organizations | | | | of such stories, especially sting operations where |
| seemed to be more reactive when these frauds | | | | monetary inducements were provided," said Kiran |
| occurred. But over the years there has been a | | | | Karnik, president of Nasscom. |
| shift in the attitude of organizations towards | | | | Industry executives in India are suggesting that |
| fraud. Now they are becoming increasingly | | | | repeated sting operations are being undertaken |
| proactive in their approach. | | | | against the Indian Industry with the express |
| Most of these companies now have either a code | | | | intention of maligning its reputation. The fear |
| of conduct or an ethics policy in place as a | | | | among the Indian companies is that western |
| proactive measure to mitigate risk of fraud. | | | | customers will hesitate to outsource after India is |
| How can the frauds risks be mitigated? | | | | repeatedly projected as an unsafe outsourcing |
| Most of the companies in India are now | | | | destination. Much to its embarrassment the |
| undertaking strict steps in ensuring the minimum | | | | Industry has been hit lately by a series of |
| occurrence of fraud in outsourcing financial | | | | security breaches. |
| services. Some of them are: | | | | The industry is scrambling to combat the |
| - Pre- employment background check | | | | perception of fraud. Companies have joined in |
| - Regular fraud risks assessment | | | | setting up a national skills registry, an online |
| - Data analysis tools | | | | registry for industry workers that would contain |
| - Fraud management systems | | | | information about individual worker's professional, |
| - Data mining tool | | | | educational and personal backgrounds. The |
| In addition all the individual employees are now | | | | information is validated by an independent agency |
| being provided with proper systems to inform | | | | but owned by an individual. So far, 25000 workers |
| any kind of fraud threat at the right earnest. | | | | have registered for independent checks and |
| Some of them are: | | | | biometric identification established earlier this year. |
| - Emails | | | | Whether real or perceived no Industry can be |
| - Direct approach | | | | completely free from fraud. The opportunity of |
| - Anonymous letter/call | | | | outsourcing financial services to India is |
| - Hotlines | | | | tremendous. Next ten years will see an |
| - Grapevine | | | | exponential growth in the industry. So don't let a |
| What is the outcome of the frauds -real as well | | | | few cases dampen your spirits of utilizing the |
| as perceived? | | | | tremendous power of India as an outsourcing |
| Outsourcing to India, China, Russia, etc is really no | | | | destination. |