Is information security becoming a casualty in India's booming call centres as they drive down costs to keep themselves competitive for foreign clients?
UK watchdog says there is no evidence that India is riskier than UK
This concern is being raised again
following reports that bank details of 1,000 UK customers held by call centres in India have been sold to an undercover reporter of a British newspaper.
The Sun newspaper claimed that one of its journalists bought personal details including passwords, addresses and passport data from a Delhi IT worker for £4.25 each.
"BPO [outsourcing] blot in British backlash", headlined Calcutta's The Telegraph newspaper. "Indian BPOs stung where it hurts most," chimed the Hindustan Times.
The Indian government has dismissed the case as a "freak incident".
But some say that in the fiercely competitive call centre industry where undercutting drives down costs to the advantage of foreign clients and makes India such a competitive destination, information security often takes a hit.
"Foreign clients need to understand that when they outsource to India to get cost benefits continuously, costs are being cut somewhere- and many a times, it is security," says Raghu Raman, who works with a company which looks after information security for international clients outsourcing work to call centres in India.
The recent alleged fraud has caused concern in India
His company checks information security systems in call centres on behalf of foreign clients once every quarter- sometimes even covertly.
"Frankly, information security in India is not in a good shape," he says.
During a security check of a call centre in Pune, Mr Raman says his company found a lot of negligence - including customer data "lying around in the garbage".
Experts like Raghu Raman feel that Indian call centres will have to come up with a "demonstrable" business model which seeks a higher value for their jobs with better security systems.
Client information has been leaked or sold from call centres all over the world, but reports of such incidents out of India acquired a more sensitive and emotive hue because the country is perceived in the US and UK to be taking away local jobs.
There have been reports in the British press suggesting that security in Indian call centres is suspect and data fraud is common.
However the UK's own Financial Services Authority said last month that there was no evidence that the danger in India was greater than in British call centres.
'Wake up call'
"Every day, there is some fraud reported from the financial services industry all over the world. When banks and clients outsource data, they are aware of the risks. I think that this incident is blown out of proportion," says R. Venkat Raman - of the consultancy KPMG which is working with the infotech industry in India.
But experts agree that India needs to tighten up call centre security and info tech laws to stay ahead in the call business process outsourcing (BPO) business.
Thousands of call centre jobs have sprouted up in India in recent years
If the British newspaper report is proved to be true, this will be third instance of such fraud in India in the past two years.
"This is a wake up call for the business outsourcing industry. We ignore this at our own peril," says cyber lawyer Pavan Duggal.
"If this goes on it will be doomsday for the industry."
This is something which India can ill afford.
The business process outsourcing industry is growing at a scorching rate - exports were worth $5.2bn in 2004-2005 and expected to grow over 40% this fiscal year.
The industry is also one of the biggest sources of employment- there are nearly 350,000 people working in call centres in the country supporting international industries, up from 42,000 four years ago.
They are mostly young boys and girls from middle-class India earning a decent pay cheque.
India also has laws to deal with information technology crimes.
If a call centre worker is found guilty of leaking and selling confidential data, he could face three years in prison and a fine of 100,000 rupees ($2,297) under the five-year-old information technology act.
The worker could also face prosecution for theft, cheating and criminal breach of laws under the country's archaic penal code.
The offender can even be sued for damages up to $225,000 to be paid to people affected by the leakage of information.
There is now talk of a comprehensive employee data base
But experts say that India's information technology laws are largely skewed towards checking e-commerce fraud, and do not give adequate attention to data protection.
"India needs a dedicated data protection law to deal with crimes such as leakage of information from call centres," says Pavan Duggal.
A large number of cyber crimes also go unreported, say experts.
Pavan Duggal says he carried out a survey two months ago which revealed that only 50 out of 500 cases of cyber crimes in India get reported to the police.
There is now talk of a comprehensive data base of call centre employees which will help companies trace previous offenders.
But this might not be of very much help because 70% of white collar crimes are by first time offenders.
"This needs a more systemic approach to strengthening security even if it costs more," says Raghu Raman.