The news as of the first coffee this morning, and the music is John Coltrane's Love Supreme. Happy Labor Day, in honor of which First Coffee is laboring:
TMC's Dear Leader Rich Tehrani forwarded this piece from the Telugu Portal over the weekend, datelined Kolkata, India:
A call center employee who allegedly splurged on online shopping with credit card numbers of the company's US clients was arrested here.
Sulagna Roy, 23, an employee of a call center the city's IT hub at Sector 5 of Salt Lake, was arrested Friday from her James Long Sarani residence in south Kolkata on charges of cheating foreign nationals by using their credit card numbers and shopping for goods worth Rs.200,000, about $4,300.
Roy allegedly duped 42 US clients of the call center and purchased everything from chocolate to an air conditioner.
And then this telling quote:
"Sulagna is well aware of the new age cyber crimes, going by her modus operandi. She targeted US citizens so that she can escape law as they would be unable to lodge complaints from there," said Gyanwant Singh, deputy commissioner of police (detective department).
Singh explained that there wasn't anything particularly complicated or high-tech about the fraud: When the American clients would contact the call center for online purchases she'd simply jot the numbers down. Evidently clients in California started complaining about unauthorized purchases, and Indian police tracked the fraud back to the Kolkata center and to Roy.
India's touchy attitude towards reports of call center fraud was on display in coverage of the incident on the Indian business site Moneycontrol India. "Jayshree Infotech, which is part of the BK Birla group, is now struggling to explain to its clients how a fraud like this could take place," the journal says:
"The management had thought it had taken all possible precautions, but now feels there is perhaps no foolproof mechanism to prevent crimes like this. The CEO of the firm says the American website from which goods were being bought should have raised an alarm much earlier."
On the one hand the $17.2 billion dollar Indian outsourcing industry hates it when this kind of thing happens, it does give the whole idea of outsourcing your call center to India a black eye when Indian call center agents are pocketing American credit card numbers on the assumption that the long arm of American law can't reach that far. Credit to Indian authorities for acting with despatch to enforce the law.
On the other hand, in a not so credit-worthy move, the Indian company tries to shift some of the blame to its American customer, saying they should have "raised an alarm much earlier." That might have happened had the American client not wanted to avoid the appearance of running to blame the Indians as soon as a problem cropped up, something Indians complain about American outsourcers doing.
Rajesh Sarda, CEO, Jayshree Infotech told Moneycontrol India that "some sort of check and balance should have been there in the software to detect that the shipment is going to take place in India but the card information is from America," in the journal's words. "Now if some American wants to gift it to some Indian in India then again the IP address of the computer has to be in America. It cannot be from India," he says.
A sensible precaution, but hardly one that will prevent such fraud in the future, especially if an Indian has foreign confederates.
Call center fraud is not a new problem, it's not an exclusively Indian problem and it's not one that'll go away with a few tweaks to the system. Last April, in the wake of the notorious Pune Citibank scam, the British tech journal The Register observed that India's National Association of Software and Service Companies (NASSCOM) "was planning a [voluntary] nationwide database of call center staff who have security clearance."
The problem, as The Register says, is staff turnover within call centers is notoriously high, putting the figure at "40 per cent a year or more". Keeping such a database up-to-date enough to sustain merit as a reliable business resource would be a daunting task ("perhaps they can outsource it," The Register suggests puckishly).
Of course no system is going to eliminate human evil. Jerry Mao, the chairman of Mphasis, a firm hit by the Pune Citibank scam in April 2005 told the Financial Times that the three staff arrested "did not have criminal records meaning it is unlikely that any screening program would have picked them up," according to The Register.
The Mphasis scam was what got Indian call center fraud on the front burner. Three Pune, India-based call center employees of Mphasis BPO, the outsource operation of Bangalore software and services company Mphasis BFL Group, were charged with defrauding account holders in New York of Citibank somewhere around $300,000.
Theirs was a more sophisticated ruse than simply copying down credit card numbers to go buy a darling new pair of shoes: The accused allegedly got PINs from account holders, and with accomplices "used the services of the Society for Worldwide Interbank Financial Telecommunication to transfer funds from these accounts to their own accounts and fake accounts that were created for this purpose," according to Sanjay Jadhav of the Pune police.
After the Pune incident the government's oversight of India's lucrative call center outsourcing business came under attack. India Daily wrote that NASSCOM, "busy promoting Indian software and call center outsourcing services," was "running for cover." Saying this was "not an isolated incident," India Daily blamed "lack of security control, uncontrolled growth in business process outsourcing and ignorance of Indian Government in this matter" for the theft.
First Coffee blames human evil as well.
In June 2005 Gartner released a study predicting that global outsourcing will continue to grow and that by 2015, 30 percent of traditional professional IT services jobs will be delivered by people based in emerging markets. Fraud security will be a huge concern.
High-profile fraud prevention will be a critical necessity for India by then, as Gartner predicts that by 2008, China, Russia and Brazil will also be important players in this market. And yet another Gartner report finds that "a labor crunch and rising wages could erode as much as 45 percent of India's market share" by 2007. The analyst firm estimates that India's current 85 percent ownership of the BPO market share could dwindle to about 45 percent by 2007.
Hence the Indian ambivalence towards reporting such incidents as successful policing of the Kolkota scam. On the one hand you want to thump your chest that you're solving problems, catching bad guys and gals and cleaning up the town. On the other hand, people might start to wonder just how much is going uncaught.
Data security is an important issue to Americans. This past November a survey conducted by Unisys found that nearly 40 percent of Americans are at least somewhat willing to pay fees for more protection, compared to 27 percent in a similar U.S. survey conducted by Unisys in 2004. Even a larger number (50 percent) would consider switching banks for more protection, compared to 45 percent in 2004.
Tellingly, almost three quarters (73 percent) of the 2005 respondents worried about the fraudulent use of their bank accounts or credit cards. The 2004 Unisys study found that only 51 percent expressed at least some concern about the safety of their bank accounts. Bear in mind that Unisys is trying to drum up business for its fraud protection software, but still the numbers are striking.
This is why it's to the Indian BPO industry's credit that they work with American and Indian authorities to investigate and prosecute fraud, and accept the negative publicity that goes along with it, rather than try to sweep it under the rug and quietly fire people. Because people know that you can't prevent all fraud, in America, India, the Philippines or anywhere else. And if countries try to whitewash the problem pretty soon people will be wondering why India's competitors aren't catching the bad apples as well.
If read off-site hit http://blog.tmcnet.com/telecom-crm/ for the fully-linked version. First CoffeeSM accepts no sponsored content.