India Remains a Hot Spot for Brokerage Outsourcing

By Maria Trombly | Securities Industry News | July 5, 2006

About a year ago, call center employees of Bangalore-based Mphasis tricked Citibank customers into giving out their personal identification numbers, then used the codes to steal more than $300,000. By August, Indian police arrested three former employees of Mphasis, an outsourcing provider recently acquired by Electronic Data Systems Corp.

Advertisement

It was a wake-up call for the Indian outsourcing community, which tightened security procedures by, among other things, doing background checks of employees. But last month, another outsourcing industry employee was arrested and charged with taking part in the theft of more than $420,000 from HSBC customers. This employee worked for HSBC Electronic Data Processing Pvt. Ltd., a so-called captive operation based in Bangalore.

Yet India remains a magnet for financial services work. UBS, for one, is investing $40 million in a new back-office facility in Hyderabad, which opened in June and has recruited 200 employees on the way to an anticipated 1,500 by mid-2007. Late last year, JP Morgan Chase & Co. announced that it will hire up to 4,500 in India over the next two years. JP Morgan, Merrill Lynch & Co. and other top investment banks are also turning to India's highly educated workforce for research and other analytical support.

"We haven't seen American financial customers being scared and reducing exposure to India because of security concerns," noted Rajat Mohanty, CEO of Mumbai-based security services company Paladion Networks. Stepped-up security measures allayed any concerns.

Mphasis hired KPMG to conduct a forensic audit, said Jeroen Tas, vice chairman of Mphasis BFL Group. "Their analysis of the fraud did not indicate any major security or process breach," said Tas. "It appeared to be a case of social engineering," meaning that the perpetrators used nontechnological methods, such as conversing with employees, to circumvent access controls.

"However, after the incident, we further strengthened our security policies and procedures," added Tas. Now notebooks, cell phones and computer media are not allowed on the production floors, and the time it takes to delete a former employee's credentials from the systems has been reduced from three days to three minutes. The company has also installed turnstiles on all floors and increased the number of closed-circuit cameras by 50 percent, he said, adding, "We are also implementing doorframe metal detectors, in addition to the metal detectors that are currently used by our security guards, as well as fingerprint-based authentication."