After ATM heist, India's IT sector again in unwelcome spotlight
By Swati Pandey and Harichandan Arakali
MUMBAI/BANGALORE (Reuters) - A breach of security at two payment card processing companies in India that led to heists at cash machines around the world has reopened questions on the risks of outsourcing sensitive financial services to the Asian nation.
Global banks that ship work to be processed in India, either in-house or to big IT services vendors, were already under pressure to step up oversight of back-office functions after a series of scandals last year.
Last week, U.S. prosecutors said a global criminal gang stole $45 million from two Middle Eastern banks by breaking into the two card processing companies based in India and raising the balances and withdrawal limits.
"India is exposed in two ways: The threat that the same theft could happen in India and the fact that the outsourcing industry will also get affected," said Arpinder Singh, partner and national director for fraud investigation and dispute services at consultancy Ernst & Young.
The episode is reopening debate on banks sending work requiring a high degree of confidentiality to offshore locations.
"It is the weakest link," said Shane Shook, an expert with U.S. cyber-security firm Cylance Inc who has helped financial firms conduct investigations into some major cyber crimes.
"I think the lesson is they need to pull back on what they've outsourced. When you're giving a third party, the outsourced entity, the ability to access credit limits or cash limits of the consumers you're managing the finances for, you're giving up control that is your fundamental responsibility."
India's $108 billion IT services industry is the world's favored destination for outsourcing. Over 40 percent of exports by the industry are support services for the global financial sector, ranging from investment bank back-office functions to research, risk-management and processing of insurance claims. Continued...