The BPO industry and the Ministry of Information Technology reeled today after Britain’s leading tabloid, The Sun, splashed pictures of a ‘‘crooked Indian IT worker’’ and claimed he was exchanging cash for confidential customer data, which BPOs are supposed to guard with their lives. The Sun said its reporter, under cover, paid roughly Rs 3.5 lakh to a 24-year-old Indian IT professional Karan Bahree in exchange for 1,000 account names, numbers, passwords, PINs and secret questions that could unlock details of bank accounts, credit cards and other private financial documents. The Sun quoted Bahree as saying that he had worked with IBM Daksh, where he learnt the ropes of his trade—stealing information for money. He now works with a research firm, ‘Infinity Esearch’. The London City Police, to whom the tabloid handed over a dossier of information collected from Bahree, has approached the Interpol to help in investigations. ‘‘We face the jurisdiction issue. We cannot charge anybody in India. So we are working through the Interpol so that Indian police can speak to the people involved,’’ London Police spokesperson Orna Joseph told NDTV over phone from London. She said the investigation was at a preliminary stage. In New Delhi, IBM issued a statement saying the individual named in story ‘‘had an association’’ with Daksh e-Services but that was prior to the purchase of Daksh by IBM last year. IBM Daksh did not handle consumer credit card information for any UK company and had no relations with the UK banks mentioned in the story, the statement said. ‘‘IBM procedures applied the world over to protect confidentiality apply to its India operations,’’ it said, adding that it placed ‘‘highest priority on maintaining confidentiality of client’s data.’’. Infinity Esearch’s management was not available for comment. Industry experts said that while the credibility of the tabloid’s story needed to be verified—feeding as it does the anti-outsourcing lobby in the UK and the US—reports like these are bad PR for the high-growth BPO sector. Also, they underline the gaping hole in India’s data protection laws. ‘‘We know what has happened but we can’t do anything unless there is a complaint. This is something the two companies have to sort out on their own, I cannot comment on it further,’’ said Communications and IT Minister Dayanidhi Maran today. According to the tabloid, Bahree boasted he could deliver 200,000 account details a month. Claiming to be a computer expert, he said a web of contacts in call centres delivered the secret details to him. ‘‘I believe in one thing. Technology is made by man and it can be broken by man,’’ he bragged. Details shared by Bahree are routinely shared by bank account and credit-card holders with call centres, many of which are in India and other countries. In April, three call centre employees in Pune were caught operating a scam that delivered 200,000 pounds at their doorstep from the accounts of a New York-based bank’s customers. In response to the events, IT association Nasscom said today that the BPO sector was committed to upholding data privacy. It offered support to the legal authorities in the UK and India to ensure prompt prosecution and maximum penalty for the guilty. ‘‘We believe theft or breach of a customer’s confidentiality must be treated extremely seriously. It does not matter if the crime is traditional in nature or a cyber crime,’’ a statement from Nasscom said. It has promised to raise the bar on privacy laws. ‘‘Indian IT companies undertaking work for UK companies already comply with all the requirements of the Data Protection Act, as well as other security and confidentiality safeguards. But the industry is determined to raise standards even further,’’ Nasscom said. ‘‘It is physically impossible to stop this type of behaviour. So, the companies should be double careful putting every security measure in place, including referral checks and auditing,’’ says Partha Iyengar, VP, Gartner. Added Akshaya Bhargava, MD and CEO of Infosys’s BPO arm Progeon: ‘‘Perhaps, all the BPO players should exchange a list of black-listed persons so that they do not get back into the industry.’’
