A breach of security at two payment card processing companies in India that led to heists at cash machines around the world has reopened questions on the risks of outsourcing sensitive financial services to the Asian nation.
Global banks that ship work to be processed in India,either in-house or to big IT services vendors,were already under pressure to step up oversight of back-office functions after a series of scandals last year.
Last week,US prosecutors said a global criminal gang stole $45 million from two Middle Eastern banks by breaking into the two card processing companies based in India and raising the balances and withdrawal limits.
India is exposed in two ways: The threat that the same theft could happen in India and the fact that the outsourcing industry will also get affected, said Arpinder Singh,partner and national director for fraud investigation and dispute services at consultancy Ernst & Young.
The episode is reopening debate on banks sending work requiring a high degree of confidentiality to offshore locations.
It is the weakest link, said Shane Shook,an expert with US cyber-security firm Cylance Inc who has helped financial firms conduct investigations into some major cyber crimes.
I think the lesson is they need to pull back on what theyve outsourced. When youre giving a third party,the outsourced entity,the ability to access credit limits or cash limits of the consumers youre managing the finances for,youre giving up control that is your fundamental responsibility.
Indias $108 billion IT services industry is the worlds favoured destination for outsourcing.