A Forrester Research report has warned that what looks like just another theft might curb the booming Indian BPO industry's growth by as much as 30 per cent.
Forrester said the arrest of three former employees of MphasiS BFL's BPO operation Msource, and nine others, on April 6 in Pune -- for allegedly stealing over $350,000 from four Citibank customers -- has sent shock waves through the Indian IT-enabled services sector.
This, coupled with skyrocketing call centre attrition rates, will severely dampen BPO growth rates, especially in the call centre customer service space in the next 18 months, said the Forrester report, authored by John C McCarthy, along with G Oliver Young and William Martorelli.
How the theft occurred
The arrested MphasiS staff members acquired the passwords to end customer accounts and transferred the money to their own accounts opened under fictitious names. The fraud occurred over a period of five weeks from the end of February to early April.
The fraud came to light when customers noticed the missing funds. Citibank then tracked the fraud to MphasiS' Pune customer service centre.
MphasiS expresses regret
MphasiS, in a statement issued to rediff.com, said it was working closely with the police in Pune and expressed regret over the incident.
It is still not clear whether MphasiS dismissed the employees from service after the charges were pressed or whether they had left the company before the fraud was detected.
'This is with reference to the Pune bank fraud case reported in several publications. We are in close contact with the police and are working with them in their efforts towards law enforcement. MphasiS regrets this occurrence, which seems to involve some ex-employees. While we are unhappy with the incident itself, we are at the same time quite pleased that detection systems worked and that there was swift, coordinated information exchange between the affected parties,' the company statement said.
'While such incidents unfortunately do happen everywhere, timely and exemplary enforcement ensures that no one needs fear that culprits or potential culprits can get away and the reputation and credibility of the entire system is actually preserved and enhanced,' the company said in the statement.
'We continue to work closely with the concerned agencies and will keep you informed of further developments as appropriate,' MphasiS added.
Blow to MphasiS' move
The Forrester report said unlike past negative BPO headlines, this was not a lapse of judgment or an issue of poor customer service: the incident was an organised and systematic plot to steal customers' money.
Forrester said this breach of sensitive customer data will have far-reaching negative connotations for the offshore BPO space.
MphasiS, said Forrester, has been 'de-emphasising its slower-growth IT application development and maintenance business in favor of its BPO/call centre work. At best, this incident is going to lengthen sales cycles, slow clients expansion of current business, and cost it new business.'
Citibank is one of the firm's largest customers and if the bank cuts back its work with Msource, it will be a major setback, said the report.
MphasiS' Pune centre was BS 7799 (a security certification) and CMM Level 5-certified (quality certification), theft still occurred and Forrester said the rising attrition rates in the call centre space -- 50 per cent to 100 per cent -- undermine suppliers' ability to adhere to processes and sufficiently check backgrounds.
MphasiS has said it will more closely monitor calls in the future to ensure that staff members do not solicit customers for account pass codes/PINs. But Forrester warned clients and prospects that 'they should not be lulled into security complacency by the laundry list of certifications or process changes that suppliers roll out.'
Call centre growth may drop by 30%
'The incident will undermine call centre expansion by as much as 30 per cent as security concerns, regulatory pressure, and end customer backlash lengthen sales cycles, impede the ramping up of larger projects, or drive firms to take the captive route,' said the Forrester report.
The report said the security breach will also hasten the shift from call centre customer service work to less onerous and visible back-office accounting and claims-processing activities.
Forrester foresees a clarion call for robust data protection legislations, tighter BPO regulation and strong enforcement now. India, said Forrester, will now have to tighten its data protection and privacy laws to bolster its offshore credibility.
The National Association of Software and Services Companies will have to go beyond promotion and begin lobbying the government on issues like tightening Cyber Law -- which has not been as effective in prosecuting online offenses - and creating a more comprehensive system for checking backgrounds, said the Forrester report.
Forrester has cautioned all IT vendors to be ready for an onslaught of audits and reviews as CIOs and business executives look to reassure senior management that their IT work is not at risk. The report says while this may lengthen sales cycles and slow project ramp-ups, it will not have as broad an impact on IT services as it will on BPO.
Forrester expected firms to establish their own captive centres over which they believe they exert greater control following the theft.