New Delhi June 24
Indian business process outsourcing (BPO) firm Infinity e-Search, under fire from reports appearing in the British Press, today said that it does not have any bank clients in the United Kingdom (UK) and was not dealing with any kind of financial information.
The company, however, admitted that Karan Bahree, the employee of the Gurgaon-based call centre allegedly involved in the fraud of leaking out confidential credit information, has admitted to his role in the incident.
In an "explanation letter" submitted to his employers this evening, Bahree said he was approached by someone called Oliver . "Someone he (Karan) knew approached him to deliver a presentation to someone called Oliver (undercover Sun reporter)...He (Karan) did take some money,'' Infinity e-Search's Managing Director Rahhul Mr Dutt said.
''It's a coincidence that Karan has been working with us... We have nothing to hide,'' he said. ''A copy of the letter will be given to the DSP,'' he added.
Apex IT industry lobby group Nasscom, however, said that such incidents were “very very rare” but it would work with legal authorities in the UK and India to find a solution to the problem.
“We do not have bank clients in the UK. We do not deal with any information that is classified. We are into things like web development”, Managing Director of the Infinity e-Search Rahul Dutt said, emphasising that his company was not a pure-play BPO company.
He said Karan Bahree had joined the company about three months ago and is currently on probation.
The firm’s lawyer Deepak Masih said that Bahree was employed as a junior content writer and did not have access to any classified information whatsover.
Mr Dutt said that no investigation agency had so far got in touch with the company.
“We learnt about this data theft in the newspapers this morning like everyone else. We have not contacted the police because. We are not hiding and we have nothing to hide”, Mr Masih said.
Reports appearing in a widely circulated British tabloid said that the newspaper’s sting operation managed to successfully secure classified information of unsuspecting British bank subscribers by bribing an employee of an Indian “BPO” firm.
This is not the first time that the booming Indian BPO industry has come under fire for security breaches at call centres. Recently, Mphasis BFL, tipped as the “next big thing in Indian IT industry”, attracted ire for reportedly similar reasons.
While industry pundits say that this should be treated only as an one-off case and that the entire industry would not be affected by this in the long run, incidents like these may strengthen the arguments of the anti-outsourcing brigade in the West. Exports of Indian BPO industry brought the country revenues of US $ 17.5 billion in 2004-05.
Apex IT services lobby group, NASSCOM, meanwhile has taken serious note of the reports and said that it would work with
legal authorities in the UK and India to ensure that those responsible for criminal breach are promptly prosecuted and face the maximum penalty. Its chief, Kiran Karnik said that this was a “very very rare” case. “The clients are full of praise, appreciation for the tight standards Indian industry has established and the safeguards put into place. None of these means that there is complacency and any such event is for us to look back and investigate”, he said.
The Government, however, sought to distance itself from the incident stating that the incident was a subject between the company and its employees.
"It is a matter between a company and its employees. It is also a subject matter between the call centre company and the company which has given this contract," Communications and IT Minister Dayanidhi Maran told reporters commenting on a tabloid report in this regard.
"We believe that any case of theft or a breach of a customer's confidentiality must be treated extremely seriously. It does not matter if the crime is 'traditional' in its nature or whether it is what is known as a 'cyber crime'," Nasscom said.
“The IT Act 2000 can handle only a part of the problem. What we need is a specific data protection Act. Even though a Data Protection
Bill is floating around for quite some time, it has not seen the light of the day”, Anand Prasad, Partner, Trilegal, a Delhi-based corporate law firm said.
