http://www.silicon.com/research/specialreports/offshoring/0,3800003026,39129426,00.htm Indian call centre staff in $350,000 Citibank theft April 11 2005 by Andy McCue US customers tricked into revealing PIN numbers... E-mail to a friend Printer friendly Reader Comments Post your comment here The Indian offshore outsourcing industry has been rocked by the revelation that call centre workers in Pune have been arrested for allegedly looting $350,000 from the accounts of Citibank's US customers. The three staff are former employees at Indian business process outsourcing (BPO) firm Mphasis, which runs call centre services for Citibank's US customers in Bangalore and Pune. Nine other gang members were also arrested. The former Mphasis staff used their positions dealing with Citibank's customers to trick four of them into giving out the PIN numbers to their accounts, allowing the staff to transfer funds into the bank accounts of other gang members. The fraud was only discovered when the customers noticed the money missing from their accounts and Citibank subsequently traced it back to the Mphasis operations in Pune. Mphasis said it "regretted" the incident, but maintained that its security procedures are adequate. A statement said: "While we are unhappy with the incident itself, we are at the same time quite pleased that detection systems worked. While such incidents unfortunately do happen everywhere, timely and exemplary enforcement ensures that no-one needs fear that culprits or potential culprits can get away and the reputation and credibility of the entire system is actually preserved and enhanced." But research analyst Forrester claimed the breach will have "far-reaching" negative connotations for the offshore BPO industry and said that the high turnover of Indian call centre staff makes it increasingly difficult to adhere to security processes and sufficiently check backgrounds. A Forrester research note said: "While the center in Pune was BS 7799 and CMM Level 5 certified, the breach still occurred. Clients and prospects should not be lulled into security complacency by the laundry list of certifications or process changes that suppliers roll out. Customers are going to have to implement their own aggressive requirements, such as eliminating writing instruments in their offshore centers and auditing bi-monthly to ensure that the vendor is following mandated processes." Forrester also claimed offshore call centre growth could drop by as much as a third because of security concerns, regulatory pressure and a consumer backlash. No-one at Citibank was available for comment.