| These stories appear several years apart; during this | | | | regulated environment. WNS is the first BPO service |
| period, according to industry body NASSCOM, the | | | | provider to achieve the prestigious PCI DSS |
| Indian BPO industry alone grew more than 100% [from | | | | certification at an enterprise level in the category of |
| $5.2 billion in 2005 to $12.5 billion in March 2008]. In the | | | | “Level 1 Service provider”. |
| last financial year alone, it grew 32%. This exponential | | | | Other IT service and business process organizations |
| growth was not coincidental. It is a reflection of | | | | have learned from the past breaches and have |
| customer confidence and faith in the offshore delivery | | | | implemented information security management |
| model, indicating that customers believe that delivery | | | | systems based on industry accepted standards such |
| offshore offers significant value adds such as process | | | | as ISO 27001. Certification is a 'must have' in the |
| optimization, cost reduction, and operational efficiency, | | | | industry. |
| with risk managed appropriately. | | | | BPO organizations are also focused on staff |
| As an example, to combat fraud, the Indian BPO | | | | education. For example, WNS has significantly invested |
| industry is adopting some of the most stringent global | | | | in educating staff about information protection through |
| standards in the handling of sensitive information and | | | | delivery methods ranging from online classroom based |
| data. One such standard is the payment card industry | | | | training programs, do’s and don’ts checklists, an |
| data security standards (PCI DSS), as prescribed by | | | | information security handbook, screensavers, and |
| PCI data Security Council. The PCI DSS version 1.1 is a | | | | other communication tactics including floor level |
| comprehensive set of requirements for enhancing | | | | focused discussions. |
| payment account data security developed by some of | | | | The problem however is largely global. A recent |
| the world’s leading founding payment brands | | | | survey of U.S. online retailers who accept overseas |
| including Amex, Discover, JCB, MasterCard and Visa in | | | | orders conducted for payment processors report the |
| order to facilitate the broad adoption of consistent | | | | top 10 countries in the world of fraud range from |
| data security measures on a global basis. It is a | | | | Nigeria to Russia to Canada [source: but not India. |
| multifaceted security standard that prescribes | | | | However, smart companies should at leasta) review |
| requirements for security management, policies, | | | | the compliance norms and ensure that the organization |
| procedures, network architecture, software design and | | | | they are outsourcing to has the necessary relevant |
| other critical protective measures and is intended to | | | | certification;b) have a watertight contract in place |
| help organizations aggressively protect customer | | | | encompassing service levels and penalties;c) conduct |
| account data. | | | | periodic audits of the outsourcers thereby ensuring that |
| WNS Global Services, as an example, has | | | | stringent standards are adhered to; andd) put in place |
| implemented the PCI DSS provisions in order to assure | | | | well-defined service level agreements. |
| customers of its information protection maturity and | | | | It ultimately should be acknowledged that fraud is a |
| ensure that sensitive information such as payment | | | | global phenomenon and the companies that are |
| card information is viewed, assessed, transacted, | | | | certified and have trained staff are the ones with |
| transmitted and stored in a highly secure and PCI DSS | | | | whom to do business with. |