A breach of security at two payment card processing companies in India that led to heists at cash machines around the world has reopened questions on the risks of outsourcing sensitive financial services to the Asian nation.
Global banks that ship work to be processed in India, either in-house or to big IT services vendors, were already under pressure to step up oversight of back-office functions after a series of scandals last year.
Last week, US prosecutors said a global criminal gang stole $45 million from two West Asian banks by breaking into the two card processing companies based in India and raising the balances and withdrawal limits.
“India is exposed in two ways: The threat that the same theft could happen in India and the fact that the outsourcing industry will also get affected,” said Arpinder Singh, partner and national director for fraud investigation and dispute services at consultancy Ernst & Young.
The episode is reopening debate on banks sending work requiring a high degree of confidentiality to offshore locations. “It is the weakest link,” said Shane Shook, an expert with US cyber-security firm Cylance Inc. “The lesson is they need to pull back on what they’ve outsourced. When you’re giving a third party, the outsourced entity, the ability to access cash limits of the consumers you’re managing the finances for, you’re giving up control that is your fundamental responsibility.”
ElectraCard admits system breach
A Pune-based card processing company acknowledged on Monday that hackers breached its security to increase the limits on some pre-paid card accounts in a global ATM heist in December.
ElectraCard Services said no customer data was stolen from it and any tampering of ATM cards occurred elsewhere.