YOUR CREDIT CARD OUTLET

What should companies that outsource do to prevent credit card fraud?

These stories appear several years apart; during this period, according to industry body NASSCOM, the Indian BPO industry alone grew more than 100% [from $5.2 billion in 2005 to $12.5 billion in March 2008]. In the last financial year alone, it grew 32%. This exponential growth was not coincidental. It is a reflection of customer confidence and faith in the offshore delivery model, indicating that customers believe that delivery offshore offers significant value adds such as process optimization, cost reduction, and operational efficiency, with risk managed appropriately.

As an example, to combat fraud, the Indian BPO industry is adopting some of the most stringent global standards in the handling of sensitive information and data. One such standard is the payment card industry data security standards (PCI DSS), as prescribed by PCI data Security Council. The PCI DSS version 1.1 is a comprehensive set of requirements for enhancing payment account data security developed by some of the world’s leading founding payment brands including Amex, Discover, JCB, MasterCard and Visa in order to facilitate the broad adoption of consistent data security measures on a global basis. It is a multifaceted security standard that prescribes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures and is intended to help organizations aggressively protect customer account data.

WNS Global Services, as an example, has implemented the PCI DSS provisions in order to assure customers of its information protection maturity and ensure that sensitive information such as payment card information is viewed, assessed, transacted, transmitted and stored in a highly secure and PCI DSS regulated environment. WNS is the first BPO service provider to achieve the prestigious PCI DSS certification at an enterprise level in the category of “Level 1 Service provider”.

Other IT service and business process organizations have learned from the past breaches and have implemented information security management systems based on industry accepted standards such as ISO 27001. Certification is a ‘must have’ in the industry.

BPO organizations are also focused on staff education. For example, WNS has significantly invested in educating staff about information protection through delivery methods ranging from online classroom based training programs, do’s and don’ts checklists, an information security handbook, screensavers, and other communication tactics including floor level focused discussions.

The problem however is largely global. A recent survey of U.S. online retailers who accept overseas orders conducted for payment processors report the top 10 countries in the world of fraud range from Nigeria to Russia to Canada [source: http://www.internetretailer.com], but not India.

However, smart companies should at least

a) review the compliance norms and ensure that the organization they are outsourcing to has the necessary relevant certification;

b) have a watertight contract in place encompassing service levels and penalties;

c) conduct periodic audits of the outsourcers thereby ensuring that stringent standards are adhered to; and

d) put in place well-defined service level agreements.

It ultimately should be acknowledged that fraud is a global phenomenon and the companies that are certified and have trained staff are the ones with whom to do business with.

About the Author

Outsourcing Expert is associated with WNS, a leading Global Business Process Outsourcing Company. Deep industry and business process knowledge, a partnership approach, comprehensive service offerings and a proven track record enables us to deliver business value to the world’s leading companies. WNS is passionate about building a market leading company valued by our clients, employees, business partners, investors and communities.

Bank secured Credit Cards can help you improve your credit score