Computer Crime Research Center


Fraudsters and victims

Date: July 04, 2006
By: Nitant P. Trilokekar

Thanks to computers, a fraudster can sit four seas away and yet dip into your pocket

What is a BPO enquired my young son. I paused for a minute to ensure that the abbreviation did not have any other connotation because his questions always seemed loaded with irony. `Business Processing Outside', I simplified, holding back the `outsourcing' jargon, was how the manual administrative processes of the advanced countries were processed in the far away lands of India and China thanks to the low cost of Internet. He nodded his head in clear understanding with a quip, "Like our EPO". "EPO?" I was stumped. Now it was his turn to explain, "Remember every time our school makes us write an essay, I never write it in school but make you give me a draft and I get good marks for my note book. That is Essay Processing Outside or EPO for short."

I was glad he understood.

Destination India

Why is India a hot BPO destination?

I shared with him my insight that what is not automatically transacted is handed to the BPO. Thus, a computer debiting an account can `converse' with another computer with no role for the BPO to play in such cases. However, when a doctor in the UK does not tick any of the boxes in the medical claim form, it requires cerebral effort to do so on his behalf. Such work is tackled only by the BPO and more often only a keen eyesight is required to decipher his handwriting. My son mused, "Does this mean global recognition of intellectual superiority of Indians?" I could not agree with him more except that this intellect was now being applied in the wrong direction by perpetuation of fraud.

Weak Internal Control

But wanted to know why Indian BPOs should be plagued by fraud when he was thought fraud happened mainly in banks which had cash as the stock in trade. I realised that perhaps this was why the system designers had given full access to their BPO operators across the seas.

The publicised frauds, however, have been reported mostly for bank BPOs. Gone are the days of gun-wielding dacoits emptying bank safes. This is the era of the `virtual dacoit' who can sit four seas away and steal from your pocket! This is precisely what happened for the generation, which has just begun to use passwords such as Ali Baba's `Open Sesame'. Bank BPO frauds are quite similar to the credit card frauds on the Internet.

When the credit card number is accepted, no other proof is needed; such numbers in the wrong hands can exceed the card limit in a jiffy. BPOs exist for particular purposes. The staff is given full access to all information and perhaps the only control is the inability to conduct a transaction. What the designers forgot was that today, information itself is the key to many doors. Passwords being the master key. Once this is available, you do not need a bag to carry the booty out of the BPO office when it can be locked in your memory or on a piece of paper which escape the metal detector. Perhaps the gates at the BPO centres need a `Mental Detector' remarked my alert son.

I could not agree with him more in the sense that honest staff should be recruited by the BPOs. Though, somehow the filter can be employed at the beginning of their employment, later circumstances may cloud their vision. Since contracts come at their own pace, a company may need a hundred persons overnight not permitting of a tight security filtering.

My son got inspired by the much touted KYC (Know Your Customer) norms pressured by the Reserve Bank of India on banks and suggested the BPOs should formalise KYE (Know Your Employee) where the previous employer's view is obtained independently as well as the address checked out since such persons when detected tend to submit false addresses. Being a teen he suggested the KYE norms be extended beyond residential addresses to even their friends circle.

Differently sighted audit

New technology and new businesses need matching audit approaches that cover various angles. Old internal audit has proven to be incapable of prevention and early detection of such frauds. Software-based concurrent audit is one angle, which may `red flag' transactions to catch the fraud in the first instance itself. It requires little imagination to develop such tools but great deal of sight to introduce this concept.

Having learnt more than what he wished for, my son concluded that BPOs could well be FPOs, for `Fraud Processed Outside'. Since all discretionary transactions are shifted to BPOs, the propensity of fraud in the originating country gets minimised and unwittingly shifted to the BPOs.

Since BPO has been touted to generate employment and wealth, this offspring FPO has also done similar contribution on a smaller scale. "How so?" I was now the student. My son explained: "When a fraud occurs, investigators will be required; in this age, the Cyber Forensic experts. Since major BPOs are in India, a new wave of Cyber Forensic Experts will be needed and this means another employment avenue for Indian professionals.

BPO to EPO to FPO... I muttered to myself and went off to staring at my fish tank — an exercise, my doctor says, that reduces stress.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo