Channel 4 recently aired a documentary that would have left most CIOs feeling distinctly uncomfortable in their armchair. Footage from the Dispatches programme showed the apparent ease with which personal details – such as addresses, bank account numbers and credit card details – could be bought from employees at Indian call centres. With so many companies today having Indian operations, the risk is clear.

For developing economies such as India, a backlash could be damaging. Its outsourcing industry, worth $23.6 billion annually, is a major factor in India’s economic rise. According to IT advisory group Gartner, European-based companies alone will help fuel this growth with a 50% annual rise in offshore spending over the next two years. Consequently, any threats will be taken seriously.

Executives at Indian IT service companies point out that this type of theft is limited to only one part of the offshore outsourcing mix: call centres. “There is always a big question mark about call centres because of the number of people they employ, the lack of supervision and the influences that they are subject to,” says Dr Raghavan, head of security at Tata Consultancy Services, one of India’s largest outsourcing consultancies. “Offshore companies that do not have call centres do not have an image problem because they have taken care of security in a conscientious way.”

One way security is managed is through rigid access control – a stint as head of India’s Central Bureau of Investigation should have sharpened Raghavan’s appreciation of such matters. The controls to access both the physical premises and the computers need to be very tight, he says. “Once the access is restricted, half the battle is won.”

Other measures that TCS, and other Indian companies, use include: a background screening of all new recruits; intensive security training for new recruits; and annual tests on data

protection issues, which forms part of the employees’ review.

At an operational level, there is a visible division of labour that ensures that each client account is managed by only one team, avoiding possible conflicts of interest and the risk of industrial espionage.

Raghavan is adamant that offshore outsourcing is no more prone to security risks than domestic outsourcing. These kind of events are not peculiar to India – they could happen anywhere in the world, he argues.

According to accounting and auditing group Ernst & Young, he has a point: its research indicates that despite a greater unease about the risks from fraud in emerging markets, companies were

more likely to have suffered significant fraud in developed countries.

Nevertheless, India’s popularity could yet be the cause of further security headaches, warns Ian Marriot, an analyst at Gartner. “India is in danger of becoming a victim of its own success,” he says. The increase in outsourcing is stretching India’s ability to meet the demand for experienced staff and soon European companies may need to consider alternative locations, he says.

When this happens, more documentaries will undoubtedly follow, exposing human greed. But in the meantime, Raghavan says that it’s good for people to question security lapses, even if they are not as common as might initially be feared. “It helps us to sharpen our skills, it keeps us awake and makes sure we don’t give any room for complaints from Western countries.”