Firms in India Seek Better Background-Check System
APRIL 18, 2005 (COMPUTERWORLD) by Patrick Thibodeau
India’s technology firms are creating a centralized employee information depository, with employment, education and even credit histories, for conducting employee background checks. The issue of background checks for Indian technology job candidates arose this month after 12 people were arrested for allegedly defrauding four Citibank account holders in New York of more than $300,000. Three of those arrested were former call center employees of Mphasis BFL Group in Mumbai.
This depository, to be launched as a pilot over the next two months by the Delhi-based National Association of Software and Service Companies (Nasscom), India’s major technology trade group, is designed to fix a problem in the developing country: a lack of centralized personal data.
In the U.S., employers can use so-called data brokers, including two that recently reported security breaches—ChoicePoint Inc. and LexisNexis Group—to get background information on job candidates. But India doesn’t have centralized, national databases. In fact, it wasn’t until last year that a national credit-reporting agency, the Credit Information Bureau of India Ltd., was formed to gather data on Indian citizens.
Without access to that type of data, Subbu Venkataraman, a vice president at Sierra Atlantic Inc., a Fremont, Calif.-based provider of offshore IT services, depends on former employers and third-party firms to check the references of Indian job candidates.
Once someone applies for a job at a Sierra Atlantic Indian facility, the company checks his qualifications with previous employers, said Venkataraman in an interview from India. A third-party reference-checking firm is also used, and job candidates may be asked to provide paper documents, such as credit card bills and bank records, to help verify their credit histories, he said.
Sierra Atlantic’s process is “an India solution for an India problem. It seems to be working fine,” said Venkataraman.
Safeguards in Place
As envisioned, the Nasscom program would allow technology workers to voluntarily register in the database, said Nasscom Vice President Sunil Mehta. The registry will be administered by a third party that will hire a professional reference-checking company to conduct background checks, he said.
Jeroen Tas, vice chairman of Mphasis, said the theft of data from his firm may be the result of someone getting customers’ phone numbers and calling them outside of Mphasis facilities to gain personal identification numbers for account access. “Clearly, it is important that we keep reminding everybody that they shouldn’t give out PINs,” he said.
Mphasis doesn’t allow its business process outsourcing employees to bring in any media that can be used to copy files, and calls are monitored, Tas said.
Background checks don’t necessarily weed out problems, said Bruce Schneier, chief technology officer at Counterpane Internet Security Inc. in Mountain View, Calif. “Sure, they’ll find known criminals,” he said, “but they won’t find people with no criminal records who might steal money when the opportunity arises.”
Reference checks didn’t turn up any problems with the arrested employees, Tas said.
It may be up to employers to sort out best practices in dealing with offshore firms. The Financial Services Technology Consortium was developing offshore standards over issues such as the handling of live data. But it dropped the project because member financial services firms worried that any best-practice book could be used by federal authorities to develop more-stringent regulations, said Jim Salters, director of technology initiatives for the FSTC.