Home Banking SunTrust’s Overseas Outsourcing of Fraud-Detection Work Raises Security Issues

SunTrust’s Overseas Outsourcing of Fraud-Detection Work Raises Security Issues


In a cost-cutting move, SunTrust Banks Inc. plans to farm out some of its transaction-fraud-detection work to an overseas company, eliminating nearly 20 high-tech jobs in Orlando by the end of the year.

SunTrust, the largest bank in Central Florida, stands to benefit financially from having lower-wage workers abroad monitor customers' debit- and credit-card purchases for potential fraud. But some experts are warning that the "offshoring" of such computerized monitoring could place customers' personal information at greater risk of being stolen.

"Anytime you outsource personally identifiable information to a third party, whether abroad or not, you raise the risk of that data being misused," said Ed Mierzwinski, Florida program director for the Public Interest Research Group, a consumer-advocacy group based in Washington. "Banks have a fiduciary duty to protect your data, but you have to wonder what measures SunTrust is taking to do that."

Atlanta-based SunTrust, in confirming the outsourcing and the loss of local jobs, insists the change will not endanger customers' account security or their privacy. The bank indicated last week that it has taken all the steps required by federal bank regulations to verify the safety and soundness of its third-party vendors.

"Safeguarding the information entrusted to us by our clients is our highest priority and we maintain stringent policies and controls to do so," spokesman Hugh Suhr said in a prepared statement. He would not give specifics about those policies or controls.

SunTrust also would not identify the name or location of the offshore company that will perform the fraud-detection work. According to one of the fraud-detection employees losing their jobs in Orlando, the third-party company is Infosys Ltd., a multibillion-dollar company based in Bangalore, India.

The employee -- who spoke on condition on anonymity to avoid potential retaliation from the bank, which is letting the local employees affected by the outsourcing apply for other jobs -- said SunTrust also is transferring to Infosys some fraud-detection work done in Richmond, Va., and earlier this year transferred other fraud-detection work from a site in Atlanta. SunTrust would neither confirm nor deny that those job cuts have taken place or are taking place.

It is not the first time SunTrust has sent abroad information-technology work previously done in Orlando. Since 2008, it has eliminated hundreds of local jobs, many of them by outsourcing back-office functions such as technical support, computer-network management and software development.

The latest outsourcing occurs at the same time that SunTrust is seeking to boost its revenue by raising fees on certain bank accounts or increasing minimum balances for customers wishing to avoid the fees. Last month, for example, it bumped its overdraft fee to $36 from $25; it also increased the minimum balance needed to avoid a $7-a-month fee on its Everyday Checking account to $1,500 from $500.

Bank analysts noted that many large banks in the U.S. and Europe have sent work overseas in recent years to cut costs and strengthen their bottom lines amid the sour economy, flat interest income and rising regulatory costs.

"We don't like it when we see jobs shipped overseas, but we love it when we see jobs come here," said Stanley D. Smith, a finance professor at the University of Central Florida. "That's just the way the global markets operate these days. All these businesses, including banks, look at their costs of labor and, if they can get it cheaper somewhere else at the same quality, they're going to do it."

But other experts said transferring fraud-detection work and access to sensitive customer data to overseas workers carries more risk than sending less-sensitive back-office work abroad.

"There definitely are high levels of security risk with outsourcing sensitive operations and the processing of sensitive data, especially to certain non-U.S. countries," said Avivah Litan, a banking and consumer-finance analyst with Gartner Inc., an information-technology research-and-consulting company. "There are also risks of deteriorating operational service levels that are probably even more likely than security breaches."

Though no reports have surfaced of trouble with banks' consumer-fraud monitoring overseas, security breaches have occurred in other areas of outsourcing.

In August, for example, New York banking regulators criticized United Kingdom-based Standard Chartered Bank for having outsourced its monitoring of money-laundering violations to overseas companies. The New York regulators said the move had played a significant role in the movement of hundreds of millions of U.S. dollars through the bank to the country of Iran, in violation of U.S. law.

New York regulators had authority to act against the U.K. bank because it has branches in New York; Standard Chartered eventually settled the allegations by paying a $150 million fine.

Litan said it is not surprising that banks are outsourcing additional data tasks these days, given the many pressures on their profit margins.

"I have to think that SunTrust is not undertaking this effort lightly," she said. "Hopefully, they have checks and balances in place so that sensitive information does not end up in the wrong hands."

When asked about the kinds of "checks and balances" banks must have when outsourcing their work, federal bank regulators cite detailed rules that require banks to document that their third-party vendors encrypt their computer data, screen workers, train employees and otherwise maintain security levels equal to those required of U.S. companies.

Some critics of outsourcing say they worry whether enough is being done to ensure compliance with those rules.

"I really wonder if regulators are just relying on paperwork -- like a signed contract, for example, that says the company in India is complying with all U.S. banking regulations and best practices when it comes to handling customer information," said Mierzwinski, of the Public Interest Research Group. "Or do regulatory agencies actually send examiners to India to verify this information? That's what I'd like to see."

rburnett@tribune.com or 407-420-5256 ___

(c)2012 The Orlando Sentinel (Orlando, Fla.)

Visit The Orlando Sentinel (Orlando, Fla.) at www.OrlandoSentinel.com

Distributed by MCT Information Services

Roots In The Military. Relevant To All.

American Military University (AMU) is proud to be the #1 provider of higher education to the U.S. military, based on FY 2018 DoD tuition assistance data, as reported by Military Times, 2019. At AMU, you’ll find instructors who are former leaders in the military, national security, and the public sector who bring their field-tested skills and strategies into the online classroom. And we work to keep our curriculum and content relevant to help you stay ahead of industry trends. Join the 64,000 U.S. military men and women earning degrees at American Military University.

Request Information

Please complete this form and we’ll contact you with more information about AMU. All fields except phone are required.

Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Ready to apply? Start your application today.

We value your privacy.

By submitting this form, you agree to receive emails, texts, and phone calls and messages from American Public University System, Inc. which includes American Military University (AMU) and American Public University (APU), its affiliates, and representatives. I understand that this consent is not a condition of enrollment or purchase.

You may withdraw your consent at any time. Please refer to our privacy policy, terms, or contact us for more details.