Monday, September 19, 2005

ahead of the pack

South Korean firms have invested smartly in India, targeting its middle class and export-platform potential.

By Jason Overdorf and George Wehrfritz
Newsweek International

Sept. 19, 2005 issue - In one whopping megadeal, South Korea has become the largest foreign investor in Asia's second emerging giant, India. On Aug. 31, Korean steelmaker Posco established a local subsidiary in the eastern Indian state of Orissa, paving the way for a controversial mill and mining complex that will cost the world's fifth largest steelmaker $12 billion and employ some 40,000 workers once it's fully operational in 2010. The behemoth dwarfs India's previous foreign-investment centerpiece, a $3 billion power plant launched by Enron in 1993. Yet even before shovels hit soil, Posco's arrival has triggered an outcry among anti-globalization activists and opposition politicians, who see a scheme to snatch, then export, Orissa's vast iron-ore reserves.

Their clamor—and the global buzz over China's emergence as an economic superpower—mask a deeply significant trend in Asian business: Korea Inc.'s rise to prominence on the Indian Subcontinent. By the numbers, Korea now tops the list of countries investing in India since New Delhi launched economic reforms back in 1991—at more than $14 billion. South Korean firms like Hyundai, LG and SK Group have carved out a notable presence in the country—the world's second largest and a potentially huge market for products like refrigerators, washing machines and television sets.

In just a few years, South Korean brand appeal has eclipsed Japanese rivals like Sony and Honda, and even the nation's biggest cricket stars have become known as Team Samsung, thanks to a successful sponsorship campaign. "South Korean firms have become household names in India," says Rakesh Shukla, an economist at the National Council for Applied Economic —Research in New Delhi. "[And] India has become an investment hot spot for the South Korean companies."

Confucian Korea, multiethnic India: it's not, on the surface, a natural match. Why the pairing works is a study in global commerce that offers lessons that non-Korean investors have already begun to heed. Though their strategies differ in nuance, each of Korea's chaebol (conglomerates) follows the same general game plan in India: intensively research the market, hit the ground running and localize, localize, localize. Thus Hyundai developed a new car, the Santro, especially for the Indian market and achieved near-complete localization of its supply chain within its first year of production. They target specific markets, create new (sometimes, state-of-the-art) products to serve them and usually beat their competitors to the store shelves—the exact opposite of the one-size-fits-all strategy still common among other multinationals in India. "We learned to treat Indian consumers with far greater respect than, for instance, a Japanese company was going to do earlier," says B.V.R. Subbu, head of Hyundai's Indian autoworks. " 'Good enough for India' is the kind of approach they have had."

In bilateral terms, Seoul and New Delhi have become key economic partners. Korean ventures have helped to establish India's vast potential as an alternative to China—both as a market and as an export platform for products like cars and white goods. Korean businesses now pursue a two-pronged "China plus one," or "Chindia," strategy as a matter of course, partly to hedge against a currency shock, recession or political unrest in the Middle Kingdom. India is LG Electronics' No. 3 strategic market after the United States and China, for example. "Korean companies rely too much on China. India has a great potential to [help us] reduce that risk," says Park Bun Soon, a strategist at the Samsung Economic Research Institute in Seoul. "You can't put all your eggs in one basket."

Arguably, Korea Inc.'s best weapon in the battle for Indian market share could be empathy. Unlike Japanese, British or American rivals, Korea is a newcomer to the club of industrial powers. Just 40 years ago, in fact, it was written off as a "basket case" economy incapable of advancement, a tag sometimes still attached to India. Attuned to their own history, Koreans sensed a latent energy in India others initially missed. So rather than stake out small premium segments by catering to India's tiny elite (as Sony sought to do with its high prices and products designed in Japan), the chaebol set their sights on a vast—yet, by Seoul's standards, still poor—Indian middle class. "Korean companies gauged the potential of the country very differently," says Samsung India's deputy general manager Ravinder Zutshi.

One case study is LG Electronics. Since arriving in India in 1997, it has become the country's leading manufacturer of televisions, washing machines, refrigerators, microwave ovens and air conditioners. Last year LG's India sales hit $1.7 billion; its 2010 target is $10 billion. At its factories in Pune and Noida, all but about 20 of the 2,700 employees are Indians, and the company has introduced many India-specific product designs, including refrigerators with smaller freezers and power sources bolstered to handle voltage spikes. LG's Indian operation chief, Kim Kwang Ro, strives for "complete localization and product differentiation." Adds LG spokesman Park Hyung Il: "India is a country with diverse subcultures. You cannot succeed there without becoming a local company."

A new study by McKinsey Co. forecasts huge rewards for companies that target India's middle-income earners. Published last week, "Winning the Indian Consumer" projects $400 billion in demand by 2010, which would make India the fourth largest consumer-goods market in the world. Most growth, the report argues, will come in a category called "aspiring India," comprising 40 million middle-income households, "a geographically immense market of consumers —who demand high value at low prices." Korea Inc. reached the same conclusion in the late 1990s. The study singles out LG for creating a distribution system that begins with flagship stores in big cities "and encouraged local entrepreneurs to set up stores in smaller towns to serve sizable rural populations."

Even in marketing, localization is Korea Inc.'s recurring theme. All its top brands strive to identify themselves as "Indian-friendly" rather than "foreign and therefore better," as outsiders sometimes do to generate snob appeal in emerging markets. Korean brands want to be seen responding to the needs of Indians with a more humble attitude, so as not to offend national pride. And who would be better sensitized to the issue than flag-waving Koreans?

Hyundai motor india typifies Korea's strategy of conceiving products specifically for the Indian consumer market. Until Hyundai arrived in 1998, foreign automakers were selling recycled models; Toyota, for example, marketed a "new" van in India that had already been discontinued in Indonesia. Hyundai's goal was to challenge Maruti Udyog Ltd., the government of India's joint venture with Japanese rival Suzuki, which had so dominated the market that to many Indians, "Maruti" had become synonymous with "car." Worse, Hyundai's own research indicated that Indian consumers ranked Korea far below Germany, Japan, the United States and even Malaysia for its automaking prowess.

No matter: Hyundai Motor launched a full line of cars, from a small hatchback to a luxury sedan, and the new choices caught on with the public. Some of the models are identical to those sold in Seoul showrooms, but are made in India. Today, less than six years later, Hyundai is India's second largest automaker. In 2004 the company sold roughly 150,000 cars within India—a jump of 40 percent over the previous year. Rivals Ford, General Motors and Honda sold 25,000 to 30,000 cars each. "Both the Japanese and the Americans have taken much longer to understand the real depth of the Indian market and its real size," said Hyundai's Subbu, a career industry executive Hyundai poached from domestic car- and truckmaker Tata Motors to run its Indian subsidiary.

Perhaps more important, Hyundai last year became India's largest auto exporter, selling about 75,000 passenger cars to Europe, Africa, Mexico and other countries. Rivals like Toyota and Honda instead bet on Thailand, which is now recognized as a less promising market, and less promising export platform. The reasons for the latter are complex; among them, Southeast Asia's free-trade zone has been painfully slow to materialize, and the region doesn't have the strong engineering tradition India does. Also, China and India are simply growing faster than Southeast Asia, and rapidly eclipsing it in terms of export competitiveness.

Korean firms have shown that India is extremely competitive in high-end manufacturing. Subbu has said that the quality of workmanship in India is as good or better than in Korea. In China, where most of the auto plants are joint ventures, technology theft is a constant fear. That's not a worry in India, because Hyundai owns the whole show. In contrast to other foreign automakers, Hyundai has localized production aggressively, a major cost-saving strategy. "The Koreans had zero name recognition, so they had no delusions about trying to get premium prices," says Saumitra Chaudhuri, an economic adviser at the credit-ratings agency ICRA Ltd. They realized that "Indian customers are more price-conscious and willing to experiment with newer products if the price is right."

Posco could take Korea Inc.'s success to another level. If India's manufacturing sector meets robust growth forecasts—and the company can sidestep nationalist critics—Posco's Orissa facility will open just in time to meet a surge in demand for steel. Today, India consumes just 30 kilograms of steel per capita each year, a mere eighth of China's annual intake. Its biggest customers are expected to be Korean auto- and white-goods makers in India.

Importantly, Korean companies have helped India gain self-confidence as a manufacturing nation and an exporter with the potential to rival China in certain industrial sectors. That confidence, in turn, puts new pressures on New Delhi to streamline foreign direct investment and open the door for more multinationals. This virtuous cycle has the potential to erode India's reputation for inefficiency, protected markets and red tape.

Though many would deny it, multi-nationals from Japan, Europe and the United States are cribbing from the Korean success story. After failing with the Escort, Ford swiftly developed a car especially for the Indian market, and has begun exporting it to several other countries. Maruti is embracing hipper designs. Sony has slashed its prices to get back in the game against Samsung and LG. Yet for now, at least, Korea Inc. is where it wants to be on the Subcontinent: firmly ahead of the pack.

With B. J. Lee in Seoul and Sumeet Chatterjee in Mumbai
© 2005 Newsweek, Inc.

Monday, September 05, 2005

'the death of reform'

In India these days, don't believe everything you read.

By Jason Overdorf
Newsweek International

Sept. 5, 2005 issue - Prime Minister Manmohan Singh's yearlong reign has been a balancing act, as he endeavors to live up to his reputation as the father of India's economic reforms without alienating the left-wing parties that his coalition government needs to survive. But lately, as his Congress party wrangles with the communists, the balance has been tipping. One by one, bold reforms are getting killed or shelved. These days Singh talks of the need for politicians to compromise in order to survive in office.

The question is whether Singh has fallen from compromise to capitulation on reform, as the opposition Bharatiya Janata Party claims. Labor, pension and banking reforms are going nowhere. A new law creating special economic zones for foreign investors was so watered down by the left, it won't have much impact. The commission set up to do away with monopolies and restrictive trade practices is moribund. Last week Finance Minister Shri P. Chidambaram, widely seen as Singh's right-hand man in the reform cause, announced that the government was scrapping plans to sell its stakes in 13 state companies, including an oil refiner, an aluminum maker and a shipping firm. This latest move "is another nail in the coffin of reform," says Arun Shourie, BJP Disinvestment minister in the previous coalition government.

Certainly the story dominating headlines in India is the Death of Reform. But despite all the evidence, the declaration may be premature. The prognosis of most investors is much more optimistic: the Bombay Stock Exchange showed no reaction to Chidambaram's announcement on privatization. The following day the benchmark Sensex index closed at a record high on buying by foreign funds. Investors had expected the shelving of privatization, which was foreshadowed in a common platform released by the ruling coalition partners last year. Meanwhile, the government has achieved progress on other fronts, lifting a rule that limited the ability of foreign joint-venture partners to expand inside India, as well as a cap on foreign direct investment in telecommunications. "Arun Shourie is just being a politician," says Saumitra Chaudhuri, an economic adviser at Indian credit-rating agency ICRA Ltd. "Privatization is not all there is to reforms."

This is about the politics, not economics. Chidambaram's announcement came shortly after every major Indian news outlet carried graphic photographs of striking Honda workers being beaten by police in Gurgaon, Haryanaone of the hotbeds of outsourcing and foreign investment. It also comes a few months before state elections in Bihar, as well as Kerala and West Bengal, where communists have dominated the polls. When the elections are done, many analysts say, the reform effort will resume. "This is only a minor hiccup," says S. A. Chari, executive director of the credit-rating agency Onicra Ltd. "Everybody is seeing the results of the reforms. Even in places like Calcutta [in West Bengal] you can see things changing very dramatically."

The danger, however, is that by positioning itself for these state elections, Congress could be creating expectations that will be hard to live down. In southern states like West Bengal, the communists are so well entrenched that they can throw open the door to foreign investors even as they spout Marxist slogans on the national stage, in order to solidify their one base in the north: trade unions at state-owned companies. Meanwhile, Congress must make good on populist election promises to gain ground in the south if it is to restore itself as a dominant national party.

That explains why, rather than pushing free-market reform, Congress party legislators recently passed a bill that guarantees every rural household in India at least 100 days of paid employment each year. Though they are still bullish now, the markets eagerly expect Congress to lift the many barriers to foreign direct investment: India attracts less than 1 percent of global FDI, while China attracts 10 percent. "It's a generous interpretation to say that reforms are on hold for elections," says Chaudhuri. "If you wait for elections to be over, thinking you will have a little more freedom, then those political positions become written in stone." And that stone could mark the real death of reform.

© 2005 Newsweek, Inc.

grand theft identity

Be careful, we've been told, or you may become a fraud victim. But now it seems that corporations are failing to protect our secrets. How bad is the problem, and how can we fix it?

By Steven Levy and Brad Stone

Sept. 5, 2005 issue - Millions of people now have a new reason to dread the mailbox. In addition to the tried-and-true collection of Letters You Never Want to See—the tax audit, the high cholesterol reading, the college-rejection letter—there is now the missive that reveals you are on the fast track to becoming a victim of identity theft. Someone may have taken possession of your credit-card info, bank account or other personal data that would enable him or her to go on a permanent shopping spree—leaving you to deal with the financial, legal and psychic bills. Deborah Platt Majoras got the pain letter recently, from DSW Shoe Warehouse. Hers was among more than a million credit-card numbers that the merchant stored in an ill-protected database. So when hackers busted in, they got the information to buy stuff in her name—and 1.4 million other people's names. "It's scary," she says. "Part of it is the uncertainty that comes with it, not knowing whether sometime in the next year my credit-card number will be abused." Now she must take steps to protect herself, including re-examining charges closely, requesting a credit report and contacting the U.S. Federal Trade Commission to put her complaint into its ID-theft database. The latter step should be easy for her, since Majoras is the FTC chairman.

Somewhere, Willie Sutton is smiling. Sutton was the sly swindler who, when asked why he robbed banks, was said to reply, "Because that's where the money is." Today the easy money is still in banks—databanks: vast electronic caches in computers, hard disks and backup tapes that store our names, ID numbers, credit-card records, financial files and other records. That information can be turned into cash; thieves can quickly sell it to "fraudsters" who will use it to impersonate others. They visit porn sites, buy stereo systems, purchase cars, take out mortgages and generally destroy the credit ratings of innocent victims, who may be unable to get new jobs, buy houses or even get passports until the matter is painstakingly resolved. And since the crime is all done remotely, modern ID thieves suffer little of the risk that Sutton shouldered a half century ago when he robbed banks with a machine gun.

We've become accustomed to the digital grease that smooths transactions, loans and eBay bids, even as worries about identity theft quietly shadow us, often leading us to restrict our activities and be extra careful with our credit cards and personal information. In recent months, though, there's been something different, a cascade of reports about big break-ins and bungles where the booty is our secrets. Suddenly things seem out of control: instead of losing our identities one by one, we're seeing criminals grabbing them in massive chunks—literally millions at a time. Just last week security firm Sunbelt Software discovered a U.S.-based server storing passwords for online accounts from 50 banks, eBay and PayPal log-ins, and credit-card numbers stolen by a Trojan virus. In June lax security at an Atlanta-based company called CardSystems exposed a possible 40 million Discover, Visa, MasterCard and American Express numbers to hackers, who have already begun turning the digits into cash and prizes. "It only makes sense that criminals would go where information is collected," says Martha Stansell-Gamm, head of the computer-crime division in the U.S. Justice Department.

"Over the last nine years, criminals have gotten a better understanding of the power of information," says Rob Douglas of PrivacyToday, a security consulting firm. "Instead of selling drugs, so much can be made so quickly with identity theft, and the likelihood of getting caught is almost nil." Avivah Litan of research firm Gartner Group speculates that fewer than 1 in 700 identity crimes leads to a conviction. This goes a long way toward explaining why it's the fastest-growing crime of this century. Crooks rack up $53 billion a year in ID theft in the United States alone. Consumers get stuck with $5 billion directly; and the rest is paid by retailers and businesses—which pass it on in higher prices.

Losing your credit card can be a huge hassle, but laws usually limit losses. In more distressing forms of ID theft, someone —swipes not just your card but also your entire financial persona. Judy McDonough, a 56-year-old occupational psychologist from the north of England, has been living a nightmare since last year, when she found that someone—she suspects a relative—racked up 33,000 pounds sterling of debt over three years, which included two credit cards, three bank loans and 2,300 pounds sterling of catalog orders. She reported the crime six times before taking it to her member of Parliament. Most banks, says McDonough, "just hope you'll go away."

For years, the primary cause of ID theft has been good old-fashioned analog crime. Thieves rifle mailboxes, snatch purses and dive into the garbage for discarded bank statements or credit-card receipts. More recently, we've seen a plague of "phishing"—sending bogus e-mails that look as if they come from legitimate companies, asking us to supply personal information. After the CardSystems heist, phishers, trying to capitalize on the news, sent out e-mails sup-posedly from MasterCard, asking people to update their information. "They played on the fear that consumers had when the announcement was made," says Susan Larson of SurfControl, an Internet-security firm.

Savvy computer users know the requisite defense against a phishing attack: never respond to a request for personal information. This wisdom is part of the standard tool kit of protections against ID theft. Check your credit-card bills with an eagle eye. Request your credit report. Shred your information. This regime makes perfect sense for individuals. But when it comes to companies charged with safeguarding millions, sometimes even billions, of records, what do they do?

They leave it unencrypted on computers, where malicious hackers get hold of it. The DSW Shoe Warehouse is far from the only hacked database owner. According to a U.S. government consent order, BJ's Wholesale Club, a Massachusetts-based firm operating big-box stores and gas stations, not only failed to encrypt, but stored records in violation of bank-security rules, didn't use a firewall to prevent wireless intrusions and protected the information with the easy-to-guess default passwords that came with the system. Result: credit cards ripped off in early 2004 were used to charge millions in goods.

They inadvertently allow employees to sell it. This June, a 24-year-old Indian man named Karan Bahree, who at the time worked for Gurgaon-based online marketing firm Infinity eSearch, allegedly sold information on 1,000 bank accounts to an undercover journalist working for The Sun, a British tabloid, for 2,750 pounds sterling, according to a Sun article. Bahree has since claimed that he was only a middleman and that he did not sell data his employer had collected (he's since been fired, according to a statement by Infinity eSearch). Infinity eSearch has said the company doesn't handle any data for the banks named in the Sun report, and that Bahree didn't have access to confidential data of any kind through his employment with the company, according to press reports. But the case has raised fears of an anti-outsourcing backlash if Indian firms are seen to be careless with the data they handle.

They pack it in boxes and put it in a mail truck. That's what CitiFinancial, a unit of Citigroup, did with the financial secrets of 3.9 million customers last May. The box never arrived at its destination, and now CitiFinancial is telling customers that their identities are at risk.

They leave it on laptops that get stolen. Last March at UC Berkeley someone made away with a computer holding personal information of almost 100,000 grad students and applicants.

They don't monitor what insiders may do with it. In April, more than a dozen people, including employees of an MphasiS call center in Pune, India, were charged with cheating Citibank customers out of $350,000. Citibank had outsourced some of its customer-service operations to MphasiS.

They just plain lose it. Bank of America is still looking for backup tapes with information on 1.2 million government workers, discovered lost in December.

They don't do what they say. CardSystems, a privately held company, processes an es-timated $15 billion in credit-card trans-actions a year (between the merchant and the bank). In direct violation of its agreement with MasterCard and Visa, CardSystems retained 40 million credit-card numbers "for research purposes," as its CEO John Perry initially told the press. These were sucked out of the system by digital invaders. CardSystems' clients admit that protection was lax: "Obviously there were deficiencies and other issues," says Josh Peirez, head of government affairs for MasterCard. Since the break-in, CardSystems has reportedly installed a new "intrusion-prevention product" (hey, thanks).

An elaborate infrastructure of crime has emerged to collect and distribute stolen records. When it comes to attacking databases, malicious hackers either use automated software "bots" to methodically probe the Internet for vulnerable databases or target companies that are likely to harbor honey pots. Most often, they enter systems through preventable security flaws, like guessable passwords (example: "Dave" or the default password that came with the program) or known vulnerabilities in software.

Once records are stolen, they are passed on or sold in fleeting digital dark alleys—chat rooms or instant-messaging sessions where transactions are quickly, stealthily enacted. Sometimes the crooks are sufficiently brazen to post their offerings on Web sites that are sort of fraudster eBays. At one site posted by a member of the Shadowcrew organization (which was shut down by the U.S. government last year), $200 gets 300 credit cards without the security codes printed on the back of the card. If you want card numbers with the code, it will cost you $200 for 50 of them.

After fraudsters buy the purloined numbers, they commonly use them to grab goodies as fast as possible. It's kind of a high-tech form of supermarket sweepstakes, where the crook keeps stealing until the fraud-management software of the credit-card companies kicks in. "The method is smash-and-grab," says Bryan Sartin, VP for in-formation-security firm Cybertrust. "The turnaround time is amazing."

As bad as the recent exposures have been, they may well wind up helping spur some very long-needed reform. Though identity theft is a devilishly difficult crime to combat, the key to fighting these huge cyber-raids is making the databases that hold private records more secure. Indian outsourcing firms have been quick to beef up internal security, and local police departments—like the one in Pune, which solved the Citibank case—have been starting cybercrime units. The best solution would make the companies that collect the data liable for their failings. The U.S. Congress may slap fines on companies that lose records. Anything that increases the cost of losing information to the company, as opposed to the consumer, would give firms an incentive to protect consumer secrets.

Each time we hear of another huge data breach, the pressure increases to tighten up security and fight the ID crooks. But change, if it comes, will come too late for Daniel Bulley, who's spent months trying to distance himself from a home he never owned, a job he never held and a portfolio of credit cards and accounts he never opened. Bulley is angry—at the crooks, at the cops (no one would investigate his case) and at the corporations that let his information fall into evil hands. He's especially steamed at the billion-dollar industry that has emerged to sell people protection against data theft—run by parts of the same industry that fails to protect the information in the first place. Corporations, says Bulley, need to be tighter with the data they hold: "Why should we pay them to do their job right?"

Reported by William Lee Adams, Holly Bailey, Jennifer Barrett, Juliet Chung, Temma Ehrenfeld, Charles Gasparino, Andrew Horesh, Nicole Joseph, Susannah Meadows, Ben Whitford, Kathryn Williams, Jason Overdorf and Mary Acoymo

© 2005 Newsweek, Inc.