In my role at work I recently had the opportunity to discuss with a expert in security aspects of the PCI-Data Security Standard in the context of storing credit card information. This covers amongst many other things, whom has access to the data. Our client has a team in India doing work for his site as well.
This means that when he comes round to getting pci-dss compliant he will have to factor in them into his equation. Now I’m seeing that there’s been a pretty major security breach across India. This is one of the many factors one should consider when outsourcing work to beyond national borders.
The breach is in the form of a rootkit hijacking against certificates for drivers by Realtek whom quite commonly develop Ethernet cards for many manufacturers. Therefore there is a significant risk that your outsource partner could be effected.