|Founded||Mumbai, Maharashtra, India (July 2001 )|
|Headquarters||Dubai, United Arab Emirates|
Number of employees
|3,769 (30 June 2015)|
VFS Global is an outsourcing and technology services specialist for governments and diplomatic missions worldwide. The company manages visa and passport issuance-related administrative and non-discretionary tasks for its client governments.
VFS Global is a wholly owned subsidiary of the Kuoni Group, a company headquartered in Zurich, Switzerland and acquired by private-equity company EQT in 2016. The shareholding or governance structure of VFS Global has not been made public.
VFS Global was established in Mumbai in 2001, when it set-up three Visa Application Centres for its first client government – the United States of America. By 2005 VFS Global served eleven governments – including the United Kingdom, Australia and Canada. In 2007 it won its first global account from UK Visas and Immigration for operations across 33 countries.
VFS Global works predominantly with a user-pay revenue model where it receives its service fee directly from the visa applicants, in addition to the visa fees which are remitted to the diplomatic mission.
A security flaw in the VFS Global managed online application website for the British Foreign & Commonwealth Office resulted in up to 50 000 visa applications from India, Nigeria and Russia being publicly accessible. The security flaw was known since December 2005, but the Foreign and Commonwealth Office website was only shut down after an investigation in May 2007 following reports in the media. The security breach was first reported by an Indian applicant in December 2005 after which no effective remedial action was taken by either VFS nor UKvisas, the joint Home Office and Foreign & Commonwealth Office unit which runs the UK's visa service through British diplomatic posts overseas. The same applicant went public in May 2007 after he noticed that his earlier warnings were ignored.
The report of the investigation by the Independent Investigator, Linda Costelloe Baker highlighted organisational failures by both VFS and UKvisas. The report also recommended that the VFS online visa applications not be resumed for applications from India. This has since been replaced by the secure online applications made available directly at the Visa4UK official government website of the UK Border Agency. Baker also mentioned in the report that following this incident, UKvisas conducted extensive testing and found no evidence that data had been stolen or misused. VFS underestimated what was necessary in order to protect personal data to the levels expected by the UK Data Protections Act. After this incident, several visa application level checks were put in place. Technical processes were also upgraded later to check the records of the online application site.
In November 2007, the UK Information Commissioner's Office announced that it had found the Foreign Office in breach of its obligations under the Data Protection Act 1998. The Information Commissioner's Office required the Foreign Office to sign a statement that it would comply with the Data Protection Act and would not reopen the VFS UK visa online facility. It has been reported by The Guardian that as a result of this ruling, the Foreign Office would review its relationship with VFS and seek to significantly reduce its outsourced work, especially in the area of IT. Consequently, applicants from India today need to apply directly at the Visa4UK official government website for online visa applications. After the report was issued, VFS introduced various measures to ensure safe and secure business environment. One of them was to make all its centres ISO compliant.
Since this incident several governments have been critical of VFS Global's abilities and have raised concerns over security. "There's the accountability issue, the privacy issue and why are we outsourcing to a for-profit entity something that belongs in the security mandate?" asked Victor Wong, executive director of the Chinese Canadian National Council. Liam Clifford of global visas, told The Sunday Telegraph: "Once you put this work in the hands of private companies overseas, you no longer have the same protection."
VFS Global's security flaws were called into question again in July 2015 when their online visa forms for Italy allowed users to see the personal information of other applicants, including their date of birth, passport details and addresses, if they mistakenly input the ID number of another person when logging into the system.
- "VFS Global". www.vfsglobal.com. Retrieved 2015-10-15.
- Bollard, Mark (18 May 2007). "Indian problem could be worldwide". The Register. Retrieved 27 April 2015.
- "Exposed: Indian visa application data accessible to anyone with a web browser". Daniweb.com. 2012-06-20. Retrieved 2012-09-13.
- "Report of The Independent Investigation" (PDF). Fco.gov.uk. 2009-11-05. Retrieved 2012-09-13.
- "Investigator ridicules UK visa site". The Register. Retrieved 2012-09-13.
- "U.K. government slammed over bug in outsourced Web site". Computerworld. 2007-08-10. Retrieved 2012-09-13.
- "Foreign Office in breach of the Data Protection Act" (PDF). Information Commissioner’s Office. 13 November 2007. Retrieved 2012-09-13.
- Bobbie Johnson (2007-11-14). "UK government failed to protect privacy of online visa applications; guardian.co.uk". London: Guardian. Retrieved 2012-09-13.
- "Travel & Hospitality: VFS Global - Express Computer". Expresscomputeronline.com. 2008-10-13. Retrieved 2012-09-13.
- "Private firm's work with visas raises concerns". Toronto: .thestar.com. 2008-10-13. Retrieved 2012-09-13.
- Saeed Kamali Dehghan (17 July 2015). "Users' data compromised after technical glitch at Home Office contractor". The Guardian.