Slashdot Mirror
Indian Call Center Employees Hack US Bank Accounts
The Ascended One writes "Call center employees working for an Indian software company, MSource, supposedly used confidential client information to transfer client funds to themselves. The alleged perpetrators used the personal information of four NY-based clients to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency. They were caught after the victims alerted the bank officials in the US, who then traced the crime to the Indian city of Pune. While the name of the bank has not been revealed, the article indicates that the bank in question is Citibank."
I wonder if this can be called hacking, looks more like a combination of poor process and security management on the part of Citi (if it is indeed Citi). Companies in the US should be wary of the extent of employee churn that happens in BPO firms in India. I'm in India, and I often get to hear of ex-employees stealing databases when they leave...
Citicards, the Credit card division of Citibank, got a new CIO several months ago. Mitchell Habib. He came from GE Medical. Before leaving there, he outsourced about 75% of their IT staff to India. He's currently doing the same at Citi. I worked there as a contractor. Two other contractors on the team and I were unable to get our contracts renewed because it came down from on high that all new contracts had to go thru TCS, Tata Consulting Services. They are the Indian outsourcing company that he used in the past. I recently went back to visit some friends and met my replacement. A nice young Indian guy making a third to a quarter of what I made there.
c =rl
r /20020411_ge_medical.htm
From what I understand, the standard rate for calculating your budget for contract work went from $70/hr to $22/hr. Of course, I believe they charge around $40/hr for their workers in the states.
Can't compete with that.
Here are some links about Mitchell Habib and TCS:
http://www.rediff.com/money/2003/apr/03tcs.htm?zc
http://www.tcs.com/0_media_room/releases/200204ap
-- Jason
I once called a creditor of mine and was obviously routed to an overseas call center. The gentleman on the other end of the phone after asking me my issue asked me my social security number. I was hesitant to give it away to a guy in india making $.50 an hour but figured I was being paranoid. I gave him the number and he said please hold. The next thing I knew he put me on hold and I was transferred to another service representative (in the us) who also asked for my social security number. Well needless to say I let them have it basically "Why would they ask me for my social security number to transfer me?" I started checking my credit report and stopped doing business with the bank. Nothing came of it and I was being paranoid but the reality is this sort of thing can happen anywhere. At a restaurant you give the server your card. Most servers make low wages and they take your card off to the back room usually.
I work in InfoSec and did a consulting project for a company that sells software (for clearing checks) to a lot of major banks. I was amazed how insecure banks realy are ! however the banks rely on thier ability to audit all transactions more than secure policys and procedures. So to sum up, it is easy to steal from banks it is hard not to get caught.
Sanity is the trademark of a weak mind. -- Mark Harrold
Piracy in the UK:
4 406575.stm
Unlimited fine and 10 years in prison.
Vote rigging in the UK:
Unlimited fine and 2 years in prison...
e.g.
http://news.bbc.co.uk/1/hi/england/west_midlands/
Government of the people, by corporate executives, for corporate profits.