Slashdot Mirror
Indian Call Center Employees Hack US Bank Accounts
The Ascended One writes "Call center employees working for an Indian software company, MSource, supposedly used confidential client information to transfer client funds to themselves. The alleged perpetrators used the personal information of four NY-based clients to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency. They were caught after the victims alerted the bank officials in the US, who then traced the crime to the Indian city of Pune. While the name of the bank has not been revealed, the article indicates that the bank in question is Citibank."
I'm a system administrator and most of my customers are in the UK. So when I'm investigating an incident on our servers, and the logs show some activity from Brazil, it makes my job a lot easier.
We are sorry to inform you, but your account information has fallen into the hands of employees at an Indian Call center we do work with. Unfortunately, your account may be compromised.
To protect your account, please log into our panel using the link below to change your username and password:
http://www.citibank.com/
Thank you for choosing Citi.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
It doesn't matter where people are located. What matters is that you have trustworthy people handling your business. And, you know what? Untrustworthy people are everywhere.
I, for one, do not buy into this Lou Dobbs racist/nationalist claptrap that says that we can't trust foreigners. I'm one of the biggest foreigners around, if you consider all the places I have to travel to that I'm not actually a citizen of.
Hey, bad people are in India. And in the U.S. And in Europe. And in Asia. Oh my god! They are everywhere!
Luckily, the bad people are outnumbered by the good. I can just take a look at my lists and figure that one out.
I wonder if this can be called hacking, looks more like a combination of poor process and security management on the part of Citi (if it is indeed Citi). Companies in the US should be wary of the extent of employee churn that happens in BPO firms in India. I'm in India, and I often get to hear of ex-employees stealing databases when they leave...
I know this could happen to anyone given a lax state of security.
But it's surely much tougher to vet people who have access to your systems when their whole culture is different (nevermind the fact that they're half the world away)
A lot more care needs to be taken when outsourcing internationally, otherwise the savings made will end up being spent on PR & the like after a cock up.
If the TPS reports had of had the correct coversheet on them, none of this would have happened!
I only hope this news flashes through the industry and gets in the heads of CEOs and PHBs everywhere who then start aborting outsourcing attempts.
If you're in Europe, fear not, the data protection act bars your personal information from leaving the EU (i think?).. unless its going to the CIA so they can have you extradited without trial.. Either way, if you're worried, call up your bank and demand to know where they send your data, its public information by law.
This comment does not represent the views or opinions of the user.
When I take credit card info over the phone I could do just the same.
The only slight difference is that it's worth more over there.
So I find it odd that this is considered different.
A blog I run for the wealth
There are a bunch of banks at which security is poor and at which attitudes surrounding privacy are lax. Ultimately, it doesn't matter whether they outsource or not or where: the problem is the bank and its management.
Well, it's not so much a case of us-versus-them, but a matter of accountability and proesecuting them. An earlier poster made the case that this makes it somehow easier to track, but I think this is an absolute load of claptrap
Remind me again, exactly how many people are there in India? So how exactly does the fact that you know it originated from India help you? Or say Brazil, China, etc - all of these places, though poor, are in fact heavily populated, densely packed, and often the authorities are loathe to co-operate with foreign officials (honestly - whose side do you think the Indian police force/bureacrats are on?)
Outsourcing critical infrastructure, and potentially dangerous data that can bite you back later is a recipe for disaster.
I'm Australian, and recently there was a furor over Boeing's court victory allowing them to discriminate against Australian workers, and select only US citizens - a lot of Australian's were mad, but I myself thought that Boeing had a perfectly logical argument.
You can call me a racist (fyi, I'm chinese - and the US's witch-hunting of Chinese "spies" irks me, but hey, it's another one on a growing pile of 'em...lol), so what the heck...
Victor Hooi
What is it with Indians counting numbers? Even when typing large amounts in numericals, they seem to put commas in unusual places. Could someone explain the system, please?
Besides, are Indians too good to be thieves?
Mea navis aericumbens anguillis abundat
Citicards, the Credit card division of Citibank, got a new CIO several months ago. Mitchell Habib. He came from GE Medical. Before leaving there, he outsourced about 75% of their IT staff to India. He's currently doing the same at Citi. I worked there as a contractor. Two other contractors on the team and I were unable to get our contracts renewed because it came down from on high that all new contracts had to go thru TCS, Tata Consulting Services. They are the Indian outsourcing company that he used in the past. I recently went back to visit some friends and met my replacement. A nice young Indian guy making a third to a quarter of what I made there.
c =rl
r /20020411_ge_medical.htm
From what I understand, the standard rate for calculating your budget for contract work went from $70/hr to $22/hr. Of course, I believe they charge around $40/hr for their workers in the states.
Can't compete with that.
Here are some links about Mitchell Habib and TCS:
http://www.rediff.com/money/2003/apr/03tcs.htm?zc
http://www.tcs.com/0_media_room/releases/200204ap
-- Jason
I just have to say that this is a bigger problem than a simple "I told you so".
When you outsource certain operations you are giving people who have no connection with your customers their private information. Banking account numbers? Some people still don't use online banking because it scares them and we don't see this as a huge liability?
Really, what if a few thousand credit card and bank account numbers got into the hands of suspected terrorists? If they made a one time shot at getting items to fence or cash withdraws (wire transfers) and split, they suddenly have resources that was taken right from the American people.
I'm by no means saying that you should be suspect of *any* foreign person or enterprise. I'm thinking of the type of people who *might* get their hands on my/our information. What good is it to give to the people like EPIC when we give our information to people we can't necessarily track down? Can anyone guarantee that we will be able to bring someone to justice, under our laws (and equally for their benefit the Constitution)? I've worked on the phone making sales, and the problem we had was we were banned from taking credit cards because a few people screwed it up for everyone.
Of course, if someone wants the information they can get it. It just makes me wonder why we give our sensitive information to a foreigner when we need parts for our Dell (and by extension everyone else I don't care to list).
Get your Unix fortune now!
I don't think it's racist per se to point out that the scammers were Indian - because they were, and that's not going to change - but it would be racist to extrapolate from that that Indians in general can't be trusted because of the actions of one or two people.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
... outsourcing to new heights !
A slashdotting - you get the stick first and then the carrot !
If you posted this, why are you now posting anonymously? I can't be bothered to look up references but it is undeniable that slashdot readers are easily provoked into rants against indians. Why provoke it? Is it really important that the scammers were indian?
Yes there are bad people everywhere so regardless where you set up shop, someone will take advantage. But, there are a lot of uncontrollable issues that arise when outsourcing to another country. Some which I will refer to are related to the enforcement and prosecution of perpertrators. For example: 1) in certain countries, there are no (or very weak laws) against the theft of "information." Mainly this is because the laws only relate to "tangible" items. 2) in certain countries, doing a background check on an applicant is almost impossible. 3) in certain countries, it is acceptable and commonplace to pay off police in lieu of prosecution. 4) in certain countries (and I know this is true in India) it could take as much as 20 years before a case goes to trial For the bank, it's the cost of doing business. And really, the losses are nothing compared to the money saved by outsourcing. I was anti outsourcing until one day I was riding in a car through the slums of Mumbai observing the extreme poverty that most of us could not comprehend. Then it dawned on me how outsourcing is important to young Indians. Seventh Magpie
It keeps reloading and reloading and reloading... I didn't have the patience to try to read the source to find out what it is. But it's creepy to hit the down arrow on your back button and see the same page listed halfway down your screen. WTF?
Insert witty sig here.
The alleged perpetrators used the personal information of four NY-based clients to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency.
I would have thought $350,000 is a large sum in ANY currency.
Brother, can you spare $350K?
www.eissq.com/BandP.html Ball and Plate System. Amuse your friends. Crush your enemies.
I once called a creditor of mine and was obviously routed to an overseas call center. The gentleman on the other end of the phone after asking me my issue asked me my social security number. I was hesitant to give it away to a guy in india making $.50 an hour but figured I was being paranoid. I gave him the number and he said please hold. The next thing I knew he put me on hold and I was transferred to another service representative (in the us) who also asked for my social security number. Well needless to say I let them have it basically "Why would they ask me for my social security number to transfer me?" I started checking my credit report and stopped doing business with the bank. Nothing came of it and I was being paranoid but the reality is this sort of thing can happen anywhere. At a restaurant you give the server your card. Most servers make low wages and they take your card off to the back room usually.
I really should update my account details in Citibank, as per the email that I got awhile ago.
They said my monies will be stoeled if I don't
This brings into issue all the medical, supposidly confidental, data that gets sent to India for transscribing. I hope companies from around the world take a look at the amount of personal information they are sending to around the world with out thought of who might be watching it.
Because I choose to?
It's not important that the scammers were Indian, it is important that employees of an outsourced company were perpetrators of a crime.
I also happen to have my own startup which has an offshore branch - personally, I'd be scared if personal client information were to be misused.
The one reason I did post the Indian part is because I'm hoping that this would get a lot of publicity, and Indian offices would smarten up to such acts by their employees. If you hear about one, you can be assured that there are many more that you don't.
Offshoring and outsourcing is a big thing for India and Indian companies need to take that seriously. If an employee is able to garner significant personal information of clients, then they aren't doing a good job of it.
The only way for them to get that message if this were to get publicity - and business of the said company were to suffer a significant loss for people to send a strong message that they need to do something about this sort of thing.
Bad publicity affects business, and money speaks strongest.
I still don't see how this is an indian issue or even an outsourcing issue. There are crooks in India, there are crooks in the US. If US call-centres were held to a higher standard, perhaps I could understand the point but selling client information and problems with insecure storage of data are universal.
Security is a 'system', and altering or extending a system, can open it to risk that were not originally envisaged when it was established. Adding a new site, adding additional computer systems, new network(s), new operative etc all can alter the security threat mix.
Extending a secure system to a new country, a new language group, a new multi-cultural mix, will also expose the system to a new mix of threats. Ths issue of extending such a system to a different continent, particularly if the operatives there are working at the higher(est) levels, entails exposing the system to all the differences between the new location and the old.
Whether the staff are physically in India or hold Indian state passports is incidental. The significant factors are, a) how close or removed they are from the cultural assumptions of the systems designers, b) how exposed they are to personal weakness, c) how exposed they are to external influence. These are sometimes referred to as Antipathy, Jealousy, Poverty, and Corruption. Placing a call centre in Dehli, Amritsar or Goa would vary the mix, as would placing it in Belfast, Glasgow or Ipswitch.
The plural of anecdote is not evidence.
Parent got the link to Citibank wrong! Here is the correct link:
http://www.citibank.com/
(Just kidding. Don't click that link. It's a joke.)
Looks like a slow day for Slashot if this type of stories get posted =)
According to the police, Thomas, who worked in the callcentre for six months before quitting the job in December 2004, had the secret pincodes of the customers' e-mail IDs, which were used to transfer money. In January, he roped in his friends and transferred money from four accounts of the bank's New York-based customers into their own accounts, opened under fictitious names.The story doesn't even have enough info to classify it as social engineering. People used confidential information to transfet funds. Ok, they used the Internet to do the transfer. Ok, they got PINs from customer emails. What's in there to learn? Where are the "news for nerds" here?
http://www.automatiq.se
'Ivan Samuel Thomas' doesn't sound like an Indian name... but that could just be my racist background showing (?).
deus does not exist but if he does
No need to get insulting. Perhaps my argument was too subtle. If people in outsourced firms sell data and people in US firms sell client data what does outsourcing have to do with anything. I am against outsourcing for other reasons but insinuating that indian firms are less trustworthy is a bogus claim.
Piracy in the UK:
4 406575.stm
Unlimited fine and 10 years in prison.
Vote rigging in the UK:
Unlimited fine and 2 years in prison...
e.g.
http://news.bbc.co.uk/1/hi/england/west_midlands/
Government of the people, by corporate executives, for corporate profits.
heck and people said Indians were stealing our jobs...
-if at first you don't succeed, stay the heck away from paragliding.
not so shy
The Indian outsource workers fight back after everyone mocking them on Slashdot! Watch out, next they might steal your job...oh, wait.
I own a a company in Europe and part of one in ****.
I ordered products from the **** company and transfered the money to them from Citibank by telephone banking.
I had a call back from Citibank, an 'anti-money laundering' call to check the purpose of the money transfer requesting the telephone number of the **** company to receive the money.
A day later the ***** company receives a call asking for wholesale pricing information from a Indian company that competes with me to the FINANCIAL CONTROLLERS telephone number, not the usual secretaries number.
How did they get that number?
Some background on Citibank's unresolved history of association with serious fraud:
here
and
here
Anyone else see the irony with the citibank advertisement smacked right in the middle of the story? Even if the story doesn't identify them, bad publicity is still publicity.
Truth is realized, not told...
And they laughed at me when I said I was going to just bury my money in a jar in the backyard!
Only now I forgot exactly where I buried it.
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Blaming the customer...isn't that already standard practice for all business???
But Officer, I DID read the f**king article!
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
"While the name of the bank has not been revealed, the article indicates that the bank in question is Citibank."
Don't know about you, but that seems kind of "revealed", to me, doesn't it to you? I think the folks running Slashdot say stuff like this just to generate additional conversation about how wrong it is!
:::The Spear in the heart of the Other is the Spear in the heart of You; You are He - Surak of Vulcan:::
"If money was transferred illegitimately from a US customer to somewhere in the US, it would be much harder to figure out what was going on than if it was being sent to India."
Right. Because its so much easier for the FBI to trace money in India than in the U.S. Do you even think things through a *little* before you post?
That ranks up there with the stupidest things I've read in about 3 weeks.
blakespot
-- Heisenberg may have slept here.
iPod Hacks.com
???!!!
However, outsourcing to people in less developed parts of the world means that much smaller (and presumably more "readily available") sums of money can provide them with a very good living still & make committing fraud worthwhile in the firstplace.
There are no intended racial overtones in these comments, just observations, and quite frankly it's the mega-corporations I laugh at now that they will start to get their "just desserts" for messing up the economies and lives of so many people for the sake of a few bucks.
Let's face it, if you're a Citibank (if that's who it is) customer that got ripped off by this, you'll get your money back anyway because it's obviously a security issue with the bank themselves, not the customer's fault.
I say good luck to the Indian call centre workers - they're being used as the 21st century equivalent of sweatshop labourers anyway so they should grab what they can before they demand too high wages and they themselves get dumped by the corporations like a lot of the rest of us have.
[INSERT LOUD SCORNING "HA! HA!" HERE]
Gentoo Linux - another day, another USE flag.
With this event, something much more serious has taken place. We have begun to outsource criminal activity. Oh the horror. What about the children of the criminals in the US? Where will they get their crack money?
This is very serious. We need to act now to prevent tossing away the lives of those in the US who have worked sometimes for their entire lives committing crime. While it might be possible for an engineer or call center employee to be retrained for a new job, we have lots of experience that says we are not very good at retraining out crimininals. After all, there are only so many CEO positions available in the US.
--- Liberty in our Lifetime
They got the account info from the users, presumably over the phone, then used it. It's more like plain old thievery than hacking.
Question everything
Really I didn't say "Indian" (you did) because it's not the problem. I don't have a problem with _any_ group. For god sakes, I'm a liberal, why would _I_ play the terrorism trump card?
Really my beef is this: I don't trust foreign workers at American companies overseas. I'd trust an Indian computer company with my credit card before I'd trust a support tech from the UK who works for HP (hypothetical).
Just because they are foreign, it doesn't automatically make them a potential terrorist for christs sake.
No, but you've got to admit it would be easier for Osama to walk into an Indian call center and get a job than a "western" one.
i've worked with a number of consultants from India on coding projects here in the UK and have found them to be nothing but exceptionally dedicated, meticulous and hard working.
So I can use that to make a projection about any other Indian I come across? Isn't that prejudice...? It's hard to fixate on one stereotype because do I believe yours or someone else's?
Anyways I should have said *all* not *any*... and be suspect of *all* if *any*...?
Get your Unix fortune now!
What no one's pointed out is that the much maligned Indian police swung into action rather quickly and all accused have been arrested. But no, we're trying to highlight some other facts here. All's well that ends well? And these guys got caught because, let's face it, they were too naive to think they could get away with it. It's darn stupid, never mind the nationality. I doubt we would have seen this story around here if someone sitting in California would have done such a thing. In which case the amount in question would have been much higher as well - while an "evil greedy" Indian is happy a few hundred thousand dollars, I'm sure the American "evil greedy" counterpart would be talking in millions of USD. Reason FOR outsourcing #65241 A "greedy evil" Indian steals less money than their "greedy evil" American counterparts.
I have an Indian guy in my office, and I got him to make a list of several very offensive curses in his native language. If I suspect I'm on the line with someone in India that is faking a name and accent, I play along for a bit and then say something on the list (I have no idea what they mean). A lot of times the American accent breaks down and I hear some yelling but it appears to be an effective litmus test. An American on the line just says "huh? cell phone going out?"
What connection do local call centres have with a banks customers that people who live further don't? ...
it's cheaper than giving it to a `fellow American`. I should have thought that were obvious.
A Ha, and you've discovered my complaint. We get paid a lot more, we have less motivation to steal. We depend on that job, we have built a life around it. The paychecks are okay, so the risk to benefit ratio tells me not to steal from customers. On top of that, they are fellow countrymen.
However, in India it is a different story (don't flame, just an example).
The Indian worker is getting paid a fraction of what you've just spent. I sure hope there was no contempt in your voice - contempt breeds contempt. The tech looks at his check and sees a nice amount of money but he sees another option. Really, if he loses this job there will be another American company who will come around (best part is, they don't talk to each other). We've created the economic situation where it makes sense to work for a few weeks and rip a few hundred people off. An organized effort could be dangerous.
No matter... bring the work home and solve the whole problem that way.
Get your Unix fortune now!
Thats exactly the problem though. If you are willing to work for $22/hr. You need to get a job with TCS first, and then get sent to Citi. Now it's a lot like going to work a staffing firm based in the US, who has a contract with another company in the US...
How easy is it for you to get a job with TCS if you are already based in America ? Not very easy. Plus if a company like USAA and Citibank have given exclusive contracts to TCS, then it makes it extremely hard for local recruiting agencies and talent to get the job. How come every company that has a contract with TCS ends up having 20-30 new indian contractors ? Something needs to be done about these exclusive contracts, and TCS needs to be told to first look for local talent. I know lots of people who have lowered their rates, just to compete with the Indians, but these exclusive contracts to companies who naturally are averted to experienced local candidates (can't exploit them as well), needs to be changed.
PS: I am an indian immigrant myself, I moved here when I was 13. And, I am competing for my job with classmates I had in India. I'm not racist or a bigot. I haven't lost my job to an outsourcing firm etc, but thats because I rarely work for large firms that can afford outsourcing in the first place.
Having recently returned from India, one of the biggest things I found was that almost everyone was trying to find a way to part you with your money. Strangely enough, the only place that this wasn't true was in the area near Pakistan (the desert) where the only industry is tourism and the most important need is water.
Leading up to our trip, everyone told us to watch out for pick-pockets. We did not find this to be common. Of course, there were countless people who are willing to tell you anything, including flat-out lies, to take your money.
What about Georges Fernandes (former minister), Ivan Dias (archbishop of Mumbai), etc ?
From the linked article: Msource, told TNN: "It is an unfortunate thing to happen. However, the arrested people are not on our rolls now." I think that Msource should try and make sure that they are hiring trustworthy people. I know that here in the states that they do background investigations on people that handle sensitive information. Is this done in India as well? Apparently not. I also find Msources' attitude on the matter somewhat cavalier. "The perpetrators no longer work for us so it is not our problem" is how I read the quote from Msource above. Maybe as more incidents like this occur overseas US companies will finally realize that you simply can't send your most important data to the lowest bidder.
I hate offshore outsourcing probably more than anyone here, but this is a bank. These are the institutions that came up with the idea of automating most teller tasks with an ATM machine and then charging you for using it (and then patting themselves on the back when they don't) IMO, banks are bad places to work right now, mostly since a lot of them are still on mainframes. You've got a huge system with a need for a lot of programmers on archaic old languages. The programmers you do have are retiring and dying. The new programmers don't want to do it - they want to learn J2EE and .NET. Rewrite the system in flavor-of-the-month language? Or just send the work to India where they jump at the chance to work with it and will do so for a smaller wage?
The irony is that I was given a raise and promoted thanks to the fact that the bullshit scripting task I was originally hired for was offshored to India. But I still don't trust it as far as I can throw it.
Schnapple
Now they're outsourcing our crimes!
Glad they explained how much was stolen in such clear terms. The value of the US lakh isn't what it used to be anyway..
I expected slashdot to at least notice this!
Comment removed based on user account deletion
"Then the New York Times article, titled "We're From Bangalore (But We're Not Allowed To Tell You)" revealed all. Indian call centers now had to acquire American accents and generic Anglo names..."
From http://www.corpwatch.org/article.php?id=10048
Before you design for reuse, make sure to design it for use.
No, $22 per hour is what the company, TCS, charges Citibank per employee.
Hmm I keep getting "404 Page not found", perhaps they're overloaded with password changes? I found this great alternate site to change passwords here: https://www2.citibank.com/chpass. Don't tell anyone though, we don't want this one crashing too.
Absolutely, one should identify country of origin
Totally... it will promote awareness to watch out for wire transfers from specific places if bank fraud is on a rise there. I don't care if it's India, Belgium, or Luxemburg. Mexico was hot on the fraud charts for a short period of time, and my was nice enough to phone me and ask me about a few trivial charges from there. Given I don't travel there often it was a legit concern.
When ever I watch the news, the stories almost always have a region associated with them. It in it self is hardly racist.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
What amazes me is that no one seems to care what foreign governments could do with all that information on US citizens. And they could afford the really juicy data analysis tools and have the resources to build very detailed dossiers on every American. Much like Homeland Security is doing by using private data aggregators.
Well, come to think of it I'm not sure I trust the Indian or Chinese government any less than DHS.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
It is time to not berate the concept of Outsourcing. We created the Internet, the Communications Network and now we reap the benefits. We Have decided to find the cheapest and best ways to maximize profits That is the Capitalist Model. Criminal activity has and shall always be a part of doing business. You create organizations like the SEC to monitor and police. But when society (The Seasoned Capitalist) clamours for Small Government then be prepared to face the consequences. Unfortunately when we get to taste our own recipes we dont necessarily like it. It has always been the case the last 500 years, that Europe and the US have been able to dictate terms to the rest of the world and when they dont anticipate how things are going to play out they quietly change or withdraw. Unfortunately for them The next 100 years are going to be tumutous as 2 plus billions in China and India shall be in a position to dictate terms we may not like and may have to either retract or create the myth of how Bad "THEY" are. Lets see if we as a society can play by the rules we created but now dont like.
Because you don't have to pay them. They pay themselves via your own customers.
I wonder if this will change the policies/practices of HIPPA compliant organizations/companies.
no sig yet
I'm also a little disgraced at slashdot, and some of the responses. Can you not see that this topic, and the way it was introduced is clearly a FUD campaign?? Instead of the pinup child of linux as the target, we have the less popular Indian employee. I have even seen comments saying I hope the CEOs and PHBs take notice. You should maybe try and motivate these people to start consuming fact and not reacting to fear, u & d.
If anything the Russian mafia should be complaining that their lucrative internet fraud network is being outsourced.
[% slash_sig_val.text %]
"there are only so many CEO positions available in the US."
And only one "President of the United States" position.
How dare they outsource to *foreign* criminals, when they could have outrsourced to US criminals like most credit card companies do ...http://www.unicor.gov/services/
"Sic Semper Path of Least Resistance"
Having recently returned from India, one of the biggest things I found was that almost everyone was trying to find a way to part you with your money...Of course, there were countless people who are willing to tell you anything, including flat-out lies, to take your money.
You sure that was India, and not Washington DC?
Caucasian.
Maybe they(banks) should outsource their call centers to Liechtenstein then, because it will be much easier to figure out who of the 25,000 inhabitants was the culprit, than to figure out who of the 295,835,000 US americans was it .
I'm still trying to figure out what people mean by 'social skills' here.
I believe that the integrity of those that are employed for outsourcing contracts must be one of the first things to consider before letting them handle sensitive account information. This sort of thing has not happened to a great extent in other countries, dare I say, in the West.
Outsourcing can only be bad for the countries that are doing the outsourcing. Skills are transferred from these countries to countries like India, and then the experience and know-how is lost from the countries in which they were developed. It all comes down to costs, and basically western currencies allow you to buy less in the west than it does in developing countries. Why is this? I believe it is because the West is just too capitalist. Eastern capitalism is probably better, because it means that everything costs a lot less, so western countries pay people in the east much less money than they would have to pay europeans or americans, and get the same work done. If things here were cheaper, then people here could be paid less as well, and the need for outsourcing would just disappear.
Do they hold down user id's that are only used for astroturfing? (And disguising astroturfing?)
Does Microsoft?
Do IBM?
Of course. They would be in dereliction of duty not to. It's one of the web's most important fora. And anyone can have their $0.02.
Are they getting ready to respond to stories such as these even before they have entered the Mysterious Future?
my password really is 'stinkypants'
i was never a big fan of outsourcing because it takes jobs away from us but i always thought it was strange to outsource critical tasks abroad because how do you find people accountable for their actions when things go wrong, if they live in another country? it definitely gets tricky, whether the errors were intentional (to undermine us) or accidental. just imagine outsourcing the writing of our defense software to another country..
--
http://unk1911.blogspot.com
It is tax season in the US.
H&R Block outsources much of its tax prep.
Same deal. The work is being done, with your personal information, a hemisphere away, by people who are not bound by our laws.
All HAIL OUTSOURCING. Just imagine this: I live in a POOR country, grew up without clothes on my back, had nothing all my life, still have nothing. A western company comes along. They still pay me $hit (because the reason they're in my country is to save money in the 1st place). I can buy bread, but I am still poor. This bank opens up their customer's accounts to me A battle in now brewing inside of my head: Do I stay a poor slave, or take a chance at the HIGH life. My good side (If I have one) is saying: No, don't do it.....it's wrong.
But the gravity is much stronger on the other side. I've been poor and unfed all my life......living in a place where being in jail could mean I get fed at least daily.....WHAT DO I HAVE TO LOSE?!?!?! Welcome to the beginning of the END
The phaomnneil pweor of the hmuan mnid. Fcuknig amzanig eh!
Whatever you tink about Lou Dobbs, it's very irresponsible to just dismiss him as a racist.
Even "nationalist" is nonsense, he's merely pointing out one of the problems with unresitriced and unbalanced "unfair" trade. Now, you could argue this is a good thing, and we could point out the problems and have a discussion. But by labeling him a racist, the only thing you're trying to do is to "shut down" any arguments by coming up with ridiculous ad hominem attacks.
I'm an immigrant to this country, and I'm not a fan of outsourcing. I'm all for other immigrants from all over the world to continue coming here and contributing their talents to our local economies, but there is a problem when now people don't even want to become US residents, because they jobs are being drained away from here. We're about to face a serious crisis, when our technological workforce is being decimated by these companies. And there's nothing racist in pointing that out, nothing.
As for security, I don't think most if any people here are saying that a particular nationality is less trustworthy. But you'd be a fool if you don't recognize that some of the safety mechanism we enjoy in this country, are not as robust or even exist in other parts of the less developed world. As we deal with the poorest of nations, with our sensitive data, we have to be *extremely* careful. Already, there have been incidents of bribing by local crime syndicates in some of these countries to obtain data to steal identities. Can that happen in the US? Of course! But the question is, where is it more likely, and what are the protections we need to employ in these situations.
There's a rich discussion to be had on this topic, but please, try to come up with something better than "they're racist".
- sigs are for wimps.
... to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency.
I don't know about all you dot.com gajillionaires, but $350,000 is a large sum in my world, too.
If $350,000 ISN'T a significant sum of money, please email me, I'd like to borrow some pocket change.
-Styopa
Slashdot makes me sad sometimes.
I know its not the 'best' thing to do, but its good to test their security of your account. No matter what call center it is; account security is critical.
I tried to social engineer some acct info around to get account numbers and such and just general account info. My bank, luckily, just hung up since its apparent they are aware of the issue. As a result, I make deposits there. I've yet to try doing an ANI Fail, and have Telus make a call on behalf of a bank, however I expect to have no success
I believe with outsourcing, comes tracking programs for all account activity (for call centers), which logs all activity so it can be traced easily; where as before it was maybe less of an issue, so it wasn't a high priority.
On a side note; T-Mobile call center reps are not trained against social engineering, despite the Paris Hilton press coverage.
All the outsourcing arguments aside:
With my work experience I can say that I it's so scary, that it makes me want to switch to cash and money orders for everything.
NOTE: I have access to 1 million new SSNs a month.
Consider some of my offshore counter-parts that US law inforcement would have a hard time prosecuting. Someone could sell that data for $250k or, then buy themselves protection from US authorities in a state that doesn't extradite.
This, the Choicepoint, and Lexus Nexus scandals are only the beginning. I'm certain that there are incidents that haven't ever, no will ever even be known. There isn't a law, other than in CA, that forces companies to disclose that there was theft.
This proves that the trouble with outsourcing a call center is with confidential information. Another major problem is pissing off your customers/clients because they can't understand the customer service agents strong accent. I've read several major publications all claiming the above two reasons for not outsourcing their customer service to another country.
There are new laws in the US for privacy. These laws are forcing financial institutions and health insurance companies to better secure their customer/client data. I work in an enterprise environment where we are currently implementing major security changes across all systems just because of the privacy laws. Here's a list of only some of the changes:
1. All users who have access to customer confidential data are completely logged with a full audit log. i.e. you just query a client and only read the data, it's logged. You query a client you shouldn't need to query and a red flag goes up. All transactions are logged and audited. Customer service reps have FULL ACCESS to all client data and transaction history. This need to be protected as much as possible.
2. All users who do not 'need' access to the client data have been removed from access. This includes programmers who once had access to production systems and live customer data. If a production problem occurs, the user has to contact their manager and request a special temporary user ID that is set to expire in 24 hours. This temporary id is issued to the user and reset. When the programmer or engineer is done with the user id, it's returned and reset. If the id is not returned, it's reset automatically within 24 hours or less. These special temp ID's have extra security and logging is more aggressive.
3. All access to client accounts, even access via clients themselves is logged.
4. All call center calls are recorded and archived for long term storage. Clients are told they are on a recorded line three different ways, once the automated voice system tells the user that all calls are recorded, the agent answers the phone and tells the client they are on a recorded line, and three there is a beep now and then to remind the client. Also they are recorded while on hold (just because it's easier then trying to stop recording). I would love to hear what people say when they think they are on hold and no longer being recorded! Call center manager frequently listen in on their service agent calls and review recordings daily.
5. There are departments such as special investigations and some legal departments that end up researching and reviewing logs when necessary. i.e. constantly looking for fraud or assisting the SEC, FBI, or police in an investigation.
Now, you outsource a customer call center to India and you let them access your client data. They need full access just like your local staff did. Trying to secure that data becomes much more difficult then if you are doing it here. Situations like what happened to Citibank are just one possibility. Another one, would be if the Indian Companies network is breached or their servers hijacked? Who really knows, because it's no longer on your network, how do you control the security? Obviously, you can't just host the servers in the US and provide the Indians a secure uplink, the cost is prohibitive and the speed is not great enough. You would have to put the servers in India. Imagine a 1,000 call center reps hitting the servers 24/7 with queries, you can't just pipe that to the US over a leased line!
Outsourcing customer data access to another country opens up major security questions as well as customer relations. I called 411 (information for local telco) and ended up talking to an Indian who couldn't get the name of the restaurant right even though I spelled it for him (Alpha Tango Foxtrot, etc) and kept giving me the wrong number. I gave up and went to the Internet to get the phone number! Try calling Circuit City sometime! I love how they answer the phone with a thick Indian accent but say their name is Chris or Richard! What a hoot, aliases to make them sound American!
...had the secret pincodes of the customers' e-mail IDs, which were used to transfer money.
my secret pincodes are only kept in my front jacket pocket...
Well, I'm personally thankful that they didn't hack US Bank accounts.
Confused? So was I.
I am MuchTall
While this is just a bunch of individuals being unscrupulous in their handling of other people's money, just wait...
Wait until some unscrupulous coder hand your outsources CVS source tree over to a company in a former Soviet State.
Sure, you have "legal contracts" to prevent that. But once your course is out there, no amount of legal action (even if you do manage to find the people responsible, and manage to get them into a sympathetic jurisdiction) will get your IP back under your control.
Some things are not outsourced, ever, no matter the cost advantage. Some things that should not ever have been outsourced, already have been, because the bean-counters had no sense of the pain to which they could be subject as a result.
Give it time. The access methods to the customer data of major financial and insurance agencies, as well as the sources of major retail packages, are quite likely to be floating around as we speak. And even if they don't get disseminated, they're worth a king's ransom, and such ransom will be due in due time.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
After working at a regional bank for a number of years, I noticed that all the Security Prodecures that banks rave about are really just a joke. The only time they are even used is to dust them off during their OCC audit. The truth is ANY employee can get sensitive information Luckly most people don't know how to use it.
I did a credit card app over the phone. I got an employee from India. We went through all the details and were ready to do the balance transfer. I gave him the account number that I wanted to transfer. He told me they couldn't do the balance transfer because it turned out to be from the same bank. Chase.
So, I told him that I didn't want the card. He then went on about the benefits. I told him I didn't want the card. He then went on about the benefits. I asked him if he could do the balance transfer at those rates. He said no. I told him I didn't want the card. He told me about the benefits of the card, I asked him if that included the balance transfer, he said no. He told me about more benefits of the card. (Repeat, repeat, repeat, until he got tired.) Finally, he got the message. I didn't want the card.
Two weeks later, I discover that my original Chase balance was paid off. Another week later, I find this new Chase credit card in my mail. Looks like he pushed my credit application through, anyhow, against my permission. Likely to boost his own stats.
Moral that I walked away with? Foreign BPO employees don't feel as accountable as the real thing. And they believe they can plausably write these things off as 'a misunderstanding' when explaining it to their bosses.
no, I read the City of Prune, but then us older slashdotters might think more about regularity than 'tang
A big part of me wants to blame the criminal -- Ken Lay, you're a criminal, and we're disgusted when we read about your excesses. But part of me wants to look at the bigger world in which a crime like this gets committed, too.
The further you are away from someone -- socially or physically or in whatever senses -- the more likely you probably are to think of that person as some sort of abstraction rather than a complete human being. If I work in a small town bank, when someone comes in with a check to deposit I see her handwriting and watch her gather up her kids to leave the lobby. Probably I'm not going to steal from her without thinking about that. If I'm on a call center in India, all the financial numbers on my screen are numbers, not people's savings and livelihoods. They're disembodied voices on the phone, if that.
It's not technology, exactly. The networking technology that puts these people in contact with their victims is the same one that lets someone working on a legal team in the Philippines send me a note about a review I wrote three years ago. That cuts both ways.
I almost hate to come down this way, but it seems like a big part of the breakdown here is corporate interests. Companies that send their work overseas in order to be competitive aren't bound by the same sorts of "social contracts" that we expect from local employers. They exist across more than one legal system, they're used to treating people by different standards in different places... it just seems like a recipe for the erosion of any sort of public spirit. And corporate cultures are amazingly powerful things.
I guess it's time for me to start protesting at World Bank meetings or something... which I never thought I'd do. But there's a gap, here, in the way people see each other as people, and it's opening wider at precisely the point where the most economic clout's being applied. That ain't good.
"Fundamentalism" isn't about divine morality. It's about human authority.
"Do I stay a poor slave, or take a chance at the HIGH life. My good side (If I have one) is saying: No, don't do it.....it's wrong. But the gravity is much stronger on the other side. I've been poor and unfed all my life......living in a place where being in jail could mean I get fed at least daily....."
Do you even know what you area talking about? Call center workers are not 'poor slaves'... they make more money than the average Indian, and have better working conditions. Heck, please do get out of your well and learn more about the world around you.
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
--Yes, you know something is wrong, and Brazil is where it happened... so you just call up the local UK police, and tell them to go to Brazil and arrest somebody, right?
The problem here is not with the particular nationality of anyone involved, but the concept: many Indian employees are paid well compared to local rates, they also know that they are only paid a fraction of what they know the former US workers were. Additionally, (it is my understanding that) many the Indians are essentially hired on a temp/contract employment basis. If you know that you are getting paid a pittance from a rich foreign company and you can reasonably expect that you will eventually be cut loose anyway, then what would motivate you NOT to steal? Certainly not gratitude towards your employer, or the assumption of a permanent position.
-Additionally, outsourcing companies in India are already getting bit hard by work leaving for places that are even cheaper.
So to speak: the Indian is not dumb, they may see that the gravy train is coming through town, but it ain't stopping for long. And thus the tempation to get what one can while the getting's good.... Most would not commit such crimes of course--but if just 1/10 of one percent do, the costs to the affected companies would be huge. They might even have to cut back on their CEO severance benefits....
(somehow I feel no sympathy for companies that get screwed this way, this was all a very predictable risk that reasonable people would have seen coming)
Sad, but the losses that the banks incur will most likely be written off.
Banking is a coddled industry of insiders.
They have been negligent in doing proper security.
And yet they get to rule us all.
Looks like outsourcing of jobs is costing us more than just jobs, but all our hard earned cash too.
Sneaky bastards I say, hehe
Anything that makes outsourcing mid-high end jobs to 3rd world countries a bad idea is good in my book.
I don't mind people coming here to get jobs, but competing with people who can live on 1 dollar a day for what was above average job is impossible to compete with here.
I hope a lot of noise is made about this, and things start coming back here, and things like tech support is no longer a high school job. And the level of the support given would be greater.
The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
Why would these Indian folks need to steal from banks? I mean they already have casinos f'r crissakes! ....ooooohhhh. nevermind. I understand now.
Quod scripsi, scripsi.
It doesn't matter where people are located. What matters is that you have trustworthy people handling your business.
In short, it does matter for at least two reasons:
1. It is more difficult to prosecute across borders. The legal process is slow enough for internal processes, and doubly so for cross-border crimes.
2. The temptation is bigger if comparative value of the crime is magnified by cost-of-living differences. A crime that may pay $10,000 may look more like a $100,000 crime to somebody with India's cost of living.
Table-ized A.I.
This is fantastic for US workers, especially telecom workers. The telecom workers' union couldn't ask for better PR.
If they were smart, and completely devoid of ethics and morals, they'd start hiring Indian telecom workers to violate USians' privacy.
Yes, it's a blog. Sorry if that offends you.
Did anyone notice the mastermind's name was Ivan Samuel Thomas? I don't know any Indian guys named Ivan, Samuel, or Thomas. What's up with that? Are we exporting our criminals too?
This is all probably driven by resentment and office politics fomented by an Indian Lumberg. Guess they didn't see Office Space.
It's too easy to scapegoat Indian call center workers and saying "I told you so". There have to be far more instances of this taking place stateside in the past. I'm sure banks went into overdrive to spin the media coverage on them. Now, we'll probably see a littany of op-eds from morons at the NY Times eluding to how Indian workers can't be trusted.
This is a CITIBANK(unnamed bank) problem, not an outsourcing or Indian workforce problem. Citibank is just too big for it's britches and someone in Citibank's NJ HQ probably got a cut of this scam. Bet you'll see it come out in the investigation months from now, and how other banks are investigating stateside workers who are setting up these scams with workers abroad.
yep.. outsourcing confidenial info to other nations is perfectly safe people... nothing to see here, move along ... your government is in control...
Not sure how big an incident it will take before we stop using these subcontinent subcontractors... Does that make them subsubs?
interesting.
so, are there ANY credit card companies that don't have the same kind of bad history and lack of trust that you say citi has?
my cards are citi - but I'll change if there's a better choice out there.
--
"It is now safe to switch off your computer."
hose were multi-billion dollar fraud, these are minor amounts of money.
I disagree, as the article said, $350k is a LOT in India. It might as well have been a multi-million-dollar coup (which is equivalent to what the heads of Enron probably earned from the scandel).
The issue, in my mind is that there were bright individuals in India without a creative outlet to financially succeed. There simply isn't the infrastructure and commercial-basis for becoming a multi-millionaire thanks to out-of-the-box thinking. Thus very bright individuals wind up working in crappy little high-paying jobs. There is little opportunity for advancement, and anything that would be challenging isn't likely to pay off. So you have intelligent minds taking your credit card numbers and other personal info.
If, on the other hand, intelligent people flocked to industry creating ventures, then those that man the phones would be the under-achievers. Their motivational structure is different, and thus they are generally only capable of pulling off pety crimes which generally are preventable by corporate governance.
The problem is not with India, or even China. The problem is that the US is tapping into this semi-lawful society, and expecting them to work just like min-wage Americans, when the dynamic is completely different.
You can still outsource to them, but treat them more as if you were outsourcing to a minimum-security prison (which many American firms do).
-Michael
Heh. I'm from Pune, sort of. I was just surprised that GP hadn't bothered to look it up. Of course, IHBT :P.
This crime is easily thwarted by black listing the log-in from every country except for the United States (or home country). The user can white list the countries they want to log in from. These crimes are only likely to be more frequent as spy-ware keyloggers, and other methods, generally spread the availability of logins around the world. The black list would probably affect fewer than 1% of customers, and customers that are traveling would always have access to the phone system. Cell phone providers already do this with SIMM cards.
Hey at least in India the perpetrators were promptly arrested which means that teh country is taking this sort of thing seriously. In Nigeria I am convinced the government gets kickbacks from all the scams pouring out of that country. I would rather have a support center in India rather than Africa any day (until African countries start taking this thing seriously that is).
The same thing happened with Enron and Worldcom without nearly so much outsourcing. They did however have a huge HUGE H-1b staff.
Seastead this.
And the worst part of it is, when I click on the link they send me, they always ask for the SAME DARNED INFORMATION!! You'd think they could store that stuff in a database somewhere...
In other news, my credit rating is -infinity and I'm overdrawn by one billion dollars on my checking account. I didn't know I even had that many CHECKS!!
This space intentionally left (almost) blank.
I am writing to ask for your assistence in a matter of great urgency. Due to circumstances beyond my control, I find myself incarcerated by my opressive government for liberating a corrupt system of $350, 000. This money is being held in hidden bank accounts the details of which only I know about. Due to my unfortunate situation, I find myself unable to transfer the money out of the country and am humbly writing to request your assistence in this most urgent of matter. Should you decided to help me with this I will gladly share half the money with you. This matter is most urgent and requires your immediate reply.
.......
Sincerely
Anyway, he did three separate attacks. The Olympic Park was to kill police officers, and the other two were to fight 'immorality' by killing peope.
Timothy McVeigh has one total, to kill government employees.
Both the Unabomber and the DC Sniper are harder to count, as they committed a string of smaller instances. Let's just call each reached the terrorism level of two larger attacks.
The Unabomber was attacking people basically randomly, out of a weird luddite political position.
The DC Sniper...I don't think anyone's figured that out.
And, of course, the World Trade Center was attacked twice, by the same people. Let's call that three, one half for the unsuccessful attack and two and half for 9/11.
Totals for race:
Black:2
White:6 (2 of those by Jews, if that matters.)
Arabic:3
Totals for 'religion', or at least apparent religion:
Muslim:6 (DC Sniper was Muslim, wasn't he?)
Jewish:2 (Kaczynski was Jewish, wasn't he?)
Christian:4
Totals for cause
Unknown: 2
Religious: 5 (2 Christian, 3 Muslim)
Political: 4 (2 right wing, 2 eco-terrorist.)
Gender
Just kidding, they're all male.
Adding all those up, it appears the most dangerous people are white Muslim males. Except there weren't any of those in the list, so let's go to the next runner up:
White Christian males. Who either have strong opinions about about how people shouldn't be immoral, or strong opinions about how the government is to far too the right or the left. And I'd have to say people who think that both are true, like the Olympic park bomber, probably belong at the top of the list.
The least dangerous people are apparently...black Jewish women. Hrm.
If corporations are people, aren't stockholders guilty of slavery?
Again, lost of people here just resort to unfounded attacks.
How is he anti-immigrant? Please explain.
- sigs are for wimps.
Yeah, it could happen in the U.S. too, but at least we can keep a closer watch on them.
'mmmmmmmmm.... forbidden donut'
I agree. With so much media attention on the bigwigs of Enron, WorldCom, and Arthur Anderson, you wonder why there was so little attention on Citibank. I thought that I was the only one who started getting suspicious when Citi bank changed my Visa to a Mastercard without prior notice. The only reason I could think of was that they were trying to make more money to cover their losses. They must be making more money by switching their users from Visa to MC -- there's no other reason. If Visa is "where I want to be," then why did they switch me without my approval? I thought that it only happened to a select few, until I started talking to colleagues with the same issue. I am asking the slashdot crowd, did this happen to you? Is anyone out there still holding a Citi card that is Visa instead of MC? Don't you think there ought to be some explanation from Citi as to why they did this?
Linux at home
It's not that bad. Most crimes are in the service industry. It's hard to see how we could outsource car theft or drug dealing.
If corporations are people, aren't stockholders guilty of slavery?
I'll do it.
I can't remember the last time I saw an ad for a bank going "Looking for programmers, will train!"
It's usually along the lines of "Must have experience programming on a mainframe. And know exotic technologies that went out of date 20 years ago."
As far as I'm concerned, programming is programming, if I want to do something new and exciting I'll join the Marines.
But if there's anyone in Denver looking for a new guy to take the place of their dead guy, send me a note. erik.zolan@gmail.com
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
Take a hike pal. American Capitalism did exactly the same things to 3rd world Latin American countries if not worse than what Lou Dobbs describes as happening to "Americans" (Read aging white urban professional crowd). His incessent rant about illegal aliens is pathetic. Illegal aliens (mostly mexicans) are everywhere. They do all menial work. Instead of crediting them for doing these jobs, he is trying to make them untouchables. He never presents the other side of the coin and he is a journalist. I dont see why the person who called him a racist should!
If you are willing to lick shoes to immigrate to America and others are not, thats your problem. (You wearing an american flag for a tshirt doesnt change the fact that you jumped through hoops to achieve immigrant status and everyone knows it.) Whether you like it or not, outsourcing will stay, because thats the way capitalism works. If you dont like it, go back to where you came from - you might find a job. Your opinion doesnt matter unless you are ultra rich.
Finally: Welcome to America. Land of Opportunity. And Lou Dobbs is a pretty pathetic attempt at covering up racism.
No, I am not. And whoever modded this shit down better put an extra lock on the house door (caz I am going to pay a visit).
On a more serious note. I work hard for my money. If a bank decides to save some loot and offshore the operations, the bank must be resposible for the actions. I realize that all the money is insured by FDIC (up to $100K); however, this is not the matter of government insurance. This is a matter of whoring American jobs out somewhere else in order to pay less money. Why stop at that? Why not make sure that we get a good bang out of the smaller sum of money. If it were up to me, I'd put every "John" who steals money on a death row.
Like Robert Rubin?
s in essheads/rubin.htmi on/history/secretari es/rerubin.htmle .shtml
http://www.citigroup.com/citigroup/corporate/bu
http://www.ustreas.gov/educat
http://www.forbes.com/fdc/welcom
Final 2006 "Proof of Global Warming" US Hurricane Count -> 0
> If you are willing to lick shoes to immigrate to America and others are not, thats your problem. (You wearing an american flag for a tshirt doesnt change the fact that you jumped through hoops to achieve immigrant status and everyone knows it.)
I'm a US citizen because I became naturalized. There's no such concept as only being a US citizen because you are born here, unless you favor some weird nativist notion that doesn't make sense considering mostly everybody in this country came from immigrants.
It's weird how you call Dobbs racist, yet you feel people are not really US citizens here because they weren't born here.
Hypocrite.
- sigs are for wimps.
He's more likely to steal the information because he's not governed by U.S. laws. I would have that was clearly spelled out in my original message. I wrote it using plain English and I was very clear about why someone would be more likely to commit a crime outside U.S. jurisdiction.