Indian Call Center Employees Hack US Bank Accounts

The Ascended One writes "Call center employees working for an Indian software company, MSource, supposedly used confidential client information to transfer client funds to themselves. The alleged perpetrators used the personal information of four NY-based clients to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency. They were caught after the victims alerted the bank officials in the US, who then traced the crime to the Indian city of Pune. While the name of the bank has not been revealed, the article indicates that the bank in question is Citibank."

Easier to track

[Odo]

A lot of posts here will no doubt be saying something along the lines "see, this is what happens when you outsource". Well, think about it from an investigator's point of view. If money was transferred illegitimately from a US customer to somewhere in the US, it would be much harder to figure out what was going on than if it was being sent to India. By outsourcing the call center to India, it has made the origin of this sort of fraud much easier to detect.

I'm a system administrator and most of my customers are in the UK. So when I'm investigating an incident on our servers, and the logs show some activity from Brazil, it makes my job a lot easier.

Re:Easier to track

[mister_jpeg]

yeah! and another good thing about outsourcing is that the dollar goes so much further in countries like India, so the criminals need to steal less! Why, I bet if Citibank hadn't outsourced that call center and the theft had occured in New York or somewhere, it woulda been a couple million!

</idiot mode>

Re:Easier to track

[Alioth]

Extradition, even when there are treaties in place, is relatively rare. It is usually reserved for the most serious crimes, like first-degree murder.

Don't forget music piracy!

Re:Easier to track

[TTL0]

I work in InfoSec and did a consulting project for a company that sells software (for clearing checks) to a lot of major banks. I was amazed how insecure banks realy are ! however the banks rely on thier ability to audit all transactions more than secure policys and procedures. So to sum up, it is easy to steal from banks it is hard not to get caught.

Attention Citibank Customer

[DarkHelmet]

Attention Citibank Customer!

We are sorry to inform you, but your account information has fallen into the hands of employees at an Indian Call center we do work with. Unfortunately, your account may be compromised.

To protect your account, please log into our panel using the link below to change your username and password:

http://www.citibank.com/

Thank you for choosing Citi.

not hacking

[romit_icarus]

I wonder if this can be called hacking, looks more like a combination of poor process and security management on the part of Citi (if it is indeed Citi). Companies in the US should be wary of the extent of employee churn that happens in BPO firms in India. I'm in India, and I often get to hear of ex-employees stealing databases when they leave...

Odd that this article is here

[jago25_98]

When I take credit card info over the phone I could do just the same.

The only slight difference is that it's worth more over there.

So I find it odd that this is considered different.

Re:Indian, Native American, Ukrainian, Nigerian

[JaredOfEuropa]

It doesn't matter where people are located. What matters is that you have trustworthy people handling your business. And, you know what? Untrustworthy people are everywhere.

If your employees are proud to be part of the firm, and if you treat them with respect and pay a decent wage, they are less likely to turn to fraud. However, if you treat them like shit and pay peanuts, they are more likely to become disgruntled and commit fraud or (digital) vandalism. Yes, just like in 'Office space'.

The current relentless drive to reduce employee costs to a minimum does not help in that respect, in any country. From what I understand, Indians are currently happy with their current wages (and often very odd working hours). But what will happen when the squeeze from even cheaper Chinese workers is on?

Citibank Outsourcing

[Coward+the+Anonymous]

Citicards, the Credit card division of Citibank, got a new CIO several months ago. Mitchell Habib. He came from GE Medical. Before leaving there, he outsourced about 75% of their IT staff to India. He's currently doing the same at Citi. I worked there as a contractor. Two other contractors on the team and I were unable to get our contracts renewed because it came down from on high that all new contracts had to go thru TCS, Tata Consulting Services. They are the Indian outsourcing company that he used in the past. I recently went back to visit some friends and met my replacement. A nice young Indian guy making a third to a quarter of what I made there.

From what I understand, the standard rate for calculating your budget for contract work went from $70/hr to $22/hr. Of course, I believe they charge around $40/hr for their workers in the states.

Can't compete with that.

Here are some links about Mitchell Habib and TCS:

http://www.rediff.com/money/2003/apr/03tcs.htm?zcc =rl

http://www.tcs.com/0_media_room/releases/200204apr /20020411_ge_medical.htm

It's not that simple...

[ImaLamer]

I just have to say that this is a bigger problem than a simple "I told you so".

When you outsource certain operations you are giving people who have no connection with your customers their private information. Banking account numbers? Some people still don't use online banking because it scares them and we don't see this as a huge liability?

Really, what if a few thousand credit card and bank account numbers got into the hands of suspected terrorists? If they made a one time shot at getting items to fence or cash withdraws (wire transfers) and split, they suddenly have resources that was taken right from the American people.

I'm by no means saying that you should be suspect of *any* foreign person or enterprise. I'm thinking of the type of people who *might* get their hands on my/our information. What good is it to give to the people like EPIC when we give our information to people we can't necessarily track down? Can anyone guarantee that we will be able to bring someone to justice, under our laws (and equally for their benefit the Constitution)? I've worked on the phone making sales, and the problem we had was we were banned from taking credit cards because a few people screwed it up for everyone.

Of course, if someone wants the information they can get it. It just makes me wonder why we give our sensitive information to a foreigner when we need parts for our Dell (and by extension everyone else I don't care to list).

Re:It's not that simple...

[Dr.+Evil]

I for one am glad of the security I can place in trusting my fellow national. Ever since foreigners started bombing federal buildings, sending bombs to universities, sniping people randomly in Washington, and god knows what else, it's good to know that we can draw a clear line between "us" and "them"

Re:It's not that simple...

[Dun+Malg]

McVeigh WAS a hero/patriot in the old school sense.

Yes, because Jefferson, Franklin, Hamilton, et al set off carts full of blasting powder in front of crowded Offices of the Crown, randomly killing people, and this is how the US won the war of independence.

Not that killing children in daycare is a good thing. But why were people in a federal building hiding behind children anyway? They know wackos attack federal people from time to time

WTF are you talking about? Name one attack on a Federal building prior to (or after!) McVeigh. They weren't "hiding behind children" because they had no idea there was anyone to hide from.

Bet some government wonk was dumb enough to beleive that nobody would ever think of attacking them with children as a flesh shield.

Bet it never occured to anyone that some dumbass would think it worthwhile to set off a bomb in front of a building full of boring, miscellaneous government drones smack dab in the middle of Dullsville. Really, what kind of tard do you have to be to pick such a stupid target? If he wanted a symbolic hit against the FBI or BATF, he should have picked a FBI or BATF field office, instead of a building with mostly Social Security and postal service workers.

McVeigh did some fucked up shit, but I still cannot help but feel some respect for having the balls to do what he did.

I have trouble respecting mental midgets with delusions of grandeur simply because they fancy themselves super-patriots. A man walking down the street randomly cutting of people's heads while shouting "no taxation without representation" is no patriot in my book either. I might agree with the premise McVeigh started from, but I'd have to give him a big fat zero for his chosen conclusion. Fuck McVeigh. Fuck him twice. He was a typical macho failed-to-get-into-Ranger-school-so-he-left-the-Ar my dumbfuck that gave other Desert Storm vets like me a bad name for a long time.

If more Americans had the nuts to take their government to task for oppressive things they have done to this great country, things wouldn't be as shitty and corp-controlled as they are.

Yes, but blowing one another up is not going to get the feds off our back. I guarantee that no amount of purely symbolic random bombing is going result in anything more than further oppression.

But here I am posting anonymously because I am afraid of what the government might do to me for speaking outside of the "official truth".

Talk about delusions of grandeur. The government doesn't care about some guy on a message board spouting off about patriotism. Really, you sound like an actual tin-foil hatter who thinks the government is trying to read his thoughts. The flaw in that line of reasoning is the presumption that the feds even give a fuck about a a nobody like you (or me, for that matter). They don't care about people like us! Get over yourself!

Re:Indian, Native American, Ukrainian, Nigerian

[WIAKywbfatw]

On the other hand, you don't have to be poor to be so consumed by greed that you're willing to steal or commit fraud to further line your pockets. Just look at Enron, Worldcom, etc if you want proof of that.

It's all relative...

[otter42]

The alleged perpetrators used the personal information of four NY-based clients to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency.

I would have thought $350,000 is a large sum in ANY currency.

Brother, can you spare $350K?

Re:crores

[romit_icarus]

It's just a different way of grouping of decimal places. In India it's common to have them group two decimal places instead of three. Get a better description here: http://www.answers.com/topic/indian-numbering-syst em Globalisation is however making indians, albeit reluctantly, shift to the million/billion system, but it'll take time...

I'm surprised this does not happen more often.

[neckdeepinspecialsau]

I once called a creditor of mine and was obviously routed to an overseas call center. The gentleman on the other end of the phone after asking me my issue asked me my social security number. I was hesitant to give it away to a guy in india making $.50 an hour but figured I was being paranoid. I gave him the number and he said please hold. The next thing I knew he put me on hold and I was transferred to another service representative (in the us) who also asked for my social security number. Well needless to say I let them have it basically "Why would they ask me for my social security number to transfer me?" I started checking my credit report and stopped doing business with the bank. Nothing came of it and I was being paranoid but the reality is this sort of thing can happen anywhere. At a restaurant you give the server your card. Most servers make low wages and they take your card off to the back room usually.

So..

[ASkGNet]

I really should update my account details in Citibank, as per the email that I got awhile ago.

They said my monies will be stoeled if I don't

Re:Indian, Native American, Ukrainian, Nigerian

[Alioth]

I'm one of the biggest foreigners around...

May I suggest you lay off the Big Macs and Whoppers for a while then?

What's wrong with the heart of Citibank? Read on

Although this particular sort of naive fraud is unlikely to repeated for a while at Citibank, Citibank has a history of association with much more sophisticated and serious fraudulent activity. I refer to Citibank's crucial role in suggesting, creating, structuring, and maintaining the complex banking and hedging schemes for both Enron and WorldCom. Forget the Enron and WorldCom directors for a moment. The Citibank directors who were involved should be held accountable for their contribution to the frauds and yet they have all somehow managed to evade proper censure; indeed they still hold company office - that's absolutely not right. The SEC and AG have done nothing with any of them. Let's avoid using Citibank and let's see why they they get away with their activities...

Some background on Citibank's unresolved history of association with serious fraud:

here
and
here

Re:Indian, Native American, Ukrainian, Nigerian

[testadicazzo]

On the other hand, you don't have to be poor to be so consumed by greed that you're willing to steal or commit fraud to further line your pockets. Just look at Enron, Worldcom, etc if you want proof of that.

Too true. There are two problems to consider. Rampant poverty will increase crime. Especially in the event where labor is being done, but the laborers are not reaping the rewards of their labor. So that's one contributing factor, in the U.S. as well as abroad.

A second contributing factor is the culture of greed that dominates in the modern world. Wealth without labor is the new goal. One of the most elequent discussions of this I have seen was by harvey pekar, in an issue of American Splendor (sorry, don't remember what issue). But we have a culture (which we are aggresively exporting) which places more importance on the possession of wealth than on honesty, integrity, or a strong work ethic.

I'm hoping that this is actually changing, that the Bernard Ebbers, the Dick Cheneys, the Kenneth Lays and Darrel McBride's become outcasts and pariahs, shunned and hated enough by society at large that people feel a strong enough social pressure to mitigate their greediest instincts.

Re:Nail on the head!

[Samrobb]

And here is the fallacy in your argument.
That indian tech may be getting a fraction of what YOU make per year. But, he is getting MANY TIMES as much as as the average Indian worker.

And here's the fallacy in your argument - that same difference in pay scale/cost of living means that the $350K US that they made off with was worth a whole heck of a lot more to them than it would be to you.

Would I risk something like this for 10 years' salary? Nope.

Would I risk something like this for 50 years' salary? I'd like to think no, but I've never been tempted like this...

Would I risk something like this for for more money than I could otherwise reasonably expect to earn in my lifetime? Maybe. Imagine yourself in a situation where a few minutes effort would net you $10 million of someone else's money. Can you be sure that you wouldn't consider that at all tempting?

I'm not sure where these guys ended up on that scale, but I suspect that you're still talking about enough money to live comfortably for 20-30 years. The cynical part of me says that their real problem was that they didn't steal enough. If it had been a few hundred million, then they wouldn't be thieves, just international market speculators...