Slashdot Mirror
Offshored Identity Theft
Travoltus writes "The threat of increased misuse of consumer personal data by offshore criminals was first made publicly known with the UCSF Pakistani medical transcriber scandal. Then, in a logical progression of events, it was discovered that foreign criminal interests were offering money to offshored call center workers to surrender consumer data. Now that threat has been realized: Offshored call center staffers at Mphasis BPO have allegedly stolen £200,000 using United States customers' personal information. It is believed that Indian police reacted swiftly to catch the thieves, but only £12,000 has been recovered so far, and it is not really known who orchestrated this theft or where the rest of that money is now. It is also unknown as of yet how much of a mess this has created for the U.S. citizens who were victimized. Let's hope that the people whose information was stolen don't have to go through what other identity theft victims have to endure, to clean up their good name."
Why is identity theft by foreigners considered more scary that identity theft by Americans. I'd bet you $100 that the vast, vast, vast majority of credit card fraud on Americans is committed by their fellow countrymen[0].
[0] Or women.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
The worst part about stuff like this is that the system is set up in favor of the person stealing the information. There are what seems to be very few safeguards to prevent the theft of someone's information. However, when it's time to clean up the mess, those responsible for it, including companies that were mishandling the information, are nowhere to be found. Thus leaving the victim to spend excessive amounts of time and money clearing their "good" name. Just proves the only person watching out for you is yourself, so be careful who you trust.
Putting the focus on the fact that the thieves were working in outsourced operations is beside the point. The necessary assumption for this story to make sense, is that these off-shore workers steal more money from Americans than other Americans do. While I don't have statistics in front of me, I highly doubt that the off-shore theft problem is even comparable to in-house work. Big deal, some people stole a relatively small sum of money... it's only news because those "evil Indians" are taking all our jobs and are now stealing our money too!
The real reason for not wanting my personal information to leave this country is that I have more faith in the laws of my country to be able adequately deter & punish the folks who commit these sorts of crimes. I don't think that non-US citizens are any more or less good people, but they may have less of a deterrent to do the right thing.
Whatever you tink about Lou Dobbs, it's very irresponsible to just dismiss him as a racist.
Even "nationalist" is nonsense, he's merely pointing out one of the problems with unresitriced and unbalanced "unfair" trade. Now, you could argue this is a good thing, and we could point out the problems and have a discussion. But by labeling him a racist, the only thing you're trying to do is to "shut down" any arguments by coming up with ridiculous ad hominem attacks.
I'm an immigrant to this country, and I'm not a fan of outsourcing. I'm all for other immigrants from all over the world to continue coming here and contributing their talents to our local economies, but there is a problem when now people don't even want to become US residents, because they jobs are being drained away from here. We're about to face a serious crisis, when our technological workforce is being decimated by these companies. And there's nothing racist in pointing that out, nothing.
As for security, I don't think most if any people here are saying that a particular nationality is less trustworthy. But you'd be a fool if you don't recognize that some of the safety mechanism we enjoy in this country, are not as robust or even exist in other parts of the less developed world. As we deal with the poorest of nations, with our sensitive data, we have to be *extremely* careful. Already, there have been incidents of bribing by local crime syndicates in some of these countries to obtain data to steal identities. Can that happen in the US? Of course! But the question is, where is it more likely, and what are the protections we need to employ in these situations.
There's a rich discussion to be had on this topic, but please, try to come up with something better than "they're racist".
"Keep your friends close and your enemies closer."
Closer, in the instant case, meaning the same continent or at least someplace where we can capture and prosecute the fsckers.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
That's all that matters to upper management -- savings. Now, with many offshoring efforts only yielding 10 or 15% savings, what does an event like this do? It blows any potential savings, resulting in a net loss. Nice going, Mr. Shiny Hair And Teeth Strategic-Thinker!
Now, this question is directed at those big-shot CIOs who troll here, let me ask you something (feel free to reply as ACs). How much money does something like *this* cost your precious bottom line? And when it happens again, then what? What could possibly happen that would make you think "Gee, maybe our technical staff shouldn't live on the other side of the world and work for somebody else (including our competition)?" Or does that even matter?
Yeah, yeah, I know... Fugeddaboutit, it's purely rhetorical. I realize that employment horizon of the corporate ruling class is only as far ahead as their golden parachute payout. I'm sure you'll find a way to blame these failures on somebody else, Mr. Executive, and your replacement can implement a new strategy for cleaning up the mess.
Sure location matters. If your employees are nearby, you can keep tabs on them. You might even be able to directly affect their morale in a positive manner.
Either way, you can keep better control of things.
Also, culture is relevant in these matters. Some countries have traditions of institutionalized graft. To casually gloss over such differences is the real racist notion here.
What you are promoting is pretty much equivalent to the notion that if you speak slow enough everyone will understand english.
A Pirate and a Puritan look the same on a balance sheet.
"The threat of increased misuse of consumer personal data by offshore criminals was first made publicly known with the UCSF Pakistani medical transcriber scandal"
As a Pakistani, I am somewhat offended by the incorrect assumption made here. The medical transcriber was not paid for her work. She then "threatened" to release the medical data of various patients. Desperate mesure for sure, but she really didn't have much recourse. She couldn't take them to small claims court in Pakistan or something like that. Does this make her a "criminal" as suggested by the story? I hardly think so.
I think the issue underscored here is risk vs. reward. For someone in the US 30,000 USD isn't *that* much, not enough for many of us to risk jail time. That amount barely covers a years salary for many and I'd say for most reading this site it is way less then a years salary. If you're making $2.00/hr that is a LOT of money. Now we are talking almost a DECADE of salary.
My aim was certainly not to give the impression that I distrust people outside the United States but rather to discuss the idea of the purported plan for an "ownership society" within the U.S. of:
1. US Workers do menial labor
2. US outsources menial labor
3. US Workers do skilled labor
4. US outsources skilled labor
5. US Workers own everything and do no labor
6. US outsources all labor
What do we expect will happen? Why will we "own" everything? Because a piece of paper says we own it. What happens when the people that actually do the work tear up the piece of paper?
I think incidents like this are tiny examples of what's to come.
I'm a big tall mofo.
There is a remedy for handling this in the future for US citizens. We need to push our legislators to enforce it, which is obviously hard to do.
US Corporations are legally (criminally and civily) liable for the accuracy and protection of data that they collect on US Citizens.
This then needs to be negotiated into international treaties.
This would make a given company think twice about what information it really needs to be collecting, and how it will be protected. If the company wishes to outsource work, fine, that needs to be disclosed, and the company still remains liable for the protection of that data.
There need to be laws, and the laws must have teeth. This is a "service" that companies are carrying out "in the public trush." They need to be penalized for violations.
I wonder how long before class action lawsuits arise out of this. It seems reasonable to assume that outsourcing and offshoring of this sensitive personal information would be a risky practice and could even border on negligence.
We need more control over our own credit reports, since advancing our lives is completely dependent on them.
IIRC, it's very very hard for foreign companies to get Chinese companies prosecuted. India may be very law-abiding; be aware that that isn't a universal trait.
For the love of God, please learn to spell "ridiculous"!!!
You forget one detail - the poorer the country, the bigger the value that USD 100 has. Most americans would not risk their freedom for 10,000 USD, but for somebody in a poor country that is enough to retire on... so people are more tempted.
It is an inevitable consequence of exporting jobs to lower-paid workers - the temptation to steal is much greater.
Have fun posting.
Imagine US call center workers... Let's say they make ~$35K/year.
How much do they need to be offered before they'll break the law? 2x salary? 3x? more? Remember, the workers are withing US jurisdiction and will probably be identified. It needs to be enough money to "get away." Let's say 3x salary.
$105K (3x salary) is almost 30 percent of what the thieves stole.
Now, export that job to someone getting paid $8K/year and it not only makes it cheaper for the company outsourcing the work, it also makes it cheaper for the thieves. 3x salary would only be 6% of the take.
And, it may not even require that much money. Being overseas places the call center staff well out of US jurisdiction. Unless the offense is something particularly vile, nations (US included) will generally protect their own.
Well going by the summary, in this case the authorities did act swiftly, so it looks like India is a Good country and the story's emphasis on the location is mostly due to xenophobia.
BTW, here in Canada, we're very weary of companies who outsource some of their information processing to USA. US has very little privacy laws and worse, it has the PATRIOT ACT, so we'd rather spend more money and keep our info away from USA where it can be easily and legally bought by large corporations or copied by the government.
hahah, good luck getting a even a mediocre job without showing some ID, and probably being subject to a credit check. So I'd agree with you that it would be great to live that way, except we don't have a free society in which to do it.
Not really. You give most people the opportunity to acquire ill-gotten gains without risk and give them a reason to rationalize it, they will commit the crime 8 times out of 10.
You get what you pay for.
Do you honestly think that somebody could actually go unpunished doing what the Pakistani woman did with confidential medical records in the US? Offshoring has turned into a race to the bottom. I think that companies that put their customers' information at risk by sending it to places with lax privacy laws should be subject to a tax of 50% of their total earnings. The funds of this tax will be used to help ID theft vitctims get their lives back together.
"Do I dare disturb the universe?"
Argentina was prosperous in the 1920s, but after that it has always been an "upper middle class" third-world nation at best.
And the rest of your comment is a "Marxist Polyanna" type of thing, something you must have cut-and-pasted from some play for kids in Stalinist Russia. What really happened in Argentina was that the country held its currency so overvalued for so long that eventually all its foreign currency reserves were gone and the country started defaulting in its payments.
Argentina, for the last 30 years or so, since Juan Peron last became president, has been a total example of fiscal irresponsibility. In some provinces 40% of the people were employed by the state. You can't pay so many people doing non-productive jobs without taxing the rest of the people 100% of their income.
The result was an inflation that eventually topped 200% in a month and the economic problems that get partially controlled from time to time only to rise again a couple of years later.
Say my visa company is broken into and my personal info (ssn, mothers madien name, etc.) is copied by the perps in say India. Now, a year or so later, some dork in Easter Europe is using my personal information to get credit cards, home loans, whatever. How do I know that the personal information compromised through my visa company was used to assume my identity? It could have just as easily been someone who patiently taped together my shreaded documents or some other company with my personal information that was compromised.
Because so many people have my, and other peoples personal information, the burden of proof for many of these cases is pretty high. In many (most?) cases, it's prohibitively high.
-- john
That's exactly spot on. To which needs to be added that Identify Theft won't be taken seriously until it impacts our members of Congress.
If someone were to start publishing all the SSN's, Date of Births, Credit Info, Biometric Info, Mental Health records of not just the members of Congress, but also their families, then (and only then) might they possibly rethink that centralized databases are a stupid solution. I say possibly, because the current legal market around database information is quite huge.
I say possibly, because the only tool they have is passing laws. Unfortunately, this is a case where you need the right technology, otherwise the existing information will always be abused.
The best way to predict the future is to create it. - Peter Drucker.
And then worry about international identity theft.
I can understand being worried that your personal information ends up being sent outside of your country of citizenship as an effect of outsourcing. It doesn't really matter where it's shipped to, as soon as it crosses the border, it becomes that much harder to catch and prosecute.
The thing is, if people want something badly enough, they will put up with the risk of identity theft. And some people just don't care enough or know enough to take simple precautions. I'll give you an example. I work for a Canadian company that takes orders from both Canada and the United States. We do not take orders through our email, because we do not have any kind of security with regards to our email system. When we contact clients, we specifically say not to email us credit card numbers, expiry dates, or other sensitive information. This isn't in the fine print, either, it's right in the body of the message! Yet people email us that kind of information all the time. And although an American tracing identity theft to Canada is probably a hell of a lot easier than tracing it to India, and our laws are similar in many respects, we are still accross a border. As such it would be significantly more difficult to trace and prosecute an offence committed in Canada from the States.
Identity theft, nationally or internationally, will not stop until people start taking personal responsibility for their information as much as possible. It's like locking your door whenever you leave the house -- a determined theif is not going to be deterred by a lock when there is a window that can be smashed. Locks are just there to keep honest people honest. At least protect yourself against crimes of opportunity.
That's not the only thing wrong with the "ownership society".
Even if it works, the overseas revolt you describe never happens, and money flows into the country, the percentage of Americans who will actually benefit from this arrangement is extremely tiny. The rest of us will be SOL.
Here is more CATO drivel from the link you posted:Notice how he fails to mention how much these half of Americans "directly benefited" from appreciation of securities. This is an example of lying with statistics- and it isn't a distortion, it's an outright lie. Instead of what percentage of individuals own stock, the relevant statistic is what percentage of stock is owned by whom. The percentage of households "owning stock in some form" is meaningless in this context. It includes everyone who has a 401k, every dentist and granny who owns 60 shares of IBM. In terms of total market capitalization the "half of American households" alluded to above owns an extremely small fraction of all stock, and generally most people invest no more than they can afford to gamble with. The vast majority of stock is held by the lucky few who can afford to pay for all this propaganda.