Slashdot Mirror
Indian Call Centre Worker Sells Customer Details
lxt writes "A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi. An IT worker at the call centre handed over details at £4.25 per customer, as well as credit card numbers and account passwords. He claimed could sell over 200,000 account details every month. The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual. The BBC is also covering the story."
Well, it was to be expected, outsourcing the jobs to a low paid area - workers that are paid fairly are less likely to cheat their employees.
Get rid of the call centers, keep them in the country that they expect to be dealing with (UK call centers for UK clients etc)
200,000 accounts at $7.75 US would be 1.5 million per month. Nice side business.
The NSA: The only part of the US government that actually listens.
... the barter system. This newfangled electronic stuff just isn't working out.
GETPKG - Package Management for Slackware
So thats why outsourcing call centers to India is so cheap...
Gotta love that outsourcing eh..
"If it's true that our species is alone in the universe, then I'd have to say that the universe aimed rather low
Looks like someone in India is trying to improve their "standards of living". Now either people in India/China/etc get paid more or there is just going to be more people stealing.
In other words, "the jig is up".
I'm not saying "people from India are criminals". I'm saying someone [anywhere] who is paid like shit to do a job is likely going to try and supplement their income. This could [and has] just as easily happen in Canada or the states.
Tip of the iceberg...
Tom
Someday, I'll have a real sig.
I hope companies look at situations like this, and use it in their decision making process to decide whether or not to outsource to other companies. Its one thing if they send them source code to a project and the people sell it, but when they are giving our personal information to another company, they should be damned sure it wont be sold.
"The problem is not unique to any single nation - it is one that affects us all - and each of us has a responsibility to take on the criminals,"
It'll be interesting to see if this gets as heavy press as the compromised Mastercard accounts.
While I do not like the trend toward outsourcing, something like this will do little to discourage it due to the fact that the same type of data is so carelessly taken care of in the U.S. as well.
"Look out honey, 'cause I'm using technology" -- Search and Destroy -- Iggy Pop
I can't find the link now but I recall a year or two ago reading about a medical transcriptionist in the Indian subcontinent who threatened to publish the confidential letters about the patients of an American hospital online in a dispute over the price agreed upon.
- Full name
- Home address
- Phone
- Mother's maiden name
- PIN number
- Favorite password
Please send this information to me accompanied by a money order in the amount of $4.95 to cover my processing fees. I will get the confirmation about the tabloid article back to you ASAP.Decades ago it was the waiter or waitress at the restaurant we used to worry about. When mail order began to grow, it was the person at the other end of the line of a mail-order company. Outsourcing (in country or out of country) is just a form of concentration of this phenomena.
Sending potentially valuable information to people in a high stress, low paying job (in country or out of country, my wife worked in a call center in college) with poor controls is a risk. We have known this since the beginning, but we just seem to relearn the lesson each time.
What do you know I wrote a novel
Once Again, Another Indian Call Centre Worker Found Selling Customer Details.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Well of course according to the uk data protection act all our electronic information was allowed out of the country with express written permission of ourselves and therefore we have only ourselves to blame.
What you mean it wasn't ?
But isn't that illegal ?
The BBC also has another related story here,
Your sig(k) has been stolen. There is a puff of smoke!
This story is all over in Indian press.1 300460000.htm 5 0344.cms 5 0670.cms 4 9334
http://us.rediff.com/money/2005/jun/23bpo.htm
http://www.hindustantimes.com/news/181_1408799,00
http://timesofindia.indiatimes.com/articleshow/11
http://timesofindia.indiatimes.com/articleshow/11
http://www.expressindia.com/fullstory.php?newsid=
This, my friends, is one of the logical conclusions of a truly free market. I applaud the Indian for doing what Americans can't seem to accomplish. Free markets lead to free people.
Right. Because we all know that no American would ever pull a similar stunt. Damn Indians.
For having to having to chase payment defaulting customers - 150 rupees.
For handing over personal bank information - priceless.
For everything else, there's "EmbezzleCard".
Gentoo Linux - another day, another USE flag.
Well, the good news is that you're allowed to chop off the offenders hands when caught.
So the Sun offers an unspecified number of Indian Call Centre workers vast amounts of money to provide them with some confidential information and eventually one of them does.
The point of this story is what exactly, that everyone has their price ?
aside from the obvious, "everyone needs to make a living argument", people will find dubious means to enhance their income. the question is: why was this person able to access those details? could the details have been segregated and or secured/encrypted?
simple password protection is done on the database by hashing the person's password (one way encrypting). when the person tries to login, the entered password is encrypted as well and both encrypted strings are matched. Couldn't this type of thing be done for other details?
maybe segregating those that write the code (including version control access) and those that have access to production data, like customer facing staff, would be a good start.
Call center employees in the US and Europe don't pull what you'd call high salaries either. It's more of a jurisdictional issue. How easy and efficient is it to regulate and prosecute in these kind of situations. Also is organized crime able to exploit these issues? The answer is yes on this one. That's why money laundering involves moving money accross international borders. Once you do that, it becomes much harder to trace it.
You: "Dammit, my identity got stolen, I'll have to call my bank."
dials...
CS: "Hello sir, my name is Rodney, how may I help you?"
You: "What's with the delay?"
CS: "Hello sir, my name is Rodney, may I help you today?"
You: "Um...OK, my identity got stolen. Can you help me?"
CS: "OK, sir, first reboot your PC."
You: "Wait a sec, this isn't a tech call."
CS: "Tell me your personal information, so I can find out your account."
You: "OK..."
IGB: More fun than eating oatmeal!
By outsourcing the public risks getting screwed while the bosses of both companies are rewarded with big bonuses.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
There's been a lot of focus on internet security and encryption of sensitive data. But as we see - it's not during the transaction that it's dangerous. It's at the end point. Do you thrust whom you're giving your details?
Underholdning.info
Have there been any other instances of employee theft around the world? I know that the FBI investigations around the recent CardSystems leak of 40 million credit card accounts are looking at it possibly being an inside job. At $10 a pop, that could have been a pretty nice haul for someone out in Tuscon.
Rather than modding you all Troll or Flamebait, I challenge all of you kneejerks who say higher pay => more honesty (or lower pay => less honesty) to show some evidence for that claim.
"But all your emitter and collector are belong to me!"
My most esteemed colleague,
Please excuse my unforgiveable oversight in neglecting to put a return address. In my excitement to be making such excellent contacts in your country, I was clearly negligent. Please remit all sums to:
Post Office Stop A
Lagos State
Nigeria
I cannot tell you how grateful I am to find such a kind and professional person such as yourself, and I look forward to a mutually beneficial financial arrangement. Please send the money right away!
I know many will make the claim, "It's because it's in India with low paid workers." Let's remember the news in the US this year. How many breaches of security (CitiGroup, FDIC, Lexus Nexus, more have resulted in lost or stolen personal information in the United States of America? How many of these breaches were by high paid workers? It is not a matter of where or who lost or stole information. The core issue is the ignorance of the value of information. Personal information is the new commidity and big corporations have not had the epiphany or received the memo saying so. When they and consumers realize there is real money at stake, all will stand up and take notice.
One ring to bind them - should probably have more fiber and less rings in their diet.
Title says it all... Outsourcing sucks, and it doesn't surprise me that these same people, who can't speak English, and who don't really care about good customer service, are also thieves.
Why we outsource our personal information to countries where the anti-American sentiment is extremely high is beyond me.
I'd really love to see a comparison on how often illegal activities such as this happen, and how much money is lost due to poor customer assistance, vs. the savings offered by outsourcing.
Thank you come again!!!
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
While it's nice that Interpol has alerted the proper Indian authorities, what if there are no laws governing this apparent injustice? The way the story reads, it sounds like the Indians should start conforming to our rules if they don't already. Maybe Interpol is dictating how the indians will treat hash/pot smokers soon enough.
Thank goodness they don't have call centers like this in prisons. I thank god every day that there is no way my personal information could make its way to foreign terrorists who could use it to raise funds for their operations. The US and British governments would never allow that to happen. No matter how important commerce is to the US, they would never put it before the safety, health and well-being of its citizens. (this email written in 1980, left in Draft folder for 25 years and only now mailed).
They are required by law to put provisions in place to make sure that customer data isn't revealed.
The act *is* flawed in that it allows data to be sent to countries without similar data protection if they have a contract in place, it shouldn't allow that in the first place. But the contract in place with the oursourcing organisation should make sure that they have sufficient safeguards in place to stop this, the fact that it's happening says that the outsourcing companies are in breach of contract and the banks haven't put sufficient safeguards in place, an offence against the data protection act, 1998.
We need some prosecutions against CIOs, CEOs and the like. A couple of years in prison would improve their attitude to data protection.
Deleted
Hopefully they will clamp down hard on this. The data protection act is one of the best laws there are and I want it fully enforced, and I want call centre jobs back here - i don't care if theres a shortage of workers, i would rather wait 10 minutes on hold.
This comment does not represent the views or opinions of the user.
That's the country you are looking at. Chopping hands off is not legal in India. It is a form of legal punishment in Saudi Arabia.
-Shaunak
Ah...now westerners will see true indian business practices... /not a racist bastard //is indian
This is only making news because it's an offshore company for a Western financial institution. Maybe because companies are now supposed to tell their clients when their personal information has been compromised (which has *never* happened in house, right?).
Is it that the low-paid workers are more likely to steal, or, that these offshore companies just have less security, and a less-thorough recruitment process? Problem that domestic businesses deal with as well.
Enron and Parmalat have shown us that no matter where you are on the corporate ladder, there are rotten branches on the tree.
--- Dan
If Hollywood can do it, why can't I? I'd like my credit card numbers, SSN, etc to be unreadable outside the country (OK, I'll leave one credit card universally accessible for travel to foreign countries). In fact, I'd like to take it a step farther. I'd love some DRM on my data so that my bank can't pass it to who knows who 3rd-party companies for marketing opportunities.
I know, I know, I don't own my own data (the bank compiled it and thus the bank claims ownership of it). But a consumer can dream, can't he?
Seriously, until financial data gets some kind of DRM/coding/tracking codes/etc., it will be impossible to track who leaked or sold information and thus recover damages from irresponsible holders of consumer's data. Until the irresponsible can be found and punished (civil suits or criminal charges), no one will have much incentive to protect consumer data.
Two wrongs don't make a right, but three lefts do.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
I worked at a call center for a while. I certainly had a few offers from people wanting me to send them people's details. One man even described to me the types of vehicles I could afford to purchase if I did it.
But this was in Canada, people here aren't as desperate as they might be in other nations on the receiving end of the US's outsourcing.
I think your being a little generous there. It was The Sun.
Sadly this is all comming full circle.. The big bad part of the outsourcing craze is the inability to enforce US law abroad....
That's not the reason why outsourcing call centers to India is so cheap. The real reason is your horrible (ie nonexistant) sense of humour that all the people calling you for support simply could not take. All the people in India, however, have a great sense of humour, making it a pleasure to go through the tedious troubleshooting process with them. There are so many qualified call center employees living there that the competition keeps the prices way down.
Man is a slave because freedom is difficult, whereas slavery is easy.
So we've not only outsourced our call centers, now we've outsourced our criminals too?
Well there can only be one answer: India needs to outsource it's police system to catch their criminals. Some country further down the economic chain. Perhaps there are some Zulu warriors who could use some means of "persuasion" to get a confession.
At some point, of course, outsourcing has its limits. Cheaper is not always better, nor is cost always the major factor in development and support.
I'm tired of fitting the bill for fraud and fraudsters.. We seriously need something new and RIGHT NOW. Everyones interest rates would be substancially lower..
That's a lot of money he got
If one employee can walk off with thousands of customers' private data, then the system is putridly designed.
Three things need to happen:
Just increasing the workers' pay is not going to help. They are already rich compared to most of their countrymen.
The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual.
They are barking up the wrong tree. If only the individual in another jurisdiction is liable to sanction, why is it allowed for British banks to move personal information to foreign countries in the first place? Shouldn't the bank be fined for failing to protect personal information of British citizens?
Abuse of power by employees is not something new or interesting, but the accountability issue is. Personal information should only be moved between countries with similar protections against abuse. Having said this, I don't know anything about British law on this issue.
from the get-your-red-hot-moms-here dept.
WTF???
---
To confirm you're not a script,
please type the 7 letters shown in this image (_|_)
It seems like every day I am hearing about some company losing hundreds of thousands of credit card data files, putting millions at risk for a major incovenience -- at the least, they have to chage the credit card number and if they have accounts set up with vendors based on those cards, then they have to go and update those too. Obviously, that's the least-case scenario.
My take is that credit card companies are going to have to change the way that credi cards work to slow this down. While no technology is unhackable, slowing it down is certainly possible. Ffor example, credit cards could use a biometric identification to verify identity before they are processed. Given the right amount of encryption and backend security, this would at least slow down the wholesale trading of account numbers that has become a plague.
Finally, regarding personal information, it would appear that Sun's Scott McNealy when he said a couple of years ago that there was no privacy anymore. Perhaps. Nevertheless, as long as governments sit idly by and do nothing about the collection and disclosure of personal data, this is only going to get worse. Citizens need to demand that government take a larger role in this, and ensure that private data is not collected unnecessarily and that disclosure of it is punitively prohibited. Given that a number of nations are involved, an international treaty should be enacted.
That alone would not stop this from happening. However, at the same time, data not collected is data not sold.
This problem has grown past the ridiculous and it is time that something be done to stop it. Surely there are solutions.
Oh, so when the Dell help desk persons tells me to pry the keyboard from my laptop with a screwdriver in order to fix a software problem...they were simply making a joke?
Interesting, because when I told them to go fuck themselves, they didn't find it very funny.
Companies outsource jobs primarily because it is cheaper than providing the job themselves (this is especially true for jobs outsourced to other countries). We all know that. Part of the reason the jobs are cheaper to the company is because they do not have to worry about a host of expenses, including for example the cost of complying with governmental regulations related to the outsourced job.
I personally believe, however, that a company should still be required to enforce all regulations which protect the citizens of the source country (in this case, the UK). If it turns out the company is not able to force compliance with the governing regulation for whatever reason then it should be illegal to outsource that particular function. And if they are able to force compliance then the source company should be held liable for failure to comply by the outsourcing company with all of the associated penalties. The result would be that the source company could not avoid the cost of insuring regulations were followed and the outsourcing company would incur the cost of compliance as well.
This would have at least two effects. The cost of outsourcing would be more in line with competition in the source country and the citizens of the source country would not lose the protection afforded them by law.
The NSA: The only part of the US government that actually listens.
As a result, they ended up having contracts with people who didn't care all that much about their data, or what it meant. This is another example of why that's so screwed up.
Now, things will even out. All the smaller outsourcing firms will lose out and only the big players will remain - they may charge more, but they also pay more and will usually have procedures in place that will prevent this sort of thing.
So you are saying that greedy managers everywhere have yet again been reminded of something the rest of us mortals already know? That quality costs money, even in outsourcing. What a surprise! Professionalism may cost less money in India but it will still costs more than average.
Only to idiots, are orders laws.
-- Henning von Tresckow
There have been studies that have shown that, when companies pay less than market-value for the jobs they have, employee theft goes up. To think that people in India are willing to work for a pitance of what workers in countries like the US and Europe make is ridiculous. When corporations bombard people with images of countries that have a standard of living higher than their own, it's not long before they want that standard of living too.
All people want to be able to make their lives better; for themselves and their family. When the impoverished see wealthy people eating steak, the bowl of gruel in front of them doesn't look very tasty. When people see something they really want, wether it's a plate of food or a life style, they will beg, borrow and steal to get it.
The solution? Companies need to pay people enough money that the employee can see they are making progress towards their dreams and goals, not just getting by from paycheck to paycheck.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
There is a significant segment of the US Banking, Insurance and Healthcare billing infrastructure that is managed off-shore. This means that someone in India has all the admin rights they need to packet sniff, say, an ATM connection or a mainframe access that some clerk in Boise uses to input your info for that mortgage/car loan/credit card. Chew on that for a second.
Off-shoring data entry was bad, off-shoring call centers marginally worse, but giving the ability to bring most of our monetary system's infrastructure to it's knees over to another country, any country, is a very,very bad idea.
The short-sightedness (is that a word?)of the concept baffles me. You find a off-shore person who will work for a fraction of the cost of his local counterpart and use him to replace the local guy. The off-shore asset doesn't pay taxes into the US system, he doesn't use the US facilities (banks, hospitals, insurance companies, etc) that he supports. The local guy no longer pays taxes, does drain the system elsewhere through aid programs, defaults on bank loans and credit cards, no longer can afford private insurance, defaults on hospital bills etc, doesn't buy the big ticket items (like cars) anymore, which drives up the cost of living for everyone. It's a downward spiral; sure, in the short term, corporate profits look better, but you've incurred basic erosion of the customer base. It happened in the textile, electronic and automoblie industries and those actually move hard goods back and forth. Moving ones and zeros across the wire it much easier, but potentially much more destructive.
I agree, this is only the tip of the iceberg.
I thought a recently-introduced European law (THANK GOD FOR EUROPE!) prevented the export of client data to outside of Europe without their consent. Did any of those banks and companies inform their customers that their data will be exported and specifically seek their consent for that?
when I arrived here to Costa Rica first, to set up some network stuff and firewalls, I was told that the previous tech was chased by the neighbour outside with a gun in hand because he stole casino player data ....
...
... and would keep people selling other's sensitive info ...
well, before you think that it was your average latino guy that carries a gun i have to tell that it was a US businessman who operates a casino here
well I think if instead of the police, some big guy chases you down the street with a gun every time you touch data that does not belong to you - really makes the point
"where there is gambling, there are criminals"
I was waiting for this response.
I think that the Data Protection Act is a wonderful idea, along with all the other privacy related laws that the EU and the US have implemented.
Unfortunately, they all suffer the same weakness - people. No matter how well written the laws become, there will always be someone who has access to valuable information who is willing to sell / destroy / manipulate it for profit.
I think that, in addition to the laws currently on the books, that they should get extended to provide real penalties to companies and people in breach. I also think that there needs to be a greater push made for systems and software that minimises the risk of damage that any one person can make when it deals with information related to these Acts - perhaps a real, useful ISO standard or somesuch (as opposed to ISO 9000 / CMM - where our processes are bad, but they are well documented and traceable).
InfoSec that matters, when it counts.
I would imagine India does have laws to cover this kind of stuff, in fact I suspect that Indian law may match British law in many respects.
Interestingly enough this somewhat relevant to what I do for a living right now. I work for an outgoing call center in the financial industry.
.08$ per "lead".
Often when we buy lists of "leads" from Indian call centers they have very compromising data in them such as social insurance numbers, exact debt figures, etc. I often wonder where this information is really coming from.
Also did i mention that we pay
I've worked in a call center in the Philippines. For background, the Philippines is another popular call center location for US companies since there are fewer accent problems and the culture is remarkably American. The Phils is a better location for call centers than India, excepting the technology related fields, though the pool of workers with the proper skills is close to exhausted for the time being.
Anyway, at one point, a guy used someone's credit card to buy roses for his girlfriend. That's below criminal, and into the "just plain stupid" range.
After that, the company locked down everything. No cell phones on the floor, etc. Reps who regularly deal with sensitive e-mail don't even have access to e-mail. Access to sites like Yahoo is blocked from their computer and I'm not sure what else
While all activity is monitored, last I heard they were looking for a way to automate their search for suspicious behavior. (scanning logs for when a user opens notepad and types a credit card number. Probably not too hard in Perl, but I don't know the language.)
People talk about lower standards of living in other countries, forgetting that this is partly made up for by the fact that it's a lot CHEAPER to live overseas than in the United states. So while poverty in 3rd world countries is rampant, if you pay someone a halfway decent wage, the money goes a long way there.
And when you get down to it, it would be pretty tough to run a call center in the US staffed with college grads, like you could do in the Philippines, and keep it open 24 hours a day.
The fact that it's harder to prosecute people overseas is a problem. The company I worked for was based in the US, though, so it was still liable under US law. And I think that the company's potential liability was a selling point with potential clients.
Of course, one element in every crime is opportunity. The black market in the Philippines seemed much bigger than in the states which should increase the opportunity to sell things a person shouldn't be selling, be they pirated DVDs or CC#s
___
It's the end of my comment as I know it and I feel fine.
Cause we all know that only US businesses such as Card Systems are authorized to leak credit card /account information and allow it to be traded by criminals world over..
Rapid Nirvana
One of the big problems with outsourcing is the lack of control over the outsourced workers/company/etc. In particular, there is a problem with convicting somebody who resides in a different country with different laws, etc. Even when the laws add up on both sides, it's often hard enough to make the system "work" on a local/federal level, with internationally being even more difficult.
This kind of thing happens because we let it happen. Yet we still hand our money over to these companies so they can continually screw us over, outsource our jobs, and give us seriously inferior service and lose our personal information to foreign criminals, incompetent courier services, and bad security practices. We, as customers, have the right to hold these companies accountable for this kind of crap by how we choose the services we use. If you don't like Indian Outsourcing, then do not use the services of companies that use it. Take your money elsewhere. Convince someone else to do the same. Eventually, if you hit them in the wallet, it will affect their bottom line enough and they will reverse the trend. They did this very well in the 60's and it was called a boycott. We should also petition our representatives to create laws to outlaw handling of customer personal information by citizens of foreign companies, except in circumstances where International Commerce is taking place (IANAL, so the specifics would need to be addressed by those that are). While it will not eliminate this sort of crime, it would go a long way in isolating it to a region of the world where the victims at least understand the laws and can have some small chance of seeing justice served. Wishful thinking, I know, but at least it gives the illusion that something is being done.
This would happen even if the jobs stayed in the original host country. The only difference is it would happen without anyone knowing because the public attention that these jobs received because of the outcry of outsourcing would never have been given. Noone cared about call centers until it made front line news.
I'm sure the Indian government will make a big example out of this guy and put him in a Federal-pound-me-in-the-ass-prison for a very long time to prevent this from happening again. Which in the end will hopefully make the information even more secure than even if the jobs had stayed in their host country.
"If all the world's a stage, I want to operate the trap door." - Paul Beatty
One way to make it hurt more for companies is what lawmakers are doing in California, USA, where companies by law are required to notify customers whose information has been lost/stolen. The disclosure law worked so well that initially ChoicePoint notified only California customers, but the outcry was so great that they (supposedly) told all their customers that were affected.
Not that I'm a fan of more regulation, but bad publicity can be a great motivation tool. IIRC, there was/is a move afoot for a (US) federal law, but in Congress' current big-business group hug environment, they de-fanged the proposal by removing the reporting requirement if the information was encrypted "or other reasonable means [were] taken" to safeguard data.
ACHTUNG! Das computermachine ist nicht fuer gefingerpoken und mittengrabben. Ist nicht fuer gewerken bei das dumpkopfen.
We also need more states to have laws like California's that require notification when data is revealed. Otherwise, these things are often just hushed up.
Ok, so now my personal info is in botswana or whereever the hell Haggi sent it. Now what do I do. I can cacel all my credit cards, but beyond that what?
The Gov. needs to find a way to protect our identity.
How convenient, a call center for stolen credit card services. Why didn't the article give the phone number?
"A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi...The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual."
A tabloid did something redeeming for society!
I guess they now qualify for the same legal defense as Bitorrent. And the percentages are about the same, too.
outsource electronic voting = massive fraud stolen elections
outsource military = 8 Billion missing dollars, contractor/soldier quagmire in iraq
outsource data = identity theft
outsource jobs = usa stagnant, massive unemployed, bush says we need to be trained. Bla bla..
outsource torture
outsource electricity
outsource.. just about anything and it fucks up.
It's time to put a stop to the greed, and corruption in the Government.
The disease is a lack of responsibility of all kinds across our culture. Corporate execs should be personally responsible for known bad practices followed for slightly financial gain on their watch, for instance - a sense of good practices would then be taken personally by those officers.
This is a problem exacerbated by outsourcing and also one reason FOR outsourcing this sort of thing. But it is not a problem particular to _offshoring_ - the problem is with companies' belief that contracting the work gets them free from responsibility for managing the safety of their customer's data - which they aren't very good at anyway. Offshoring makes legal enforcement trickier, but that's really not nearly the prime problem here.
What you need is a legal system providing substantial penalties to the banks - or anyone else collecting similar information - if they "lose" your data. These penalties should start with statutory minimum class-action penalties which automatically increase over several years and then add corporate officer liability in cases of negligence, not just malice.
Then, offshored or not, outsourced or not, they'll FIND a way to keep your information safe.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
By doing business with them. It's not their problem if you failed to read the entire page of disclosures that was printed in Flyspeck 3 font.
Best Slashdot Co
Link
So anyway, a worker with all those medical records contacts the hospital and ransoms their records. Great fun.
I know those indians are a handful, but really, this smacks a bit of racism (more likely just trolling for people pissed about outsourceing).
I am sure the same thing happens with more regularity in the good 'ole U S of A. In fact we have seen many articles to that effect in the past.
So how is this news? Because an Indian did it? Look at the numbers, its even small fry stuff too. Sure maybe it would be a big deal if he sold the 200,000 addresses he said he could (probably lying anyway, looking for more payoff). But all he sold was 20,000. How many MILLION of people had their information stolen in the USA last year alone?
Anyway stupid story, why to go ed. All you gonna get is troll responses from people ticked about outsourcing from the US to india, and going "ohh i told you so" and "serves you right"...
Intelligent discussion that.
out.
Outsourcing isn't going away and we in the USA do more insourcing than outsourcing. It's a matter of what we outsource can cause disruption if the people working it are dim bulbs and not dedicated which is largely a function of the company that took the contract, their hiring practices, and job conditions. McDonald's level practices and conditions doing something that should have IBM level practices and conditions in other words.
As the global network grows and data is flitting about, we're going to need international treaties to start getting drafted recognizing certain rights to security of personal data, and probably a strenghtened international police organization with official rights in signatories' jurisdictions where specific crimes are involved.
It's a good thing I'm moving my mortgage to another company. My present one has outsourced all customer phone service to India and made actual American personel at company headquarters IMPOSSIBLE to reach on the phone. Their Indian call center is under orders to refuse to redirect to the American office under any circumstances. It's gotten so that I would have to file a formal protest with the banking regulators to get them live on the phone.
McDonald's service from an organization whose work nature should be more like a major corporate financial institution.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Did they try the same experience with an english call center? What is their point?
"Agree with them now, it will save so much time."
I'm a bit disappointed by the racism in this comments thread to be honest - you can't expect to get all the benefits of a global free market economy without any of the drawbacks. If your particular skill can be done adequately and cheaper somewhere else then that is what will happen. This is only news because it's in India, who have quite a few companies who are ahead of the curve in some skilled technical roles currently. It's time to stop bitching and retrain in a field that does have a shortfall. Try the services industry, like financial or legal. Or even medical.
Not a lawyer, but at least in the US, wouldn't this be considered entrapment? I don't think we would be able to prosecute this here in the US if something similar occured with a local call center.
The call center may be in India, but the company you were doing business with that outsourced it is likely here - wherever "here" is for you. While the obvious IANAL applies, if you suffer losses in the course of doing business with a company, aren't they libel and can't they be sued for not taking precautions to protect your data including through whomever they outsource it to?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Make the board of directors responsible for any and all jail time attributed to the company. Why will this work?
1) the board should know what's going on
2) the board approves changes
3) they are not necessary for the daily running of the company
C*O's should be personally responsible for part of any fine against the company, with a smaller % as the fine ammount increases (so if the company is fine £50,000 90% is paid by the CEO).
I'd say your morals are pretty suspect in this.
Actually, they're not suspect at all. They're as bad as the people you let get away with these crimes.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Would there be any way to provide and then innundate these punks with false information? Soon enough if they keep selling false data then they will lose their integrity and people will stop buying from them, potentially.
Cyric Zndovzny at your service.
"Now either people in India/China/etc get paid more or there is just going to be more people stealing."
maybe we should be paid less?
Is to make the banks financially liable for fraudulent transactions and limit their ability to nail merchants with chargebacks or hold consumers accountable and charge increasing fees. Fee increases should be approved by regulators the way that rate increases for utilities are approved -- require justification for the fee increases and limit them to specific costs so they can't be a general income source.
Credit cards are loopholes big enough to drive an oceanliner through because banks NEVER have to eat the liability associated with fraud and any liability they're stuck with they simply make back with profit in the form of higher fees.
I guarantee you that credit card security would be MUCH more secure if the financial liability for fraud and other misuse hit banks squarely in the profit margin. They would demand much tighter security in addition to financial compensation from credit card networks for fraud they had to cover. This would force Visa and MC to do something more creative (and expensive -- RSA SecureID built into your CC, anyone?).
Um no. You are not responsible for the morally corrupt actions of people you know. That's like blaiming a Target cashier for not refusing to sell a kitchen knife set to someone who makes a joke about feeling stabby in the cashout line and then goes off and kills their family with the knives.
The cashier didn't do it. The murderer did. He didn't scam people, his acquaintence did. Try to keep it straight, will you?
You are checking your backups, aren't you?
Rather than arbitrary rules like that (there can be corrupt or sloppy UK organizations too; as well as excellent Indian ones), make the bank execs liable rather than the poor kid in india. If the bank exec who made that decision served jail time for essentially giving his customer's accounts to criminals, you bet bank execs in the future would be more careful what controls (or lack thereof) they apply on sensitive data they might hold.
why is this tripe modded up?
if im the driver rollin with my peeps and some fool starts steppin, my boy smokes him and its some how my fault?
man i hope i never roll with you
I'll just use my special getting high powers one more time...
Add "insecurity" to the bad risks in the outsourcing equation, on top of "pollution" and "slavery".
--
make install -not war
The banks are as liable for these insecurity breaches as if they let pickpockets clean their vaults unattended. They must now indemnify every customer whose info was processed by the Indian company, and every other one like it, in perpetuity. Against not only the fraud, but the costs of any investigations or damages resulting from the unauthorized distribution of the personal info.
--
make install -not war
> Well, it was to be expected, outsourcing the jobs to a low paid area - workers that are paid fairly are less likely to cheat their employees.
I guess Enron executives were pretty lowly paid too and so they decided to defraud the company and public?
What about WordCom? Were they lowly paid too?
It is easy to take an instance and bash the whole industry in general. But the reality is that there are crooks everywhere and salary has little bearing on the percentage of crooks.
BTW: These people are paid rather well by Indian standards.
I imagine for a company, offshoring is nice in this case. Because while they may suffer a tarnished public image, legally, they are not responsible for the breach. They can appologize, change some account information, and move on. So they not only gain a much lower payroll, they gain some level of immunity as well. I do not believe that this is going to be an area where the market will regulate itself. Offshoring is going to need some legal boundires placed on it.
My company is currently dealing with a KVM vendor that offshores the development of it's software. And the software has been severly buggy for at least 7 months. The vendor keeps promising a fix that does not come. The problem for the vendor I believe is that now they are stuck with many unhappy customers, and all they can do is submit work requests to their offshore development house. They are suck being a middle-tier for their own product. I'm sure the perception of lowering dev costs by using a Romainian company is very attractive to their profits. However, the short-sightedness of that decitions takes all their power over the development process away.
Offshoring could be great for some things, but not much of what is being offshored seems to fit the bill.
Wow, you mean people behave in unethical ways all over the world? I'm shocked, I thought crime was a west-only thing.
bleh, I worked at a phone center here in the US once. It sucked, and I'm certan that the people running it would sell out their call lists if they thought they could get away with it.
autopr0n is like, down and stuff.
Well, he went to NYU so maybe he grew up in NYC. Some cities/neighbourhoods impress their culture on you as much as going to a seminary school everyday would. "Don't snitch if it ain't your business" is an evolutionary-enforced survival instinct in crowded urban areas.
Besides, those may have been childhood friends. You don't rat out a mate especially when you know he'd be facing +10yrs and shower rushes.
I had my place broken into once and completely trashed while I was on vacation. They caught the kids (well, over 18) and put one of them on trial for it. I had a chance to speak before sentencing and the prosecutor had told me the judge was a hardass who hated vandalism and this guy was looking at 2-4yrs. But when I saw him - skinny, poor, terrified - I just couldn't do it. Got up and asked the judge to give him a community sentence and downplayed the effect it had on me and my gf (boy, was my gf furious w/ me). The punishment had to fit the crime and I didn't want this guy getting raped (bad prisons in my area) over a couple of thousand dollars. Long story short, kid got suspended sentence, I forget about it until nearly 10yrs later when I met him on my university campus where he enrolled after eventually pulling his life together. I've got no regrets and would/will do the same again.
so much for outsourcing...
you hear that? that's the sound of a billion engineers in india gasping at the possible future ramification of this and other episodes of customer data being sold to the highest bidder...
Judging by the photo of the aledged criminal, £4.25 must be the cost of a super-sized-happy-meal at MacD's
Get your facts straight xenophobic fuck!
The industry spent billions hedging against the small possibility of a Y2K failure, and then outsourced the same applications to a security nightmare like this one. I wonder what "Y2010 Certified" will mean -- heavily vetted personnel, most likely.
---- "If we have to go on with these damned quantum jumps, then I'm sorry that I ever got involved" - Erwin Schrodinger
Nobody mentioned DELL...
Why?
Damn company also has people in India answering phones and damn it they make you call lots and lots and lots of times cause they just don't understand freaking ENGLISH!!!!! And then, "ohh, errmm... sir, we cannot fix you computer. Have a good day." Fuck 'em!!!!
Your tech-jobs are belong to India... get it?
I hope the U.S. does not turn out like south american countries where a lot of people don't have jobs or people are not paid enough and companies still expect people to buy their shit. Stupit, isn't it?
Have a good one.
===== "Every head is a different world so don't invade mine you FREAK!" smartSAGA said
I guess even Microsoft dosent realize that "their" entire market base is only a click away from competitors.
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
Not only that but wait until the day dawns we find out that the Indian, Chinese, and Pakistani governments have extensive dossiers on almost every American. "Well, Senator, we see you had some credit card charges at a London casino and took a cab to an address registered to a Miss BoomBoom Botty Call. And also that you filled a Viagra prescription right before you left. Strange that Mrs. Senator was shopping in New York that weekend. She's really going to enjoy that Rolex she bought at Sax, I have one myself. Now what were you saying about trade sanctions?"
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
You are all missing the point, which is: /\/\ alloc
With the proper technical (security) controls, the low-paid call center employee could not 'cut-and-paste' or otherwise save/export all those personal account details.
This is how it works. When you don't have anything, something is better than nothing. India has a fucking assload of destitute poor people. The kind of people who would be absolutely thrilled to each maccaroni & cheese, every single day.
And American companies outsource. Outside the US, that is. And their laws and society are structured different, with the difference castes.
This is how a free market economy works. You make money, you loose security. You loose accountability. This is a natural progression. Eventually, people will start boycotting companies, and start paying more attention to the news and executive decisions.
Life is just too good in the United States, right now. Too many other things that are more desirable to worry about.
Give it a bit of time...
In UK/US/etc. you are being offered about 1 hour of income per customer you sell or about 25 weeks worth of income. Against this you have a high risk of jail time, lifetime loss of earnings, you may lose a job that is hard to replace given high unemployment, etc. In India/China/Etc, you are being offered 20 hours of income per customer or roughly 500 weeks worth of income (almost 10 years) and may have substantially lower risk of jail time and since the job market is so hot, you may not even have trouble replacing your job. To have a similarly effective bribe in the US/UK/etc. they would have to offer you a lot more money.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
The fact that you knew and didn't do anything to stop it makes you pond scum. The people involved in the illegal fraud you were speaking of are less than pond scum.
I suppose you would ok with it if these same people were going around stealing cars... it's the same thing, just via a different path.
Shit like this comes out of my salary, as I work for a CC company. It also raises the cost of credit for everyone, and causes huge problems for people when they go to get loans. I'll bet you that billions of dollars in real money and time comes out of hard working honest people because their credit score was messed up from someone just like your 'buddies'. It also places businesses, especially small businesses, in a very difficult position... as they usually don't get all the money for the product that was stolen from them.
People that do this should be taken outside, 2 at a time and shot in the head with one bullet.
Is this supposed to suggest that Indian call center workers are less trustworthy than American call center workers?
That same data could likely be had from any call center working for any business sector for the appropriate price.
When after 10 years you realise there's no normal jos left for the ordinary people in your countries, then... it'll be too late.
Cheaper is not better - haven't you learned yet?!?
What is the actual crime and the length of the jail term for this crime?
The assumption that India values USA/UK citizens financial privacy is BS if there is no enforcement and no punishment or fines.
I want to know if the UK bank pulled all of its offshore work back to the UK.
The current method of the bank, credit card company, etc paying a fine to the federal government for each name lost, stolen, etc is wrong.
The bank, credit card company should pay each and every PERSON that had his/her data lost/stolen.
Nice flawed analogy. The difference is the Target cashier wouldn't know what the knife was being used for, unlike the GP who was fully aware of his friend's actions. OTOH, if a guy at Target walked up to the till and said "I'd like to buy this knife, I'm planning to violently kill my family with it this afternoon", then, yes, the cashier has a moral (though admittedly not legal) responsibility to refuse the sale.
Oh!! Good Grief. Stop talking like Lou Dobbs. Did they do anything to folks who lost Millions of customer records. Moreover the Indian story is blown out of proportion by some newspaper to gain publicity. Move on....
It has nothing to do with racism, but everything to do with the fact that the legal system is quite different and quite differently enforced than ours here in the west. Does India, Pakistan and other countries have HIPAA or even know what it is much less can the companies where such jobs, and information, has been outsourced to, be held liable in a western court of law for violating these laws? Doubtful.
And then there are the widespread sales of private information as has been reported both here in the states and abroad. Sure, we can outsource the work to a country who pays their workers perhaps 1/10th of what it would cost for the work to be performed by american workers but are the same background checks made and isn't there a greater temptation perhaps to supplement that income through industrial espionage?
Those are the excuses we're given here in the U.S. when they do background and credit checks that indicate that our credit histories may be a bit spotty.
It's got nothing to do with race or location but everything to do with human nature and avarice.
Thus spake the SysGoddess
Actually, in the past, some U.S. companies have used inmate populations for call center grunt labour although I don't believe any financial institutions would have been allowed to. Perhaps they should have. At least the outcomes would have been predictable.
I believe they finally stopped using inmate populations for call center personnel after other forms of abuses began coming to light - such as inmates stalking women whom they'd contacted in the context of their 'job', etc.
Over the past 9 months, I have been issued 3 different mastercard debit cards after mine have appeared on lists faxed to them by Card Services International as having been one of a block of numbers that had been compromised by hackers. Last summer, we weren't notified until many weeks after the event occured and began noticing some unusual charges to our account.
Since our bank is in another state with no branches or ATMs local to us and activating our card requires us to do so in one of their ATMs or at one of their branches only, I can't begin to tell you what a monumental pain in the ass it is each time. The only reason we continue to use the bank is because they offer interest rates that we've not seen matched in our area.
Thus spake the SysGoddess
There's a very simple, almost-free way to deal with this kind of behaviour.
Make all his damn personal information public domain. Address, phone numbers, banking details, etc. Or if you want to be super fair and even-handed, just pass it on to the people whose ID's he sold.
I figure the problem would just kind of quietly disappear on its own.
You might know that they did it, but not have tangible evidence that would be useful to the police. "He told me last friday in the bar that he did credit card fraud five years ago" won't be enough to get an investigate. After all, it's not like the cops in NYC don't have anything to do.
no taxation without representation!
It is about companies not being able to secure the information by farming the work out to sub/sub/sub contractors far, far, away.
The farther away you are from your employees (or contractors), the less control over this type of thing you have. No software or hardware can change that.
Presence is a huge deterrent.
You're awesome. Wish people were more like you in the world.
Sorry man... the Internet pooped on me.
In summary: A larger market. Cheaper consumer goods. More specialized labor. Better Economic Growth. There are detriments, namely the loss of jobs you mentioned. But the alternative is stagnation.
These are all great arguments, and I am familiar with the Economist's point of view on this topic, especially it's views on citizenship & labour (the Economist thinks mobile labour pools are more desirable than citizens - see it's article on the illegal migrants drowned in England from Feb 12th 2004), but the problem is that it is never a choice between one extreme and another.
The alternatives, I think, are not unconditionally free markets or stagnation, but usually a combination of open markets and reasonable government restrictions that prevent life from becoming hellish for non-rich citizens. That's what many would consider to be a responsible or good society. A too-unrestricted economy was where the US was headed at the end of the 19th century, until the US government under Teddy Roosevelt stepped in. I'm not sure how many people would like a return to the era of so-called "robber barons".
Economics is nice at attempting to describe how markets work (and it occasionally gets it right), but it provides no insight into what people really want out of life.
France, e.g. might have sucky growth compared to other countries, but guess what? People still prefer living there to living in, say, the U.S., because there are things that they value more than money. Or to be more precise, they are willing to "pay" a certain amount - in terms of lost growth - for things that have no dollar-amount attached to them but still provide value.
The Europeans seem to generally have the opinion that their governments are not there to create free markets full stop, or create some perfectly efficient world economy. Their governments are there to look out for them, and make the choices that are in their best interests, and a certain amount of market freedom is apart of that. But making the average European compete in a huge global labour pool with the average Indian or Chinese worker isn't.
btw, you say: You advocate protectionism, which the long-term effects can be disastrous. Again, please take a look at the economic performance of Europe
In fact, most of the difference in performance between the US and Europe has to do with the fact that Americans simply work more hours, and not protectionism. Not everyone wants to work themselves to death for the sake of the doctrine of "efficient markets".
That's right: I'm gumby dammit.
To answer your question: If your "boy" "smokes" "fools" ("steppin" or not) on a regular basis and you ignore it and continue to "roll" with him, then yes, you are guilty. At the very least get the hell away from him before he decides you're "steppin" and "smokes" you.
How is the cashier supposed to evaluate if killing the guys family is moral or not? Does he have the all-seeing orb?
I didn't see the name or other significant details of the offender revealed anywhere. It is probably a bigger crime to do that than reveal the private details of a zillion innocent people.
Fat chance of fixing this 'little difficulty'.
MOD DOWN PLS TNX
In India the wages given to call center staff are paid well relative to the local economy. The real issues are these: no Indian privacy laws, which makes identity theft hard to prosecute Culturally, there is a different standard of concern about things like bank account numbers and info westerners consider confidential. It is good form in Delhi to give your PIN and ATM card to your friend if he needs a loan There is no Indian national ID, and variability in naming conventions, addressing etc makes managing identity of Indian citizens more fluid. This contributes to cultural attitude. Currently, the only way to limit identifty theft in India is through contract and physical controls; such as no pens and paper leaving the call center.
'The longing to be primitive is a disease of culture' George Santayana
Check here .
SUN IS A Stupid *TABLOID* NEWSPAPER WHICH Printed False Photos OF IRAQ prisoner abuse...read by stupid people with half ounce brains,
Some latest updates from India. The alleged scamster - Karan Bahree is not a "call centre worker". Nor is he a 'computer expert' or a 'web analyst'. He is working on probabtion for the past three months in a company which mainly does web development. He is a junior staff member and is a content writer! Nothing to do with either banking data or call centre. The company where he works, which came into unwanted lime light because of the media hype, today said that it does not deal with financial information or bank related data. It also has no British Bank as clients. It mainly does website designing. Many of the British Banks alleged to have been victims of the fraud have denied that they have call centres in India. Mr Bahree has sent in a written statement to the company saying that he had received the CD from another person named Sameer and handed it to Oliver (Sun's reporter posing as a businessman) and that he was unaware of what was in the CD. Mr Bahree sounds most unconvincing in his BBC interview. The general reaction in India: Most people in India believe that when it comes to similar problems in the west [frauds aren't that uncommon in the west] issues like these become "individual" cases. But when it comes to developing nations like India, a whole country is branded, flogged and criticized for the fault of an individual.
that is amazing. btw, i did grow up in new york, and you don't run your mouth about anything.
all of which is to say, it's a great thing you did.
un burrito me trampeó.
The irony in your statement is that I've had friends killed because they ran their mouths for less.
I was borned and raised in New York, first in a welfare hotel until the age of 14, then a housing projects in Harlem. I lived in a foster home for two years. I'd have to count on two hands the number of childhood friends who'd been killed by the time I got into college, many for much less than snitching on somebody. Someone posted about survival tactics; silence is first and foremost. Snitching is the only cardinal sin where I come from. Everything else is fair.
So your idea of trumpeting the horns of justice whenever someone jaywalks is somewhat of a luxury for me. As a matter of fact, survival was a luxury until school. Whether it makes me pond scum or not, I'll leave up to moral superiors like yourself to decide.
Notwithstanding all of that, I never intimated that they were my "buddies". They were guys I knew. My point in posting was just to show how easy it was to turn such information into revenue and how prevalent it was in my experience.
Regardless of the rather *overkill* nature of your personal attack, I wish you well. In my experience, I've never met a human being with the solid footing to ever make a moral call on another. I guess you could be the first though. Nice to meet you.
un burrito me trampeó.
I guess all that matters is that you survive and just continue to be the a cog in the wheel. For all you know by not saying something, some husband beat his wife or abused his kids because he was pissed off about someone stealing his identity or messing up his credit score. But who cares about that right? It doesn't affect you directly.