Slashdot Mirror
Indian Call Centre Worker Sells Customer Details
lxt writes "A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi. An IT worker at the call centre handed over details at £4.25 per customer, as well as credit card numbers and account passwords. He claimed could sell over 200,000 account details every month. The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual. The BBC is also covering the story."
This story is all over in Indian press.1 300460000.htm 5 0344.cms 5 0670.cms 4 9334
http://us.rediff.com/money/2005/jun/23bpo.htm
http://www.hindustantimes.com/news/181_1408799,00
http://timesofindia.indiatimes.com/articleshow/11
http://timesofindia.indiatimes.com/articleshow/11
http://www.expressindia.com/fullstory.php?newsid=
I used to work at a homeless shelter (in the US), a lot of the guys would get jobs at call-centers. Almost all of them tried to pull something like that. That said, nobody I ever met would have pulled over 100...
This is only making news because it's an offshore company for a Western financial institution. Maybe because companies are now supposed to tell their clients when their personal information has been compromised (which has *never* happened in house, right?).
Is it that the low-paid workers are more likely to steal, or, that these offshore companies just have less security, and a less-thorough recruitment process? Problem that domestic businesses deal with as well.
Enron and Parmalat have shown us that no matter where you are on the corporate ladder, there are rotten branches on the tree.
--- Dan
That's the dumbest thing I've ever read. Fraud is illegal in India [many codes]. In particular [IANAIL but...] section 423 of the Indian Penal code seems to deal with this. It's two years in prison. ;-)
Use a google search engine next time.
Tom
Someday, I'll have a real sig.
Liability law.
If Dell outsources to India and you get rammed you sue Dell USA not Dell India. Since it's Dell USA that sends the data out they're responsible for what others do with it.
[I'm using Dell here as an example company, obviously this applies to any other outsourcing company].
On top of that fraud is well covered by the Indian penal code so their actions are not going to be "totally unnoticed".
Tom
Someday, I'll have a real sig.
Don't forget about the days of carbon copies for credit card receipts. Way back when, they used to make an imprint of your credit card onto several sheets of paper which had sheets of carbon paper between them. This was your receipt, which they had you sign. After the imprint/signature was done, they would then pull out the 2 or 3 carbon sheets and toss em in the trash (remember that this now has a full imprint of your card plus your signature). A good clerk would tear up the carbon paper in front of you (which quickly gets pretty messy) or offer you the carbon copies so you could destroy them yourself. But more often than not, they would just end up totally whole in the trashcan, which would then end up out in the dumpster out back. Thankfully it's almost all done electronically now, so you're not quite so reliant on the competence of the clerk...
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
I was waiting for this response.
I think that the Data Protection Act is a wonderful idea, along with all the other privacy related laws that the EU and the US have implemented.
Unfortunately, they all suffer the same weakness - people. No matter how well written the laws become, there will always be someone who has access to valuable information who is willing to sell / destroy / manipulate it for profit.
I think that, in addition to the laws currently on the books, that they should get extended to provide real penalties to companies and people in breach. I also think that there needs to be a greater push made for systems and software that minimises the risk of damage that any one person can make when it deals with information related to these Acts - perhaps a real, useful ISO standard or somesuch (as opposed to ISO 9000 / CMM - where our processes are bad, but they are well documented and traceable).
InfoSec that matters, when it counts.
Call center employees in the US and Europe don't pull what you'd call high salaries either.
That's true, but offshore call centers make less - they have to, companies wouldn't be outsourcing to them. One of the big problems is, due to exchange rates and costs (the same reason work is outsourced there), it's much cheaper to purchase this type of information from a employee in India.
Think about it, if I read the article right, this guy sold 1000 names for about $8000. That might be his whole annual wage. If someone came to me, as a IT professional in the US and offered me $8000 to sell private corporate information, I would laugh at him. Now if someone came and offered my whole annual salary, I could be tempted. Thing is, private information on 1000 people probably wouldn't be worth my annual salary, or even the annual salary of a call center worker.
Bottom line is you can always find someone that will steal information for you for a price. Outsourcing to India, China or Russia just lowers the price of the information you want.
Find coupons in Greeley
Halliburton, Enron, Aldelphia, AOL Time Warner, Arthur Andersen... All these scandals were pulled off not by disgruntled underpaid employees, but by high-paid execs.
One of these kids is not like the other. Arthur Anderson's conviction was overturned by the Supreme Court.
It's "no one," not "noone." Who the hell is noone anyway?