Slashdot Mirror
Indian Call Centre Worker Sells Customer Details
lxt writes "A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi. An IT worker at the call centre handed over details at £4.25 per customer, as well as credit card numbers and account passwords. He claimed could sell over 200,000 account details every month. The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual. The BBC is also covering the story."
Well, it was to be expected, outsourcing the jobs to a low paid area - workers that are paid fairly are less likely to cheat their employees.
Get rid of the call centers, keep them in the country that they expect to be dealing with (UK call centers for UK clients etc)
200,000 accounts at $7.75 US would be 1.5 million per month. Nice side business.
The NSA: The only part of the US government that actually listens.
... the barter system. This newfangled electronic stuff just isn't working out.
GETPKG - Package Management for Slackware
So thats why outsourcing call centers to India is so cheap...
Gotta love that outsourcing eh..
"If it's true that our species is alone in the universe, then I'd have to say that the universe aimed rather low
Looks like someone in India is trying to improve their "standards of living". Now either people in India/China/etc get paid more or there is just going to be more people stealing.
In other words, "the jig is up".
I'm not saying "people from India are criminals". I'm saying someone [anywhere] who is paid like shit to do a job is likely going to try and supplement their income. This could [and has] just as easily happen in Canada or the states.
Tip of the iceberg...
Tom
Someday, I'll have a real sig.
I hope companies look at situations like this, and use it in their decision making process to decide whether or not to outsource to other companies. Its one thing if they send them source code to a project and the people sell it, but when they are giving our personal information to another company, they should be damned sure it wont be sold.
It'll be interesting to see if this gets as heavy press as the compromised Mastercard accounts.
While I do not like the trend toward outsourcing, something like this will do little to discourage it due to the fact that the same type of data is so carelessly taken care of in the U.S. as well.
"Look out honey, 'cause I'm using technology" -- Search and Destroy -- Iggy Pop
I can't find the link now but I recall a year or two ago reading about a medical transcriptionist in the Indian subcontinent who threatened to publish the confidential letters about the patients of an American hospital online in a dispute over the price agreed upon.
- Full name
- Home address
- Phone
- Mother's maiden name
- PIN number
- Favorite password
Please send this information to me accompanied by a money order in the amount of $4.95 to cover my processing fees. I will get the confirmation about the tabloid article back to you ASAP.Decades ago it was the waiter or waitress at the restaurant we used to worry about. When mail order began to grow, it was the person at the other end of the line of a mail-order company. Outsourcing (in country or out of country) is just a form of concentration of this phenomena.
Sending potentially valuable information to people in a high stress, low paying job (in country or out of country, my wife worked in a call center in college) with poor controls is a risk. We have known this since the beginning, but we just seem to relearn the lesson each time.
What do you know I wrote a novel
Once Again, Another Indian Call Centre Worker Found Selling Customer Details.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Well of course according to the uk data protection act all our electronic information was allowed out of the country with express written permission of ourselves and therefore we have only ourselves to blame.
What you mean it wasn't ?
But isn't that illegal ?
The BBC also has another related story here,
Your sig(k) has been stolen. There is a puff of smoke!
This story is all over in Indian press.1 300460000.htm 5 0344.cms 5 0670.cms 4 9334
http://us.rediff.com/money/2005/jun/23bpo.htm
http://www.hindustantimes.com/news/181_1408799,00
http://timesofindia.indiatimes.com/articleshow/11
http://timesofindia.indiatimes.com/articleshow/11
http://www.expressindia.com/fullstory.php?newsid=
For having to having to chase payment defaulting customers - 150 rupees.
For handing over personal bank information - priceless.
For everything else, there's "EmbezzleCard".
Gentoo Linux - another day, another USE flag.
Well, the good news is that you're allowed to chop off the offenders hands when caught.
So the Sun offers an unspecified number of Indian Call Centre workers vast amounts of money to provide them with some confidential information and eventually one of them does.
The point of this story is what exactly, that everyone has their price ?
aside from the obvious, "everyone needs to make a living argument", people will find dubious means to enhance their income. the question is: why was this person able to access those details? could the details have been segregated and or secured/encrypted?
simple password protection is done on the database by hashing the person's password (one way encrypting). when the person tries to login, the entered password is encrypted as well and both encrypted strings are matched. Couldn't this type of thing be done for other details?
maybe segregating those that write the code (including version control access) and those that have access to production data, like customer facing staff, would be a good start.
You: "Dammit, my identity got stolen, I'll have to call my bank."
dials...
CS: "Hello sir, my name is Rodney, how may I help you?"
You: "What's with the delay?"
CS: "Hello sir, my name is Rodney, may I help you today?"
You: "Um...OK, my identity got stolen. Can you help me?"
CS: "OK, sir, first reboot your PC."
You: "Wait a sec, this isn't a tech call."
CS: "Tell me your personal information, so I can find out your account."
You: "OK..."
IGB: More fun than eating oatmeal!
By outsourcing the public risks getting screwed while the bosses of both companies are rewarded with big bonuses.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
There's been a lot of focus on internet security and encryption of sensitive data. But as we see - it's not during the transaction that it's dangerous. It's at the end point. Do you thrust whom you're giving your details?
Underholdning.info
Have there been any other instances of employee theft around the world? I know that the FBI investigations around the recent CardSystems leak of 40 million credit card accounts are looking at it possibly being an inside job. At $10 a pop, that could have been a pretty nice haul for someone out in Tuscon.
Rather than modding you all Troll or Flamebait, I challenge all of you kneejerks who say higher pay => more honesty (or lower pay => less honesty) to show some evidence for that claim.
"But all your emitter and collector are belong to me!"
I used to work at a homeless shelter (in the US), a lot of the guys would get jobs at call-centers. Almost all of them tried to pull something like that. That said, nobody I ever met would have pulled over 100...
My most esteemed colleague,
Please excuse my unforgiveable oversight in neglecting to put a return address. In my excitement to be making such excellent contacts in your country, I was clearly negligent. Please remit all sums to:
Post Office Stop A
Lagos State
Nigeria
I cannot tell you how grateful I am to find such a kind and professional person such as yourself, and I look forward to a mutually beneficial financial arrangement. Please send the money right away!
I know many will make the claim, "It's because it's in India with low paid workers." Let's remember the news in the US this year. How many breaches of security (CitiGroup, FDIC, Lexus Nexus, more have resulted in lost or stolen personal information in the United States of America? How many of these breaches were by high paid workers? It is not a matter of where or who lost or stole information. The core issue is the ignorance of the value of information. Personal information is the new commidity and big corporations have not had the epiphany or received the memo saying so. When they and consumers realize there is real money at stake, all will stand up and take notice.
One ring to bind them - should probably have more fiber and less rings in their diet.
Thank you come again!!!
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
While it's nice that Interpol has alerted the proper Indian authorities, what if there are no laws governing this apparent injustice? The way the story reads, it sounds like the Indians should start conforming to our rules if they don't already. Maybe Interpol is dictating how the indians will treat hash/pot smokers soon enough.
Thank goodness they don't have call centers like this in prisons. I thank god every day that there is no way my personal information could make its way to foreign terrorists who could use it to raise funds for their operations. The US and British governments would never allow that to happen. No matter how important commerce is to the US, they would never put it before the safety, health and well-being of its citizens. (this email written in 1980, left in Draft folder for 25 years and only now mailed).
They are required by law to put provisions in place to make sure that customer data isn't revealed.
The act *is* flawed in that it allows data to be sent to countries without similar data protection if they have a contract in place, it shouldn't allow that in the first place. But the contract in place with the oursourcing organisation should make sure that they have sufficient safeguards in place to stop this, the fact that it's happening says that the outsourcing companies are in breach of contract and the banks haven't put sufficient safeguards in place, an offence against the data protection act, 1998.
We need some prosecutions against CIOs, CEOs and the like. A couple of years in prison would improve their attitude to data protection.
Deleted
Hopefully they will clamp down hard on this. The data protection act is one of the best laws there are and I want it fully enforced, and I want call centre jobs back here - i don't care if theres a shortage of workers, i would rather wait 10 minutes on hold.
This comment does not represent the views or opinions of the user.
This is only making news because it's an offshore company for a Western financial institution. Maybe because companies are now supposed to tell their clients when their personal information has been compromised (which has *never* happened in house, right?).
Is it that the low-paid workers are more likely to steal, or, that these offshore companies just have less security, and a less-thorough recruitment process? Problem that domestic businesses deal with as well.
Enron and Parmalat have shown us that no matter where you are on the corporate ladder, there are rotten branches on the tree.
--- Dan
If Hollywood can do it, why can't I? I'd like my credit card numbers, SSN, etc to be unreadable outside the country (OK, I'll leave one credit card universally accessible for travel to foreign countries). In fact, I'd like to take it a step farther. I'd love some DRM on my data so that my bank can't pass it to who knows who 3rd-party companies for marketing opportunities.
I know, I know, I don't own my own data (the bank compiled it and thus the bank claims ownership of it). But a consumer can dream, can't he?
Seriously, until financial data gets some kind of DRM/coding/tracking codes/etc., it will be impossible to track who leaked or sold information and thus recover damages from irresponsible holders of consumer's data. Until the irresponsible can be found and punished (civil suits or criminal charges), no one will have much incentive to protect consumer data.
Two wrongs don't make a right, but three lefts do.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
hello there fella... betcha that ya quite rong with ya thingy out here..mind ya tongue and waggle your brain instead!!
where in the article does it say that it was americans information that was sold? it'd be safer to say that it was british info that was sold since the register is based in the UK although it could've been information from many nations. also just because a person doesn't speak english and doesn't care about customer service doesn't mean they're a thief
Sadly this is all comming full circle.. The big bad part of the outsourcing craze is the inability to enforce US law abroad....
> It's more of a jurisdictional issue.
Exactly. It's a jurisdictional issue as soon as the call center is even out-of-state.
But moving call centers offshore adds -enormous- complexity. I would tend to suspect (I have limited knowledge of foreign legal systems) that things become even more complex the farther the nation in question gets from the traditions of British common law. India, for example, might be significantly less complicated that China.
That's not the reason why outsourcing call centers to India is so cheap. The real reason is your horrible (ie nonexistant) sense of humour that all the people calling you for support simply could not take. All the people in India, however, have a great sense of humour, making it a pleasure to go through the tedious troubleshooting process with them. There are so many qualified call center employees living there that the competition keeps the prices way down.
Man is a slave because freedom is difficult, whereas slavery is easy.
So we've not only outsourced our call centers, now we've outsourced our criminals too?
Well there can only be one answer: India needs to outsource it's police system to catch their criminals. Some country further down the economic chain. Perhaps there are some Zulu warriors who could use some means of "persuasion" to get a confession.
At some point, of course, outsourcing has its limits. Cheaper is not always better, nor is cost always the major factor in development and support.
I think a lesson in world geography (you know, the 200 or so countries outside the US and that the US has not bombed) and political views (outside of the opinions of faux news) would be appropriate
Aside from the facts that the vast majority of educated Indians can speak English, most of them aren't particularly anti-American, and you sound like a complete bigot, you may have had a point.
Bitter much?
I'm tired of fitting the bill for fraud and fraudsters.. We seriously need something new and RIGHT NOW. Everyones interest rates would be substancially lower..
That's a lot of money he got
If one employee can walk off with thousands of customers' private data, then the system is putridly designed.
Three things need to happen:
Just increasing the workers' pay is not going to help. They are already rich compared to most of their countrymen.
The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual.
They are barking up the wrong tree. If only the individual in another jurisdiction is liable to sanction, why is it allowed for British banks to move personal information to foreign countries in the first place? Shouldn't the bank be fined for failing to protect personal information of British citizens?
Abuse of power by employees is not something new or interesting, but the accountability issue is. Personal information should only be moved between countries with similar protections against abuse. Having said this, I don't know anything about British law on this issue.
It seems like every day I am hearing about some company losing hundreds of thousands of credit card data files, putting millions at risk for a major incovenience -- at the least, they have to chage the credit card number and if they have accounts set up with vendors based on those cards, then they have to go and update those too. Obviously, that's the least-case scenario.
My take is that credit card companies are going to have to change the way that credi cards work to slow this down. While no technology is unhackable, slowing it down is certainly possible. Ffor example, credit cards could use a biometric identification to verify identity before they are processed. Given the right amount of encryption and backend security, this would at least slow down the wholesale trading of account numbers that has become a plague.
Finally, regarding personal information, it would appear that Sun's Scott McNealy when he said a couple of years ago that there was no privacy anymore. Perhaps. Nevertheless, as long as governments sit idly by and do nothing about the collection and disclosure of personal data, this is only going to get worse. Citizens need to demand that government take a larger role in this, and ensure that private data is not collected unnecessarily and that disclosure of it is punitively prohibited. Given that a number of nations are involved, an international treaty should be enacted.
That alone would not stop this from happening. However, at the same time, data not collected is data not sold.
This problem has grown past the ridiculous and it is time that something be done to stop it. Surely there are solutions.
Companies outsource jobs primarily because it is cheaper than providing the job themselves (this is especially true for jobs outsourced to other countries). We all know that. Part of the reason the jobs are cheaper to the company is because they do not have to worry about a host of expenses, including for example the cost of complying with governmental regulations related to the outsourced job.
I personally believe, however, that a company should still be required to enforce all regulations which protect the citizens of the source country (in this case, the UK). If it turns out the company is not able to force compliance with the governing regulation for whatever reason then it should be illegal to outsource that particular function. And if they are able to force compliance then the source company should be held liable for failure to comply by the outsourcing company with all of the associated penalties. The result would be that the source company could not avoid the cost of insuring regulations were followed and the outsourcing company would incur the cost of compliance as well.
This would have at least two effects. The cost of outsourcing would be more in line with competition in the source country and the citizens of the source country would not lose the protection afforded them by law.
The NSA: The only part of the US government that actually listens.
As a result, they ended up having contracts with people who didn't care all that much about their data, or what it meant. This is another example of why that's so screwed up.
Now, things will even out. All the smaller outsourcing firms will lose out and only the big players will remain - they may charge more, but they also pay more and will usually have procedures in place that will prevent this sort of thing.
So you are saying that greedy managers everywhere have yet again been reminded of something the rest of us mortals already know? That quality costs money, even in outsourcing. What a surprise! Professionalism may cost less money in India but it will still costs more than average.
Only to idiots, are orders laws.
-- Henning von Tresckow
There have been studies that have shown that, when companies pay less than market-value for the jobs they have, employee theft goes up. To think that people in India are willing to work for a pitance of what workers in countries like the US and Europe make is ridiculous. When corporations bombard people with images of countries that have a standard of living higher than their own, it's not long before they want that standard of living too.
All people want to be able to make their lives better; for themselves and their family. When the impoverished see wealthy people eating steak, the bowl of gruel in front of them doesn't look very tasty. When people see something they really want, wether it's a plate of food or a life style, they will beg, borrow and steal to get it.
The solution? Companies need to pay people enough money that the employee can see they are making progress towards their dreams and goals, not just getting by from paycheck to paycheck.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
There is a significant segment of the US Banking, Insurance and Healthcare billing infrastructure that is managed off-shore. This means that someone in India has all the admin rights they need to packet sniff, say, an ATM connection or a mainframe access that some clerk in Boise uses to input your info for that mortgage/car loan/credit card. Chew on that for a second.
Off-shoring data entry was bad, off-shoring call centers marginally worse, but giving the ability to bring most of our monetary system's infrastructure to it's knees over to another country, any country, is a very,very bad idea.
The short-sightedness (is that a word?)of the concept baffles me. You find a off-shore person who will work for a fraction of the cost of his local counterpart and use him to replace the local guy. The off-shore asset doesn't pay taxes into the US system, he doesn't use the US facilities (banks, hospitals, insurance companies, etc) that he supports. The local guy no longer pays taxes, does drain the system elsewhere through aid programs, defaults on bank loans and credit cards, no longer can afford private insurance, defaults on hospital bills etc, doesn't buy the big ticket items (like cars) anymore, which drives up the cost of living for everyone. It's a downward spiral; sure, in the short term, corporate profits look better, but you've incurred basic erosion of the customer base. It happened in the textile, electronic and automoblie industries and those actually move hard goods back and forth. Moving ones and zeros across the wire it much easier, but potentially much more destructive.
I agree, this is only the tip of the iceberg.
I thought a recently-introduced European law (THANK GOD FOR EUROPE!) prevented the export of client data to outside of Europe without their consent. Did any of those banks and companies inform their customers that their data will be exported and specifically seek their consent for that?
when I arrived here to Costa Rica first, to set up some network stuff and firewalls, I was told that the previous tech was chased by the neighbour outside with a gun in hand because he stole casino player data ....
...
... and would keep people selling other's sensitive info ...
well, before you think that it was your average latino guy that carries a gun i have to tell that it was a US businessman who operates a casino here
well I think if instead of the police, some big guy chases you down the street with a gun every time you touch data that does not belong to you - really makes the point
"where there is gambling, there are criminals"
I was waiting for this response.
I think that the Data Protection Act is a wonderful idea, along with all the other privacy related laws that the EU and the US have implemented.
Unfortunately, they all suffer the same weakness - people. No matter how well written the laws become, there will always be someone who has access to valuable information who is willing to sell / destroy / manipulate it for profit.
I think that, in addition to the laws currently on the books, that they should get extended to provide real penalties to companies and people in breach. I also think that there needs to be a greater push made for systems and software that minimises the risk of damage that any one person can make when it deals with information related to these Acts - perhaps a real, useful ISO standard or somesuch (as opposed to ISO 9000 / CMM - where our processes are bad, but they are well documented and traceable).
InfoSec that matters, when it counts.
Outsourcing sucks...
...'parently that's why the US continues to engage in it.
...who can't speak English...
...and who don't really care about good customer service
...are also theives.
...just like Halliburton, Enron, Worldcom/MCI... shit, are those all AMERICAN companies?
Oh right, the single largest English speaking nation in the world does not have an English speaking person in it. D'oh, how could I forget?
No kidding, that's why I love talkin to them Americans who hang up on me when I insist on talking to their managers, when they screw up. Uh, no.
Why we outsource our personal information to countries where the anti-American sentiment is extremely high is beyond me.
Here's why: it's cheaper to do so and plain economics dictates that your ridiculous labor costs make it cheaper to outsource it. And remember, anti-American sentiment is not generated in a vacuum. It is precisely the actions that your government carries out in the name of god knows what that leads to the kind of sentiment that it deserves. That's why there's an anti-American sentiment.
I hope for your sake you're being a sarcastic son of a bitch, because its misinformed prejuidced asses like yourself that lead to ill-informed protectionist people being put into office.
I would imagine India does have laws to cover this kind of stuff, in fact I suspect that Indian law may match British law in many respects.
I've worked in a call center in the Philippines. For background, the Philippines is another popular call center location for US companies since there are fewer accent problems and the culture is remarkably American. The Phils is a better location for call centers than India, excepting the technology related fields, though the pool of workers with the proper skills is close to exhausted for the time being.
Anyway, at one point, a guy used someone's credit card to buy roses for his girlfriend. That's below criminal, and into the "just plain stupid" range.
After that, the company locked down everything. No cell phones on the floor, etc. Reps who regularly deal with sensitive e-mail don't even have access to e-mail. Access to sites like Yahoo is blocked from their computer and I'm not sure what else
While all activity is monitored, last I heard they were looking for a way to automate their search for suspicious behavior. (scanning logs for when a user opens notepad and types a credit card number. Probably not too hard in Perl, but I don't know the language.)
People talk about lower standards of living in other countries, forgetting that this is partly made up for by the fact that it's a lot CHEAPER to live overseas than in the United states. So while poverty in 3rd world countries is rampant, if you pay someone a halfway decent wage, the money goes a long way there.
And when you get down to it, it would be pretty tough to run a call center in the US staffed with college grads, like you could do in the Philippines, and keep it open 24 hours a day.
The fact that it's harder to prosecute people overseas is a problem. The company I worked for was based in the US, though, so it was still liable under US law. And I think that the company's potential liability was a selling point with potential clients.
Of course, one element in every crime is opportunity. The black market in the Philippines seemed much bigger than in the states which should increase the opportunity to sell things a person shouldn't be selling, be they pirated DVDs or CC#s
___
It's the end of my comment as I know it and I feel fine.
Cause we all know that only US businesses such as Card Systems are authorized to leak credit card /account information and allow it to be traded by criminals world over..
Rapid Nirvana
One of the big problems with outsourcing is the lack of control over the outsourced workers/company/etc. In particular, there is a problem with convicting somebody who resides in a different country with different laws, etc. Even when the laws add up on both sides, it's often hard enough to make the system "work" on a local/federal level, with internationally being even more difficult.
This kind of thing happens because we let it happen. Yet we still hand our money over to these companies so they can continually screw us over, outsource our jobs, and give us seriously inferior service and lose our personal information to foreign criminals, incompetent courier services, and bad security practices. We, as customers, have the right to hold these companies accountable for this kind of crap by how we choose the services we use. If you don't like Indian Outsourcing, then do not use the services of companies that use it. Take your money elsewhere. Convince someone else to do the same. Eventually, if you hit them in the wallet, it will affect their bottom line enough and they will reverse the trend. They did this very well in the 60's and it was called a boycott. We should also petition our representatives to create laws to outlaw handling of customer personal information by citizens of foreign companies, except in circumstances where International Commerce is taking place (IANAL, so the specifics would need to be addressed by those that are). While it will not eliminate this sort of crime, it would go a long way in isolating it to a region of the world where the victims at least understand the laws and can have some small chance of seeing justice served. Wishful thinking, I know, but at least it gives the illusion that something is being done.
One way to make it hurt more for companies is what lawmakers are doing in California, USA, where companies by law are required to notify customers whose information has been lost/stolen. The disclosure law worked so well that initially ChoicePoint notified only California customers, but the outcry was so great that they (supposedly) told all their customers that were affected.
Not that I'm a fan of more regulation, but bad publicity can be a great motivation tool. IIRC, there was/is a move afoot for a (US) federal law, but in Congress' current big-business group hug environment, they de-fanged the proposal by removing the reporting requirement if the information was encrypted "or other reasonable means [were] taken" to safeguard data.
ACHTUNG! Das computermachine ist nicht fuer gefingerpoken und mittengrabben. Ist nicht fuer gewerken bei das dumpkopfen.
We also need more states to have laws like California's that require notification when data is revealed. Otherwise, these things are often just hushed up.
How convenient, a call center for stolen credit card services. Why didn't the article give the phone number?
I think a lesson in world geography (you know, the 200 or so countries outside the US and that the US has not bombed) and political views (outside of the opinions of faux news) would be appropriate
/. breeds)
a .anti.us.cnn.med.html
p osts
0 10.htm
s t.htm
2 -02-13.html
t m
I could have replied to any of the "you're wrong/a bigot/unaware/uneducated" replies that have been posted in reply to my comments, but I've chosen yours... No special reason other than yours was one of the least insulting replies (Gotta love those one-line "You're a XXX" replies that
While I can understand everyone's knee jerk reaction, I think that y'all are the ones in the dark about this kinda stuff. I've included some links for your reading pleasure. If you're really bored, you might try this sparkling new service called "Google", and type in something like "India anti-american". You'll find a lot more than the few that I've provided.
Not that these links are comprehensive of the entire situation, but they should provide you with enough reading material to show you that I'm not labeling all Indian people as anti-American, nor am I saying that everyone in the Middle east is out to get us. I'm simply pointing out that India, and a lot of the countries we outsource to, are not the USA-lovin' countries that you are assuming they are.
If you want to prove me wrong, drape yourself with an "I love America" T-shirt, and go walking down the streets of these countries, and send me some pictures. If you come out unscathed, then you have my apologies.
http://www.cnn.com/video/world/2001/10/22/mr.indi
http://www.freerepublic.com/focus/f-news/1411733/
http://www.informationclearinghouse.info/article3
http://pd.cpim.org/2003/0330/03302003_protests_re
http://www.getcustoms.com/2004GTC/Articles/ga-200
http://www.commondreams.org/headlines04/0519-06.h
"A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi...The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual."
A tabloid did something redeeming for society!
I guess they now qualify for the same legal defense as Bitorrent. And the percentages are about the same, too.
The disease is a lack of responsibility of all kinds across our culture. Corporate execs should be personally responsible for known bad practices followed for slightly financial gain on their watch, for instance - a sense of good practices would then be taken personally by those officers.
This is a problem exacerbated by outsourcing and also one reason FOR outsourcing this sort of thing. But it is not a problem particular to _offshoring_ - the problem is with companies' belief that contracting the work gets them free from responsibility for managing the safety of their customer's data - which they aren't very good at anyway. Offshoring makes legal enforcement trickier, but that's really not nearly the prime problem here.
What you need is a legal system providing substantial penalties to the banks - or anyone else collecting similar information - if they "lose" your data. These penalties should start with statutory minimum class-action penalties which automatically increase over several years and then add corporate officer liability in cases of negligence, not just malice.
Then, offshored or not, outsourced or not, they'll FIND a way to keep your information safe.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
By doing business with them. It's not their problem if you failed to read the entire page of disclosures that was printed in Flyspeck 3 font.
Best Slashdot Co
Link
So anyway, a worker with all those medical records contacts the hospital and ransoms their records. Great fun.
Don't know about Europe, but in the US, if the call center is elsewhere in the state it's state jurisdiction, unless they can prove at any point the action crossed state lines, like to a phone switch in another state, then back into the original state. If it crosses state lines, it becomes a federal case.
And since just about everything in the southeastern US goes through Atlanta at some point at layer two in data or voice, at least in this part of the world, any "computer crime" _could_ be argued that it should be prosecuted in federal court. IE in a Charlotte NC to Durham NC circuit that looks point to point to the end user, usually requires a path through the DACS in Atlanta.
I know those indians are a handful, but really, this smacks a bit of racism (more likely just trolling for people pissed about outsourceing).
I am sure the same thing happens with more regularity in the good 'ole U S of A. In fact we have seen many articles to that effect in the past.
So how is this news? Because an Indian did it? Look at the numbers, its even small fry stuff too. Sure maybe it would be a big deal if he sold the 200,000 addresses he said he could (probably lying anyway, looking for more payoff). But all he sold was 20,000. How many MILLION of people had their information stolen in the USA last year alone?
Anyway stupid story, why to go ed. All you gonna get is troll responses from people ticked about outsourcing from the US to india, and going "ohh i told you so" and "serves you right"...
Intelligent discussion that.
out.
And certainly no-one would get away with more than a couple of victims either...
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
Outsourcing isn't going away and we in the USA do more insourcing than outsourcing. It's a matter of what we outsource can cause disruption if the people working it are dim bulbs and not dedicated which is largely a function of the company that took the contract, their hiring practices, and job conditions. McDonald's level practices and conditions doing something that should have IBM level practices and conditions in other words.
As the global network grows and data is flitting about, we're going to need international treaties to start getting drafted recognizing certain rights to security of personal data, and probably a strenghtened international police organization with official rights in signatories' jurisdictions where specific crimes are involved.
It's a good thing I'm moving my mortgage to another company. My present one has outsourced all customer phone service to India and made actual American personel at company headquarters IMPOSSIBLE to reach on the phone. Their Indian call center is under orders to refuse to redirect to the American office under any circumstances. It's gotten so that I would have to file a formal protest with the banking regulators to get them live on the phone.
McDonald's service from an organization whose work nature should be more like a major corporate financial institution.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Did they try the same experience with an english call center? What is their point?
"Agree with them now, it will save so much time."
I'm a bit disappointed by the racism in this comments thread to be honest - you can't expect to get all the benefits of a global free market economy without any of the drawbacks. If your particular skill can be done adequately and cheaper somewhere else then that is what will happen. This is only news because it's in India, who have quite a few companies who are ahead of the curve in some skilled technical roles currently. It's time to stop bitching and retrain in a field that does have a shortfall. Try the services industry, like financial or legal. Or even medical.
Not a lawyer, but at least in the US, wouldn't this be considered entrapment? I don't think we would be able to prosecute this here in the US if something similar occured with a local call center.
Call center employees in the US and Europe don't pull what you'd call high salaries either.
That's true, but offshore call centers make less - they have to, companies wouldn't be outsourcing to them. One of the big problems is, due to exchange rates and costs (the same reason work is outsourced there), it's much cheaper to purchase this type of information from a employee in India.
Think about it, if I read the article right, this guy sold 1000 names for about $8000. That might be his whole annual wage. If someone came to me, as a IT professional in the US and offered me $8000 to sell private corporate information, I would laugh at him. Now if someone came and offered my whole annual salary, I could be tempted. Thing is, private information on 1000 people probably wouldn't be worth my annual salary, or even the annual salary of a call center worker.
Bottom line is you can always find someone that will steal information for you for a price. Outsourcing to India, China or Russia just lowers the price of the information you want.
Find coupons in Greeley
The call center may be in India, but the company you were doing business with that outsourced it is likely here - wherever "here" is for you. While the obvious IANAL applies, if you suffer losses in the course of doing business with a company, aren't they libel and can't they be sued for not taking precautions to protect your data including through whomever they outsource it to?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I'd say your morals are pretty suspect in this.
Actually, they're not suspect at all. They're as bad as the people you let get away with these crimes.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Would there be any way to provide and then innundate these punks with false information? Soon enough if they keep selling false data then they will lose their integrity and people will stop buying from them, potentially.
Cyric Zndovzny at your service.
I can't believe you've posted this. Do you think the average people who work in these places are stupid enough to bite the hand that feeds, over some vague dislike of another country? Newsflash, most of the rest of the world has no love of your nation either, but that doesn't mean we mug every American that we meet in the street.
Is to make the banks financially liable for fraudulent transactions and limit their ability to nail merchants with chargebacks or hold consumers accountable and charge increasing fees. Fee increases should be approved by regulators the way that rate increases for utilities are approved -- require justification for the fee increases and limit them to specific costs so they can't be a general income source.
Credit cards are loopholes big enough to drive an oceanliner through because banks NEVER have to eat the liability associated with fraud and any liability they're stuck with they simply make back with profit in the form of higher fees.
I guarantee you that credit card security would be MUCH more secure if the financial liability for fraud and other misuse hit banks squarely in the profit margin. They would demand much tighter security in addition to financial compensation from credit card networks for fraud they had to cover. This would force Visa and MC to do something more creative (and expensive -- RSA SecureID built into your CC, anyone?).
Um no. You are not responsible for the morally corrupt actions of people you know. That's like blaiming a Target cashier for not refusing to sell a kitchen knife set to someone who makes a joke about feeling stabby in the cashout line and then goes off and kills their family with the knives.
The cashier didn't do it. The murderer did. He didn't scam people, his acquaintence did. Try to keep it straight, will you?
You are checking your backups, aren't you?
Rather than arbitrary rules like that (there can be corrupt or sloppy UK organizations too; as well as excellent Indian ones), make the bank execs liable rather than the poor kid in india. If the bank exec who made that decision served jail time for essentially giving his customer's accounts to criminals, you bet bank execs in the future would be more careful what controls (or lack thereof) they apply on sensitive data they might hold.
Add "insecurity" to the bad risks in the outsourcing equation, on top of "pollution" and "slavery".
--
make install -not war
The banks are as liable for these insecurity breaches as if they let pickpockets clean their vaults unattended. They must now indemnify every customer whose info was processed by the Indian company, and every other one like it, in perpetuity. Against not only the fraud, but the costs of any investigations or damages resulting from the unauthorized distribution of the personal info.
--
make install -not war
> Well, it was to be expected, outsourcing the jobs to a low paid area - workers that are paid fairly are less likely to cheat their employees.
I guess Enron executives were pretty lowly paid too and so they decided to defraud the company and public?
What about WordCom? Were they lowly paid too?
It is easy to take an instance and bash the whole industry in general. But the reality is that there are crooks everywhere and salary has little bearing on the percentage of crooks.
BTW: These people are paid rather well by Indian standards.
Wow, you mean people behave in unethical ways all over the world? I'm shocked, I thought crime was a west-only thing.
bleh, I worked at a phone center here in the US once. It sucked, and I'm certan that the people running it would sell out their call lists if they thought they could get away with it.
autopr0n is like, down and stuff.
Well, he went to NYU so maybe he grew up in NYC. Some cities/neighbourhoods impress their culture on you as much as going to a seminary school everyday would. "Don't snitch if it ain't your business" is an evolutionary-enforced survival instinct in crowded urban areas.
Besides, those may have been childhood friends. You don't rat out a mate especially when you know he'd be facing +10yrs and shower rushes.
I had my place broken into once and completely trashed while I was on vacation. They caught the kids (well, over 18) and put one of them on trial for it. I had a chance to speak before sentencing and the prosecutor had told me the judge was a hardass who hated vandalism and this guy was looking at 2-4yrs. But when I saw him - skinny, poor, terrified - I just couldn't do it. Got up and asked the judge to give him a community sentence and downplayed the effect it had on me and my gf (boy, was my gf furious w/ me). The punishment had to fit the crime and I didn't want this guy getting raped (bad prisons in my area) over a couple of thousand dollars. Long story short, kid got suspended sentence, I forget about it until nearly 10yrs later when I met him on my university campus where he enrolled after eventually pulling his life together. I've got no regrets and would/will do the same again.
but offshore call centers make less - they have to
They might make less in dollar terms, but not less in terms of purchasing power. While I was in Bombay I had a few friends who worked at call centers. For people who graduated from college, call centers with foreign clients were somewhere around the middle of the spectrum of payscales. The only reason people wouldn't work there more than a year or two is because it's such a mindnumbingly boring job.
They might make less in dollar terms, but not less in terms of purchasing power.
BS. Good luck trying to buy a car on India's wages. Even the worst-paid American can afford a car.
The industry spent billions hedging against the small possibility of a Y2K failure, and then outsourced the same applications to a security nightmare like this one. I wonder what "Y2010 Certified" will mean -- heavily vetted personnel, most likely.
---- "If we have to go on with these damned quantum jumps, then I'm sorry that I ever got involved" - Erwin Schrodinger
BTW, I did not state that you are a bigot, I said you sounded like one.
Nobody mentioned DELL...
Why?
Damn company also has people in India answering phones and damn it they make you call lots and lots and lots of times cause they just don't understand freaking ENGLISH!!!!! And then, "ohh, errmm... sir, we cannot fix you computer. Have a good day." Fuck 'em!!!!
Your tech-jobs are belong to India... get it?
I hope the U.S. does not turn out like south american countries where a lot of people don't have jobs or people are not paid enough and companies still expect people to buy their shit. Stupit, isn't it?
Have a good one.
===== "Every head is a different world so don't invade mine you FREAK!" smartSAGA said
I guess even Microsoft dosent realize that "their" entire market base is only a click away from competitors.
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
Not only that but wait until the day dawns we find out that the Indian, Chinese, and Pakistani governments have extensive dossiers on almost every American. "Well, Senator, we see you had some credit card charges at a London casino and took a cab to an address registered to a Miss BoomBoom Botty Call. And also that you filled a Viagra prescription right before you left. Strange that Mrs. Senator was shopping in New York that weekend. She's really going to enjoy that Rolex she bought at Sax, I have one myself. Now what were you saying about trade sanctions?"
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Good luck getting around without a car. Even the worst-paid Indian can afford to take the bus or train
In UK/US/etc. you are being offered about 1 hour of income per customer you sell or about 25 weeks worth of income. Against this you have a high risk of jail time, lifetime loss of earnings, you may lose a job that is hard to replace given high unemployment, etc. In India/China/Etc, you are being offered 20 hours of income per customer or roughly 500 weeks worth of income (almost 10 years) and may have substantially lower risk of jail time and since the job market is so hot, you may not even have trouble replacing your job. To have a similarly effective bribe in the US/UK/etc. they would have to offer you a lot more money.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
The fact that you knew and didn't do anything to stop it makes you pond scum. The people involved in the illegal fraud you were speaking of are less than pond scum.
I suppose you would ok with it if these same people were going around stealing cars... it's the same thing, just via a different path.
Shit like this comes out of my salary, as I work for a CC company. It also raises the cost of credit for everyone, and causes huge problems for people when they go to get loans. I'll bet you that billions of dollars in real money and time comes out of hard working honest people because their credit score was messed up from someone just like your 'buddies'. It also places businesses, especially small businesses, in a very difficult position... as they usually don't get all the money for the product that was stolen from them.
People that do this should be taken outside, 2 at a time and shot in the head with one bullet.
The directors can be prosecuted under the act, jail time isn't an option though.
Deleted
Is this supposed to suggest that Indian call center workers are less trustworthy than American call center workers?
That same data could likely be had from any call center working for any business sector for the appropriate price.
What is the actual crime and the length of the jail term for this crime?
The assumption that India values USA/UK citizens financial privacy is BS if there is no enforcement and no punishment or fines.
I want to know if the UK bank pulled all of its offshore work back to the UK.
The current method of the bank, credit card company, etc paying a fine to the federal government for each name lost, stolen, etc is wrong.
The bank, credit card company should pay each and every PERSON that had his/her data lost/stolen.
Nice flawed analogy. The difference is the Target cashier wouldn't know what the knife was being used for, unlike the GP who was fully aware of his friend's actions. OTOH, if a guy at Target walked up to the till and said "I'd like to buy this knife, I'm planning to violently kill my family with it this afternoon", then, yes, the cashier has a moral (though admittedly not legal) responsibility to refuse the sale.
Oh!! Good Grief. Stop talking like Lou Dobbs. Did they do anything to folks who lost Millions of customer records. Moreover the Indian story is blown out of proportion by some newspaper to gain publicity. Move on....
It has nothing to do with racism, but everything to do with the fact that the legal system is quite different and quite differently enforced than ours here in the west. Does India, Pakistan and other countries have HIPAA or even know what it is much less can the companies where such jobs, and information, has been outsourced to, be held liable in a western court of law for violating these laws? Doubtful.
And then there are the widespread sales of private information as has been reported both here in the states and abroad. Sure, we can outsource the work to a country who pays their workers perhaps 1/10th of what it would cost for the work to be performed by american workers but are the same background checks made and isn't there a greater temptation perhaps to supplement that income through industrial espionage?
Those are the excuses we're given here in the U.S. when they do background and credit checks that indicate that our credit histories may be a bit spotty.
It's got nothing to do with race or location but everything to do with human nature and avarice.
Thus spake the SysGoddess
Actually, in the past, some U.S. companies have used inmate populations for call center grunt labour although I don't believe any financial institutions would have been allowed to. Perhaps they should have. At least the outcomes would have been predictable.
I believe they finally stopped using inmate populations for call center personnel after other forms of abuses began coming to light - such as inmates stalking women whom they'd contacted in the context of their 'job', etc.
Over the past 9 months, I have been issued 3 different mastercard debit cards after mine have appeared on lists faxed to them by Card Services International as having been one of a block of numbers that had been compromised by hackers. Last summer, we weren't notified until many weeks after the event occured and began noticing some unusual charges to our account.
Since our bank is in another state with no branches or ATMs local to us and activating our card requires us to do so in one of their ATMs or at one of their branches only, I can't begin to tell you what a monumental pain in the ass it is each time. The only reason we continue to use the bank is because they offer interest rates that we've not seen matched in our area.
Thus spake the SysGoddess
There's a very simple, almost-free way to deal with this kind of behaviour.
Make all his damn personal information public domain. Address, phone numbers, banking details, etc. Or if you want to be super fair and even-handed, just pass it on to the people whose ID's he sold.
I figure the problem would just kind of quietly disappear on its own.
You might know that they did it, but not have tangible evidence that would be useful to the police. "He told me last friday in the bar that he did credit card fraud five years ago" won't be enough to get an investigate. After all, it's not like the cops in NYC don't have anything to do.
no taxation without representation!
i'll make sure I'll never hire you if $100k can buy your so called "morality".
I said tempted, didn't say I would do it. You expect me to believe that if someone offered you $100K to provide a few names, addresses and credit card numbers you wouldn't think twice about it? Liar.
Find coupons in Greeley
You're awesome. Wish people were more like you in the world.
Sorry man... the Internet pooped on me.
How is the cashier supposed to evaluate if killing the guys family is moral or not? Does he have the all-seeing orb?
I didn't see the name or other significant details of the offender revealed anywhere. It is probably a bigger crime to do that than reveal the private details of a zillion innocent people.
This is how it works. When you don't have anything, something is better than nothing. India has a fucking assload of destitute poor people.
That is not entirely true. Those who work in call centers and programming are fairly well off. True, they live in polluted, crouded places, but they get the best apartments and goods. Once they go inside and lock the doors and windows, they generally have a comfy life-style.
Table-ized A.I.
Fat chance of fixing this 'little difficulty'.
In India the wages given to call center staff are paid well relative to the local economy. The real issues are these: no Indian privacy laws, which makes identity theft hard to prosecute Culturally, there is a different standard of concern about things like bank account numbers and info westerners consider confidential. It is good form in Delhi to give your PIN and ATM card to your friend if he needs a loan There is no Indian national ID, and variability in naming conventions, addressing etc makes managing identity of Indian citizens more fluid. This contributes to cultural attitude. Currently, the only way to limit identifty theft in India is through contract and physical controls; such as no pens and paper leaving the call center.
'The longing to be primitive is a disease of culture' George Santayana
That's irrelevant to my point.
Well, in that case, in america you can't afford to furnish your home with high quality hand-crafted furniture in the US on that salary. You can in India.
Some latest updates from India. The alleged scamster - Karan Bahree is not a "call centre worker". Nor is he a 'computer expert' or a 'web analyst'. He is working on probabtion for the past three months in a company which mainly does web development. He is a junior staff member and is a content writer! Nothing to do with either banking data or call centre. The company where he works, which came into unwanted lime light because of the media hype, today said that it does not deal with financial information or bank related data. It also has no British Bank as clients. It mainly does website designing. Many of the British Banks alleged to have been victims of the fraud have denied that they have call centres in India. Mr Bahree has sent in a written statement to the company saying that he had received the CD from another person named Sameer and handed it to Oliver (Sun's reporter posing as a businessman) and that he was unaware of what was in the CD. Mr Bahree sounds most unconvincing in his BBC interview. The general reaction in India: Most people in India believe that when it comes to similar problems in the west [frauds aren't that uncommon in the west] issues like these become "individual" cases. But when it comes to developing nations like India, a whole country is branded, flogged and criticized for the fault of an individual.
that is amazing. btw, i did grow up in new york, and you don't run your mouth about anything.
all of which is to say, it's a great thing you did.
un burrito me trampeó.
The irony in your statement is that I've had friends killed because they ran their mouths for less.
I was borned and raised in New York, first in a welfare hotel until the age of 14, then a housing projects in Harlem. I lived in a foster home for two years. I'd have to count on two hands the number of childhood friends who'd been killed by the time I got into college, many for much less than snitching on somebody. Someone posted about survival tactics; silence is first and foremost. Snitching is the only cardinal sin where I come from. Everything else is fair.
So your idea of trumpeting the horns of justice whenever someone jaywalks is somewhat of a luxury for me. As a matter of fact, survival was a luxury until school. Whether it makes me pond scum or not, I'll leave up to moral superiors like yourself to decide.
Notwithstanding all of that, I never intimated that they were my "buddies". They were guys I knew. My point in posting was just to show how easy it was to turn such information into revenue and how prevalent it was in my experience.
Regardless of the rather *overkill* nature of your personal attack, I wish you well. In my experience, I've never met a human being with the solid footing to ever make a moral call on another. I guess you could be the first though. Nice to meet you.
un burrito me trampeó.
Your point is relevant now, but incorrect. The purchasing power of the American still outweighs the Indian in this case, because the American can buy his furniture from India.
Have you looked at international shipping prices for heavy objects lately?
Have you looked at prices of American furniture lately? We're shipping furniture from China, so it has to be cost-competitive, even with furniture's 200-300% markup.
I guess all that matters is that you survive and just continue to be the a cog in the wheel. For all you know by not saying something, some husband beat his wife or abused his kids because he was pissed off about someone stealing his identity or messing up his credit score. But who cares about that right? It doesn't affect you directly.