Slashdot Mirror
Indian Call Centre Worker Sells Customer Details
lxt writes "A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi. An IT worker at the call centre handed over details at £4.25 per customer, as well as credit card numbers and account passwords. He claimed could sell over 200,000 account details every month. The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual. The BBC is also covering the story."
Well, it was to be expected, outsourcing the jobs to a low paid area - workers that are paid fairly are less likely to cheat their employees.
Get rid of the call centers, keep them in the country that they expect to be dealing with (UK call centers for UK clients etc)
... the barter system. This newfangled electronic stuff just isn't working out.
GETPKG - Package Management for Slackware
So thats why outsourcing call centers to India is so cheap...
Looks like someone in India is trying to improve their "standards of living". Now either people in India/China/etc get paid more or there is just going to be more people stealing.
In other words, "the jig is up".
I'm not saying "people from India are criminals". I'm saying someone [anywhere] who is paid like shit to do a job is likely going to try and supplement their income. This could [and has] just as easily happen in Canada or the states.
Tip of the iceberg...
Tom
Someday, I'll have a real sig.
I hope companies look at situations like this, and use it in their decision making process to decide whether or not to outsource to other companies. Its one thing if they send them source code to a project and the people sell it, but when they are giving our personal information to another company, they should be damned sure it wont be sold.
- Full name
- Home address
- Phone
- Mother's maiden name
- PIN number
- Favorite password
Please send this information to me accompanied by a money order in the amount of $4.95 to cover my processing fees. I will get the confirmation about the tabloid article back to you ASAP.Decades ago it was the waiter or waitress at the restaurant we used to worry about. When mail order began to grow, it was the person at the other end of the line of a mail-order company. Outsourcing (in country or out of country) is just a form of concentration of this phenomena.
Sending potentially valuable information to people in a high stress, low paying job (in country or out of country, my wife worked in a call center in college) with poor controls is a risk. We have known this since the beginning, but we just seem to relearn the lesson each time.
What do you know I wrote a novel
This story is all over in Indian press.1 300460000.htm 5 0344.cms 5 0670.cms 4 9334
http://us.rediff.com/money/2005/jun/23bpo.htm
http://www.hindustantimes.com/news/181_1408799,00
http://timesofindia.indiatimes.com/articleshow/11
http://timesofindia.indiatimes.com/articleshow/11
http://www.expressindia.com/fullstory.php?newsid=
For having to having to chase payment defaulting customers - 150 rupees.
For handing over personal bank information - priceless.
For everything else, there's "EmbezzleCard".
Gentoo Linux - another day, another USE flag.
Well, the good news is that you're allowed to chop off the offenders hands when caught.
So the Sun offers an unspecified number of Indian Call Centre workers vast amounts of money to provide them with some confidential information and eventually one of them does.
The point of this story is what exactly, that everyone has their price ?
You: "Dammit, my identity got stolen, I'll have to call my bank."
dials...
CS: "Hello sir, my name is Rodney, how may I help you?"
You: "What's with the delay?"
CS: "Hello sir, my name is Rodney, may I help you today?"
You: "Um...OK, my identity got stolen. Can you help me?"
CS: "OK, sir, first reboot your PC."
You: "Wait a sec, this isn't a tech call."
CS: "Tell me your personal information, so I can find out your account."
You: "OK..."
IGB: More fun than eating oatmeal!
I used to work at a homeless shelter (in the US), a lot of the guys would get jobs at call-centers. Almost all of them tried to pull something like that. That said, nobody I ever met would have pulled over 100...
My most esteemed colleague,
Please excuse my unforgiveable oversight in neglecting to put a return address. In my excitement to be making such excellent contacts in your country, I was clearly negligent. Please remit all sums to:
Post Office Stop A
Lagos State
Nigeria
I cannot tell you how grateful I am to find such a kind and professional person such as yourself, and I look forward to a mutually beneficial financial arrangement. Please send the money right away!
I know many will make the claim, "It's because it's in India with low paid workers." Let's remember the news in the US this year. How many breaches of security (CitiGroup, FDIC, Lexus Nexus, more have resulted in lost or stolen personal information in the United States of America? How many of these breaches were by high paid workers? It is not a matter of where or who lost or stole information. The core issue is the ignorance of the value of information. Personal information is the new commidity and big corporations have not had the epiphany or received the memo saying so. When they and consumers realize there is real money at stake, all will stand up and take notice.
One ring to bind them - should probably have more fiber and less rings in their diet.
Thank goodness they don't have call centers like this in prisons. I thank god every day that there is no way my personal information could make its way to foreign terrorists who could use it to raise funds for their operations. The US and British governments would never allow that to happen. No matter how important commerce is to the US, they would never put it before the safety, health and well-being of its citizens. (this email written in 1980, left in Draft folder for 25 years and only now mailed).
They are required by law to put provisions in place to make sure that customer data isn't revealed.
The act *is* flawed in that it allows data to be sent to countries without similar data protection if they have a contract in place, it shouldn't allow that in the first place. But the contract in place with the oursourcing organisation should make sure that they have sufficient safeguards in place to stop this, the fact that it's happening says that the outsourcing companies are in breach of contract and the banks haven't put sufficient safeguards in place, an offence against the data protection act, 1998.
We need some prosecutions against CIOs, CEOs and the like. A couple of years in prison would improve their attitude to data protection.
Deleted
Hopefully they will clamp down hard on this. The data protection act is one of the best laws there are and I want it fully enforced, and I want call centre jobs back here - i don't care if theres a shortage of workers, i would rather wait 10 minutes on hold.
This comment does not represent the views or opinions of the user.
This is only making news because it's an offshore company for a Western financial institution. Maybe because companies are now supposed to tell their clients when their personal information has been compromised (which has *never* happened in house, right?).
Is it that the low-paid workers are more likely to steal, or, that these offshore companies just have less security, and a less-thorough recruitment process? Problem that domestic businesses deal with as well.
Enron and Parmalat have shown us that no matter where you are on the corporate ladder, there are rotten branches on the tree.
--- Dan
No outsourcing = no crime. Is that what you're saying?
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
Aside from the facts that the vast majority of educated Indians can speak English, most of them aren't particularly anti-American, and you sound like a complete bigot, you may have had a point.
Bitter much?
If one employee can walk off with thousands of customers' private data, then the system is putridly designed.
Three things need to happen:
Just increasing the workers' pay is not going to help. They are already rich compared to most of their countrymen.
The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual.
They are barking up the wrong tree. If only the individual in another jurisdiction is liable to sanction, why is it allowed for British banks to move personal information to foreign countries in the first place? Shouldn't the bank be fined for failing to protect personal information of British citizens?
Abuse of power by employees is not something new or interesting, but the accountability issue is. Personal information should only be moved between countries with similar protections against abuse. Having said this, I don't know anything about British law on this issue.
Companies outsource jobs primarily because it is cheaper than providing the job themselves (this is especially true for jobs outsourced to other countries). We all know that. Part of the reason the jobs are cheaper to the company is because they do not have to worry about a host of expenses, including for example the cost of complying with governmental regulations related to the outsourced job.
I personally believe, however, that a company should still be required to enforce all regulations which protect the citizens of the source country (in this case, the UK). If it turns out the company is not able to force compliance with the governing regulation for whatever reason then it should be illegal to outsource that particular function. And if they are able to force compliance then the source company should be held liable for failure to comply by the outsourcing company with all of the associated penalties. The result would be that the source company could not avoid the cost of insuring regulations were followed and the outsourcing company would incur the cost of compliance as well.
This would have at least two effects. The cost of outsourcing would be more in line with competition in the source country and the citizens of the source country would not lose the protection afforded them by law.
The NSA: The only part of the US government that actually listens.
As a result, they ended up having contracts with people who didn't care all that much about their data, or what it meant. This is another example of why that's so screwed up.
Now, things will even out. All the smaller outsourcing firms will lose out and only the big players will remain - they may charge more, but they also pay more and will usually have procedures in place that will prevent this sort of thing.
So you are saying that greedy managers everywhere have yet again been reminded of something the rest of us mortals already know? That quality costs money, even in outsourcing. What a surprise! Professionalism may cost less money in India but it will still costs more than average.
Only to idiots, are orders laws.
-- Henning von Tresckow
There have been studies that have shown that, when companies pay less than market-value for the jobs they have, employee theft goes up. To think that people in India are willing to work for a pitance of what workers in countries like the US and Europe make is ridiculous. When corporations bombard people with images of countries that have a standard of living higher than their own, it's not long before they want that standard of living too.
All people want to be able to make their lives better; for themselves and their family. When the impoverished see wealthy people eating steak, the bowl of gruel in front of them doesn't look very tasty. When people see something they really want, wether it's a plate of food or a life style, they will beg, borrow and steal to get it.
The solution? Companies need to pay people enough money that the employee can see they are making progress towards their dreams and goals, not just getting by from paycheck to paycheck.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
There is a significant segment of the US Banking, Insurance and Healthcare billing infrastructure that is managed off-shore. This means that someone in India has all the admin rights they need to packet sniff, say, an ATM connection or a mainframe access that some clerk in Boise uses to input your info for that mortgage/car loan/credit card. Chew on that for a second.
Off-shoring data entry was bad, off-shoring call centers marginally worse, but giving the ability to bring most of our monetary system's infrastructure to it's knees over to another country, any country, is a very,very bad idea.
The short-sightedness (is that a word?)of the concept baffles me. You find a off-shore person who will work for a fraction of the cost of his local counterpart and use him to replace the local guy. The off-shore asset doesn't pay taxes into the US system, he doesn't use the US facilities (banks, hospitals, insurance companies, etc) that he supports. The local guy no longer pays taxes, does drain the system elsewhere through aid programs, defaults on bank loans and credit cards, no longer can afford private insurance, defaults on hospital bills etc, doesn't buy the big ticket items (like cars) anymore, which drives up the cost of living for everyone. It's a downward spiral; sure, in the short term, corporate profits look better, but you've incurred basic erosion of the customer base. It happened in the textile, electronic and automoblie industries and those actually move hard goods back and forth. Moving ones and zeros across the wire it much easier, but potentially much more destructive.
I agree, this is only the tip of the iceberg.
I thought a recently-introduced European law (THANK GOD FOR EUROPE!) prevented the export of client data to outside of Europe without their consent. Did any of those banks and companies inform their customers that their data will be exported and specifically seek their consent for that?
when I arrived here to Costa Rica first, to set up some network stuff and firewalls, I was told that the previous tech was chased by the neighbour outside with a gun in hand because he stole casino player data ....
...
... and would keep people selling other's sensitive info ...
well, before you think that it was your average latino guy that carries a gun i have to tell that it was a US businessman who operates a casino here
well I think if instead of the police, some big guy chases you down the street with a gun every time you touch data that does not belong to you - really makes the point
"where there is gambling, there are criminals"
I was waiting for this response.
I think that the Data Protection Act is a wonderful idea, along with all the other privacy related laws that the EU and the US have implemented.
Unfortunately, they all suffer the same weakness - people. No matter how well written the laws become, there will always be someone who has access to valuable information who is willing to sell / destroy / manipulate it for profit.
I think that, in addition to the laws currently on the books, that they should get extended to provide real penalties to companies and people in breach. I also think that there needs to be a greater push made for systems and software that minimises the risk of damage that any one person can make when it deals with information related to these Acts - perhaps a real, useful ISO standard or somesuch (as opposed to ISO 9000 / CMM - where our processes are bad, but they are well documented and traceable).
InfoSec that matters, when it counts.
I've worked in a call center in the Philippines. For background, the Philippines is another popular call center location for US companies since there are fewer accent problems and the culture is remarkably American. The Phils is a better location for call centers than India, excepting the technology related fields, though the pool of workers with the proper skills is close to exhausted for the time being.
Anyway, at one point, a guy used someone's credit card to buy roses for his girlfriend. That's below criminal, and into the "just plain stupid" range.
After that, the company locked down everything. No cell phones on the floor, etc. Reps who regularly deal with sensitive e-mail don't even have access to e-mail. Access to sites like Yahoo is blocked from their computer and I'm not sure what else
While all activity is monitored, last I heard they were looking for a way to automate their search for suspicious behavior. (scanning logs for when a user opens notepad and types a credit card number. Probably not too hard in Perl, but I don't know the language.)
People talk about lower standards of living in other countries, forgetting that this is partly made up for by the fact that it's a lot CHEAPER to live overseas than in the United states. So while poverty in 3rd world countries is rampant, if you pay someone a halfway decent wage, the money goes a long way there.
And when you get down to it, it would be pretty tough to run a call center in the US staffed with college grads, like you could do in the Philippines, and keep it open 24 hours a day.
The fact that it's harder to prosecute people overseas is a problem. The company I worked for was based in the US, though, so it was still liable under US law. And I think that the company's potential liability was a selling point with potential clients.
Of course, one element in every crime is opportunity. The black market in the Philippines seemed much bigger than in the states which should increase the opportunity to sell things a person shouldn't be selling, be they pirated DVDs or CC#s
___
It's the end of my comment as I know it and I feel fine.
One of the big problems with outsourcing is the lack of control over the outsourced workers/company/etc. In particular, there is a problem with convicting somebody who resides in a different country with different laws, etc. Even when the laws add up on both sides, it's often hard enough to make the system "work" on a local/federal level, with internationally being even more difficult.
This kind of thing happens because we let it happen. Yet we still hand our money over to these companies so they can continually screw us over, outsource our jobs, and give us seriously inferior service and lose our personal information to foreign criminals, incompetent courier services, and bad security practices. We, as customers, have the right to hold these companies accountable for this kind of crap by how we choose the services we use. If you don't like Indian Outsourcing, then do not use the services of companies that use it. Take your money elsewhere. Convince someone else to do the same. Eventually, if you hit them in the wallet, it will affect their bottom line enough and they will reverse the trend. They did this very well in the 60's and it was called a boycott. We should also petition our representatives to create laws to outlaw handling of customer personal information by citizens of foreign companies, except in circumstances where International Commerce is taking place (IANAL, so the specifics would need to be addressed by those that are). While it will not eliminate this sort of crime, it would go a long way in isolating it to a region of the world where the victims at least understand the laws and can have some small chance of seeing justice served. Wishful thinking, I know, but at least it gives the illusion that something is being done.
The disease is a lack of responsibility of all kinds across our culture. Corporate execs should be personally responsible for known bad practices followed for slightly financial gain on their watch, for instance - a sense of good practices would then be taken personally by those officers.
This is a problem exacerbated by outsourcing and also one reason FOR outsourcing this sort of thing. But it is not a problem particular to _offshoring_ - the problem is with companies' belief that contracting the work gets them free from responsibility for managing the safety of their customer's data - which they aren't very good at anyway. Offshoring makes legal enforcement trickier, but that's really not nearly the prime problem here.
What you need is a legal system providing substantial penalties to the banks - or anyone else collecting similar information - if they "lose" your data. These penalties should start with statutory minimum class-action penalties which automatically increase over several years and then add corporate officer liability in cases of negligence, not just malice.
Then, offshored or not, outsourced or not, they'll FIND a way to keep your information safe.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
By doing business with them. It's not their problem if you failed to read the entire page of disclosures that was printed in Flyspeck 3 font.
Best Slashdot Co
Link
So anyway, a worker with all those medical records contacts the hospital and ransoms their records. Great fun.
Call center employees in the US and Europe don't pull what you'd call high salaries either.
That's true, but offshore call centers make less - they have to, companies wouldn't be outsourcing to them. One of the big problems is, due to exchange rates and costs (the same reason work is outsourced there), it's much cheaper to purchase this type of information from a employee in India.
Think about it, if I read the article right, this guy sold 1000 names for about $8000. That might be his whole annual wage. If someone came to me, as a IT professional in the US and offered me $8000 to sell private corporate information, I would laugh at him. Now if someone came and offered my whole annual salary, I could be tempted. Thing is, private information on 1000 people probably wouldn't be worth my annual salary, or even the annual salary of a call center worker.
Bottom line is you can always find someone that will steal information for you for a price. Outsourcing to India, China or Russia just lowers the price of the information you want.
Find coupons in Greeley
I'd say your morals are pretty suspect in this.
Actually, they're not suspect at all. They're as bad as the people you let get away with these crimes.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I can't believe you've posted this. Do you think the average people who work in these places are stupid enough to bite the hand that feeds, over some vague dislike of another country? Newsflash, most of the rest of the world has no love of your nation either, but that doesn't mean we mug every American that we meet in the street.
Well, he went to NYU so maybe he grew up in NYC. Some cities/neighbourhoods impress their culture on you as much as going to a seminary school everyday would. "Don't snitch if it ain't your business" is an evolutionary-enforced survival instinct in crowded urban areas.
Besides, those may have been childhood friends. You don't rat out a mate especially when you know he'd be facing +10yrs and shower rushes.
I had my place broken into once and completely trashed while I was on vacation. They caught the kids (well, over 18) and put one of them on trial for it. I had a chance to speak before sentencing and the prosecutor had told me the judge was a hardass who hated vandalism and this guy was looking at 2-4yrs. But when I saw him - skinny, poor, terrified - I just couldn't do it. Got up and asked the judge to give him a community sentence and downplayed the effect it had on me and my gf (boy, was my gf furious w/ me). The punishment had to fit the crime and I didn't want this guy getting raped (bad prisons in my area) over a couple of thousand dollars. Long story short, kid got suspended sentence, I forget about it until nearly 10yrs later when I met him on my university campus where he enrolled after eventually pulling his life together. I've got no regrets and would/will do the same again.
It has nothing to do with racism, but everything to do with the fact that the legal system is quite different and quite differently enforced than ours here in the west. Does India, Pakistan and other countries have HIPAA or even know what it is much less can the companies where such jobs, and information, has been outsourced to, be held liable in a western court of law for violating these laws? Doubtful.
And then there are the widespread sales of private information as has been reported both here in the states and abroad. Sure, we can outsource the work to a country who pays their workers perhaps 1/10th of what it would cost for the work to be performed by american workers but are the same background checks made and isn't there a greater temptation perhaps to supplement that income through industrial espionage?
Those are the excuses we're given here in the U.S. when they do background and credit checks that indicate that our credit histories may be a bit spotty.
It's got nothing to do with race or location but everything to do with human nature and avarice.
Thus spake the SysGoddess
You might know that they did it, but not have tangible evidence that would be useful to the police. "He told me last friday in the bar that he did credit card fraud five years ago" won't be enough to get an investigate. After all, it's not like the cops in NYC don't have anything to do.
no taxation without representation!