Slashdot Mirror
Indian Call Centre Worker Sells Customer Details
lxt writes "A British tabloid newspaper managed to buy the personal details of over 1000 bank customers from an off-shore call centre based in Delhi. An IT worker at the call centre handed over details at £4.25 per customer, as well as credit card numbers and account passwords. He claimed could sell over 200,000 account details every month. The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual. The BBC is also covering the story."
Well, it was to be expected, outsourcing the jobs to a low paid area - workers that are paid fairly are less likely to cheat their employees.
Get rid of the call centers, keep them in the country that they expect to be dealing with (UK call centers for UK clients etc)
... the barter system. This newfangled electronic stuff just isn't working out.
GETPKG - Package Management for Slackware
Looks like someone in India is trying to improve their "standards of living". Now either people in India/China/etc get paid more or there is just going to be more people stealing.
In other words, "the jig is up".
I'm not saying "people from India are criminals". I'm saying someone [anywhere] who is paid like shit to do a job is likely going to try and supplement their income. This could [and has] just as easily happen in Canada or the states.
Tip of the iceberg...
Tom
Someday, I'll have a real sig.
- Full name
- Home address
- Phone
- Mother's maiden name
- PIN number
- Favorite password
Please send this information to me accompanied by a money order in the amount of $4.95 to cover my processing fees. I will get the confirmation about the tabloid article back to you ASAP.Decades ago it was the waiter or waitress at the restaurant we used to worry about. When mail order began to grow, it was the person at the other end of the line of a mail-order company. Outsourcing (in country or out of country) is just a form of concentration of this phenomena.
Sending potentially valuable information to people in a high stress, low paying job (in country or out of country, my wife worked in a call center in college) with poor controls is a risk. We have known this since the beginning, but we just seem to relearn the lesson each time.
What do you know I wrote a novel
This story is all over in Indian press.1 300460000.htm 5 0344.cms 5 0670.cms 4 9334
http://us.rediff.com/money/2005/jun/23bpo.htm
http://www.hindustantimes.com/news/181_1408799,00
http://timesofindia.indiatimes.com/articleshow/11
http://timesofindia.indiatimes.com/articleshow/11
http://www.expressindia.com/fullstory.php?newsid=
For having to having to chase payment defaulting customers - 150 rupees.
For handing over personal bank information - priceless.
For everything else, there's "EmbezzleCard".
Gentoo Linux - another day, another USE flag.
Well, the good news is that you're allowed to chop off the offenders hands when caught.
So the Sun offers an unspecified number of Indian Call Centre workers vast amounts of money to provide them with some confidential information and eventually one of them does.
The point of this story is what exactly, that everyone has their price ?
You: "Dammit, my identity got stolen, I'll have to call my bank."
dials...
CS: "Hello sir, my name is Rodney, how may I help you?"
You: "What's with the delay?"
CS: "Hello sir, my name is Rodney, may I help you today?"
You: "Um...OK, my identity got stolen. Can you help me?"
CS: "OK, sir, first reboot your PC."
You: "Wait a sec, this isn't a tech call."
CS: "Tell me your personal information, so I can find out your account."
You: "OK..."
IGB: More fun than eating oatmeal!
My most esteemed colleague,
Please excuse my unforgiveable oversight in neglecting to put a return address. In my excitement to be making such excellent contacts in your country, I was clearly negligent. Please remit all sums to:
Post Office Stop A
Lagos State
Nigeria
I cannot tell you how grateful I am to find such a kind and professional person such as yourself, and I look forward to a mutually beneficial financial arrangement. Please send the money right away!
I know many will make the claim, "It's because it's in India with low paid workers." Let's remember the news in the US this year. How many breaches of security (CitiGroup, FDIC, Lexus Nexus, more have resulted in lost or stolen personal information in the United States of America? How many of these breaches were by high paid workers? It is not a matter of where or who lost or stole information. The core issue is the ignorance of the value of information. Personal information is the new commidity and big corporations have not had the epiphany or received the memo saying so. When they and consumers realize there is real money at stake, all will stand up and take notice.
One ring to bind them - should probably have more fiber and less rings in their diet.
They are required by law to put provisions in place to make sure that customer data isn't revealed.
The act *is* flawed in that it allows data to be sent to countries without similar data protection if they have a contract in place, it shouldn't allow that in the first place. But the contract in place with the oursourcing organisation should make sure that they have sufficient safeguards in place to stop this, the fact that it's happening says that the outsourcing companies are in breach of contract and the banks haven't put sufficient safeguards in place, an offence against the data protection act, 1998.
We need some prosecutions against CIOs, CEOs and the like. A couple of years in prison would improve their attitude to data protection.
Deleted
No outsourcing = no crime. Is that what you're saying?
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
The British police force has passed on details to Interpol and the Indian authorities, in an attempt to prosecute the individual.
They are barking up the wrong tree. If only the individual in another jurisdiction is liable to sanction, why is it allowed for British banks to move personal information to foreign countries in the first place? Shouldn't the bank be fined for failing to protect personal information of British citizens?
Abuse of power by employees is not something new or interesting, but the accountability issue is. Personal information should only be moved between countries with similar protections against abuse. Having said this, I don't know anything about British law on this issue.
Companies outsource jobs primarily because it is cheaper than providing the job themselves (this is especially true for jobs outsourced to other countries). We all know that. Part of the reason the jobs are cheaper to the company is because they do not have to worry about a host of expenses, including for example the cost of complying with governmental regulations related to the outsourced job.
I personally believe, however, that a company should still be required to enforce all regulations which protect the citizens of the source country (in this case, the UK). If it turns out the company is not able to force compliance with the governing regulation for whatever reason then it should be illegal to outsource that particular function. And if they are able to force compliance then the source company should be held liable for failure to comply by the outsourcing company with all of the associated penalties. The result would be that the source company could not avoid the cost of insuring regulations were followed and the outsourcing company would incur the cost of compliance as well.
This would have at least two effects. The cost of outsourcing would be more in line with competition in the source country and the citizens of the source country would not lose the protection afforded them by law.
The NSA: The only part of the US government that actually listens.
when I arrived here to Costa Rica first, to set up some network stuff and firewalls, I was told that the previous tech was chased by the neighbour outside with a gun in hand because he stole casino player data ....
...
... and would keep people selling other's sensitive info ...
well, before you think that it was your average latino guy that carries a gun i have to tell that it was a US businessman who operates a casino here
well I think if instead of the police, some big guy chases you down the street with a gun every time you touch data that does not belong to you - really makes the point
"where there is gambling, there are criminals"
I've worked in a call center in the Philippines. For background, the Philippines is another popular call center location for US companies since there are fewer accent problems and the culture is remarkably American. The Phils is a better location for call centers than India, excepting the technology related fields, though the pool of workers with the proper skills is close to exhausted for the time being.
Anyway, at one point, a guy used someone's credit card to buy roses for his girlfriend. That's below criminal, and into the "just plain stupid" range.
After that, the company locked down everything. No cell phones on the floor, etc. Reps who regularly deal with sensitive e-mail don't even have access to e-mail. Access to sites like Yahoo is blocked from their computer and I'm not sure what else
While all activity is monitored, last I heard they were looking for a way to automate their search for suspicious behavior. (scanning logs for when a user opens notepad and types a credit card number. Probably not too hard in Perl, but I don't know the language.)
People talk about lower standards of living in other countries, forgetting that this is partly made up for by the fact that it's a lot CHEAPER to live overseas than in the United states. So while poverty in 3rd world countries is rampant, if you pay someone a halfway decent wage, the money goes a long way there.
And when you get down to it, it would be pretty tough to run a call center in the US staffed with college grads, like you could do in the Philippines, and keep it open 24 hours a day.
The fact that it's harder to prosecute people overseas is a problem. The company I worked for was based in the US, though, so it was still liable under US law. And I think that the company's potential liability was a selling point with potential clients.
Of course, one element in every crime is opportunity. The black market in the Philippines seemed much bigger than in the states which should increase the opportunity to sell things a person shouldn't be selling, be they pirated DVDs or CC#s
___
It's the end of my comment as I know it and I feel fine.
There are things which can be done, as other posters have mentioned, segregation of duties and access, data obfuscation to minimise the kind of damage done. Sounds like none of that was implemented.
" in addition to the laws currently on the books, that they should get extended to provide real penalties to companies and people in breach."
Absolutely. A law without enforced penalties is a waste of time and money. There *has* been an offence against the DPA here, the customer data is evidence. The law requires proactive implementation of safeguards to stop it happening, though it doesn't specify what those safeguards should be.
At the moment, people found guilty of an offence can only be fined a maximum of £5000 (Per offence?). I think that we need prison as an option.
Deleted
The disease is a lack of responsibility of all kinds across our culture. Corporate execs should be personally responsible for known bad practices followed for slightly financial gain on their watch, for instance - a sense of good practices would then be taken personally by those officers.
This is a problem exacerbated by outsourcing and also one reason FOR outsourcing this sort of thing. But it is not a problem particular to _offshoring_ - the problem is with companies' belief that contracting the work gets them free from responsibility for managing the safety of their customer's data - which they aren't very good at anyway. Offshoring makes legal enforcement trickier, but that's really not nearly the prime problem here.
What you need is a legal system providing substantial penalties to the banks - or anyone else collecting similar information - if they "lose" your data. These penalties should start with statutory minimum class-action penalties which automatically increase over several years and then add corporate officer liability in cases of negligence, not just malice.
Then, offshored or not, outsourced or not, they'll FIND a way to keep your information safe.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
Call center employees in the US and Europe don't pull what you'd call high salaries either.
That's true, but offshore call centers make less - they have to, companies wouldn't be outsourcing to them. One of the big problems is, due to exchange rates and costs (the same reason work is outsourced there), it's much cheaper to purchase this type of information from a employee in India.
Think about it, if I read the article right, this guy sold 1000 names for about $8000. That might be his whole annual wage. If someone came to me, as a IT professional in the US and offered me $8000 to sell private corporate information, I would laugh at him. Now if someone came and offered my whole annual salary, I could be tempted. Thing is, private information on 1000 people probably wouldn't be worth my annual salary, or even the annual salary of a call center worker.
Bottom line is you can always find someone that will steal information for you for a price. Outsourcing to India, China or Russia just lowers the price of the information you want.
Find coupons in Greeley
I'd say your morals are pretty suspect in this.
Actually, they're not suspect at all. They're as bad as the people you let get away with these crimes.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You've got to be kidding. Reporting a factual story is 'in poor taste'? This isn't the first time serious stories like this have come up. In the not so distant past....we had reports of a lady in India threatening to sell/release private medical information on US citizens if she wasn't paid some $$'s. And you seem to think that being nationalistic is something bad?? Why would anyone NOT want their country to come out on top? This life is a constant struggle, a perpetual contest to see who can win. Life IS competition, and frankly, I'd like to be on the winning side as often as possible. And while I don't advent keeping anyone down, I certainly am not altrusitic enough to want to give to others 'till it hurts'. I not only don't want others to succeed at our expense, but, I can't stand the fact that our country is actively hurting our citizens by thoughtlessly shipping our tech jobs overseas for a short term gain, but, losing sight of the long term detrimental effects....the main one being that if we don't have tech people working here, how will we continue to innovate? Already, we see the effects in that our young people are NOT working toward computer and other tech degrees as much as in the past.
"Which is not surprising, considering that offshoring/outsourcing is such a contentious topic right now. The average person, with zero knowledge about Economics, already believes the Indians and the Chinese are going to rob them of their jobs. Now those dirt poor foriegners are going to take their credit card numbers as well. The hypocrisy is, as you point out, this happens every day in Western parent companies. Which is fine, because everyone would rather be embezzled by their neighbor than someone they don't know."
to a point, you are right. Sure, there are criminal types all over the world. However, different cultures have different degrees of what they consider to be crimes. It does seem that India does not view privacy ideals, and minor theft of such as great of a crime as it is in the US by statute. Sure we have people that will do the same here in the US. However, we can catch them here and prosecute them. I doubt the same can be said of India. And lets face it...people in a country are going to be a bit more careful with treating their own people and their information than they will that of peoples of other countries. Someone that might be on the 'brink' of doing something wrong like this might think twice if it is a fellow countryman's info, rather than a foreigner's information.
And finally....you and others keep saying "In the long run, it will be better". Better for who? I cannot see how this benefits the US at all....shipping off jobs and creating unemployment for our citizens....giving no incentive for our young to go into tech fields..sure, we get some cheaper goods, but, in the end, if we have no decent paying jobs...who will be able to buy these cheap goods? Like I said, I have no problem with anyone in the world trying to improve their lot in life...but, not at my expense.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
See also Mithrandir86 's responses to other posts of the same ilk on the same subject.
By offshoring of jobs in the medical, insurance and banking fields, industries that will not expand based into the developing companies, except on a macro- or highest (read stockholder) level, we're effectively gutting the middle class's support of these industries.
If free trade is the argument, why do US (any parent country) companies routinely offer goods in these developing companies at a fraction of the cost to their US consumer counterparts in order to gain market share? How are these "loss leaders" paid for? By the US (any parent country) consumers.
By looking at the situation with rose-colored glasses and calling it free trade, you miss the underlying effects. The countries that are benefitting from the off-shoring don't reciprocate by exporting jobs, and overall don't usually utilize US (parent country) goods or services, instead the US (parent country) goods and services usually end up competing with government sponsored goods and services, which, by definition, must be below a competitive price point in order to be effectivly subsidized.
I agree that it is quite easy to move a "corporation" off-shore. But if a company has 15 executives and salesmen in the US and 1300 workers in another country, are they still a "US" company or should they be considered as such? Microsoft considers itself a US company, specifically a Washington state based company, but many of it's letters of incorporation are filed in Nevada, whereby they avoid over a $140 million in local Washington state taxes a year. They are "Redmond, Washington" in name only, and the land tax breaks that Washington gave them years ago in order to bring jobs to the area are being mitigated by Microsoft's increasing off-shoring of thier code work and slick legal wrangling. I can name several countries that will allow MS to relocate the corporation lock-stock-and letterhead to it's shores for a fraction of that. And based on US laws nothing precludes them from doing that, and still exploiting our market in such a monopolistic fashion....but it's free trade so that has to be good. Right?
Is mentioning Microsoft and monopoly in the same post the IT equivalent of Godwin's Law http://en.wikipedia.org/wiki/Goodwin's_law?
Well, he went to NYU so maybe he grew up in NYC. Some cities/neighbourhoods impress their culture on you as much as going to a seminary school everyday would. "Don't snitch if it ain't your business" is an evolutionary-enforced survival instinct in crowded urban areas.
Besides, those may have been childhood friends. You don't rat out a mate especially when you know he'd be facing +10yrs and shower rushes.
I had my place broken into once and completely trashed while I was on vacation. They caught the kids (well, over 18) and put one of them on trial for it. I had a chance to speak before sentencing and the prosecutor had told me the judge was a hardass who hated vandalism and this guy was looking at 2-4yrs. But when I saw him - skinny, poor, terrified - I just couldn't do it. Got up and asked the judge to give him a community sentence and downplayed the effect it had on me and my gf (boy, was my gf furious w/ me). The punishment had to fit the crime and I didn't want this guy getting raped (bad prisons in my area) over a couple of thousand dollars. Long story short, kid got suspended sentence, I forget about it until nearly 10yrs later when I met him on my university campus where he enrolled after eventually pulling his life together. I've got no regrets and would/will do the same again.