Results 1 to 5 of 5

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

  1. #1
    Senior Member jp_48504's Avatar
    Join Date
    Apr 2005

    Indian call center under suspicion of ID breach ... d.newsfeed

    Indian call center under suspicion of ID breach
    By Dinesh C. Sharma, CNET
    Published on ZDNet News: August 16, 2005, 11:17 AM PT

    An undercover operation that allegedly found customers' data for sale by outsourcers has rocked the Indian software and service industry.

    The Australian Broadcasting Corporation reported on Monday that its TV program "Four Corners" was able to get hold of the personal details of Australian customers from an unidentified journalist working undercover in an Indian call center. The same writer recently helped British tabloid The Sun to buy the sensitive data on British citizens.

    "The Australian samples appeared to have come from a call centre in Gurgaon," according to a transcript of the program. "The kind of details they provided was alarming--not just the names and addresses of Australian customers but also their telephone numbers, birth certificate details, Medicare numbers, driver's license numbers (and) ATM card numbers."

    ABC did not name the call center involved, but said the provider had been hired by Switch Mobile, an Australian telemarketing company. The Gurgaon center contracted out calls made to Australians to another Indian company, Brick & Click, thus creating a further layer of insecurity, the program said. Switch Mobile has since canceled its contract with the unnamed Indian center.

    The National Association of Software and Service Companies, an Indian trade body, has asked ABC to provide details of the operation so that the matter can be reported to law enforcement officials.

    "Such reports emanate from 'entrapment operations,' and no person has reported any harm yet," Nasscom said. "In the absence of a formal complaint, even the enforcement officials cannot launch formal investigations and apprehend the criminals."

    Nasscom said it would work with authorities in Australia and India to nab the culprits.

    "Indian IT companies undertaking work for global companies contractually comply with all the requirements of the relevant privacy and data protection laws of the home country, as well as other security and confidentiality safeguards," Nasscom said. "Each of our customers must perform strict due diligence on all their vendors and ensure contractual commitments to relevant laws."

    In the wake of concerns over data security in call centers working for overseas clients, Nasscom has decided to create a register of IT workers hired in call centers. At present, about 350,000 workers are employed in the business process outsourcing sector and the number is projected to grow to a million in another three years.

    Prime Minister Manmohan Singh reviewed the matter recently with IT industry leaders and ordered that the Information Technology Act be amended to make it more stringent.
    I stay current on Americans for Legal Immigration PAC's fight to Secure Our Border and Send Illegals Home via E-mail Alerts (CLICK HERE TO SIGN UP)

  2. #2

    Join Date
    Jan 1970
    Lonetree, CO
    543 ... le&sid=205

    By Zubair Ahmed
    BBC News, Mumbai

    The arrest last week of a man in western India in an alleged call-centre fraud case went unreported. This was despite the high-profile reporting on the case in April when 16 others were arrested.

    This suited India's business process outsourcing (BPO) companies, especially Mphasis, whose four employees have been implicated in the case. They are yet to recover from the shock of the alleged fraud of nearly $400,000.

    Amid calls for tightening BPO regulations and more effective cyber laws the country's call centres are busy taking adequate security measures. Another one or two such cases and the industry is doomed, they admit.

    Police, who are still investigating the case, believe it was well thought through and very organised.

    Investigating officer Sanjay Yadav says the latest arrest just highlights how well-planned and widespread the fraud was.

    Backlash fears

    Police say some of the 17 people currently languishing in jail opened fake accounts, and allegedly transferred large sums from the bank accounts of four American customers of Citibank whose back office work was being done by Mphasis in Pune near Mumbai.

    "Fake degrees and documents are a major concern of our clients" Yogesh Bhura, Quest Research

    Mr Yadav says they went on a luxurious holiday to Bangkok and kept transferring more money into their fake accounts from the Thai capital.

    The industry, fearing a backlash from clients in the West, has started to get its act together.

    One of the security steps the BPO centres are taking is the stringent background screening of new employees.

    Yogesh Bhura, whose company, Quest Research, undertakes this task, has more than 250 BPO customers.

    He has clients all over Asia, but many of his new customers are Indian.

    But Mr Bhura's main challenge remains "educating people of the need to make this critical activity an integral part of their recruitment policy."

    He reveals that 10-25% of applicants to call centres provide false and incorrect information.

    "Fake degrees and documents are a major concern of our clients," he says.


    But verifying an applicant's criminal background remains the most challenging task for companies such as Mr Bhura's and he admits it: "It's a grey area: there's no central data of criminals, there's no standardised process of data storage in police stations. It's a continuous challenge."

    Many believe background screening is not enough. Mr Bhura is quick to add a rider: "It's a risk mitigation and not a risk elimination activity."

    But one of his clients, Intellinet Global Services, a joint venture between HDFC and Barclays, says background verification is not the only security tool it's applying.

    "We take a lot of precautions," says Manuel D'Souza, the company's HR head.

    "We don't allow mobile phones in the office, no e-mail access is provided; pen and papers are not allowed in and all employees are screened when they leave the office."

    But experts say call centres are a young industry in India. It still doesn't have a comprehensive security management system in place.

    Vinod Singh, boss of Bangalore-based security management company Ilantus, is alarmed by the state of affairs the BPO companies are in.

    "Our understanding of most of the BPOs that we have been surveying is that they have put the basic IT systems in place, they have put in a lot of money, but the management of IT infrastructure is not up to the mark," he says.

    This is one of the major problems with the $4bn BPO industry, which began to flourish in India just five years ago.

    Security hole

    According to industry estimates, 80% of BPO companies don't use integrated security management tools. That probably explains why some current and former employees of Mphasis, which has a security certification from an international trade body, allegedly stole huge sums belonging to its clients in the U.S.

    Ilantus surveyed seven call centres in Bangalore and to its horror found that the digital IDs of the former employees still existed, which potentially can be misused.

    But Mr D'Souza says most companies would immediately delete the IDs of the employees who are leaving them.

    Growth brings in its own pressures. Back office business is one of India's sunshine industries, growing at 30% annually. The workforce is young, loyalty is low as the young boys and girls move to greener pastures at the first opportunity.

    For most of them it's not a career option, but a good first job out of college. The workforce turnover is as high as 40%. Work from the US and Europe is pouring in thick and fast.

    Cyber squad

    Industry players admit they know security is the top priority, but they say there is no time to implement all the security measures.

    "Pune police are providing a safe environment for BPO customers from the West" Sanjay Yadav, Cyber Crime Cell

    Mr Bhura says background screening is just one of the security measures: "Internal security control has to be the most important component of the overall security system".

    Mr Singh of Ilantus too cannot guarantee a foolproof internal security system.

    "Our system is not 100%, but it dramatically reduces the risks."

    But one can take a lot of satisfaction from the fact that a relatively small city like Pune has a Cyber Crime Cell.

    The alleged fraud was committed in Pune-based Mphasis and it was busted by the city's Cyber Crime Cell.

    As Mr Yadav of the Cell says: "We have acted swiftly to bust the fraud and recovered most of the money siphoned off. Pune police are providing a safe environment for BPO customers from the West."

    Till the time the authorities come up with tighter legislations, the Cyber Crime Cells in Indian cities are the best bet.

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ... le&sid=203

    Thursday, 23 June, 2005, 13:53 GMT 14:53 UK

    Police are investigating reports that the bank account details of 1,000 UK customers, held by Indian call centres, were sold to an undercover reporter.

    The Sun claims one of its journalists bought personal details including passwords, addresses and passport data from a Delhi IT worker for £4.25 each.

    But, in a BBC interview, the worker named by the paper denied the claims.

    India's top software body said India was a "trustworthy" location and would treat the claims "extremely seriously".

    The National Association of Software and Service Companies said it would work with authorities in the UK and India to ensure criminals were "promptly prosecuted and face the maximum penalty".

    "While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare" City of London Police

    "The problem is not unique to any single nation - it is one that affects us all - and each of us has a responsibility to take on the criminals," its statement added.

    Meanwhile, India's information technology and communications minister said the government had nothing to do with the "freak" incident, and would step in only if legally required.

    The Sun alleged the computer expert told the reporter he could sell up to 200,000 account details, obtained from fraudulent call centre workers, each month.

    Details handed to the reporter had been examined by a security expert who had indicated they were genuine, the paper said.

    The information passed on could have been used to raid the accounts of victims or to clone credit cards.

    But, in an interview on BBC World Service radio, the worker said he had been asked to make a presentation about his company by someone described as an associate of the Sun's reporter.

    He said the associate then asked him to give a CD to the reporter, but that he did not know what was on the CD and did not receive any payment.

    'Reflect on decision'

    Meanwhile, a police spokeswoman said officers were not yet aware of "the breadth of what we are going to be investigating".

    "While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare," she said.

    "Consider the ease journalists had procuring private financial information and the stark reality begins to hit home" Eddie Espie, Cookstown

    Lloyds TSB, Barclays and the Woolwich banks said customer security was a top priority and they would be treating the Sun's allegations seriously.

    HSBC said it was investigating the claims but that it was too early to say whether any of its details had been involved.

    An Abbey spokesman said: "There is no evidence from the Sun story today that Abbey's customer data was involved.

    Other banks including Halifax, the Royal Bank of Scotland, NatWest and Nationwide said they did not have call centres in India, so were unlikely to be affected.

    The Amicus union said it had warned of the "data protection implications" of offshoring financial services.

    "Companies that have offshore jobs need to reflect on their decision and the assumption that cost savings benefiting them and their shareholders outweigh consumer confidentiality and confidence," senior finance officer Dave Fleming said.

    The allegations in the Sun follow the April arrests of former call centre staff in western India in April.

    They were said to have obtained passwords and then after leaving the company transferred money out of customer accounts.

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ... le&sid=202

    Last Updated: Thursday, 23 June, 2005, 13:39 GMT 14:39 UK

    Police investigating reports a call centre worker in India sold British customers' bank details have said such incidents are "relatively rare".

    But the claims follow warnings that sending such work overseas was an "accident waiting to happen".

    The Amicus union has predicted that 200,000 financial service jobs will be exported from the UK by 2008, taking every banking and personal finance customer's details out of the country.

    "It is only a matter of time before a serious crime is committed, which ruins the reputation of the British financial services industry," said David Fleming, the union's national secretary for finance.

    "'Offshoring' is an accident waiting to happen."

    And accountants Ernst & Young warned that "given the volume of offshoring that is going on and the risks attached, there will be a major regulatory failing within five years".

    Passwords revealed?

    Secret passwords were among the account details passed on in the latest incident, according to the Sun newspaper.

    These could be used to raid victims' accounts.

    But banks said their customers details are as protected in overseas offices as in Britain.

    "It must be more difficult to do background checks in a country like India"
    Paul Howard
    Managing director, DISUK

    Passwords and Pin numbers are never seen in their entirety by any workers, the British Bankers' Association (BBA) said.

    However, 17 people have been arrested in India already this year over alleged call centre fraud of nearly £220,000. Some of the suspects are alleged to have tricked customers into revealing Pin numbers.

    Some security experts have questioned whether the call centres' cheap labour costs make them more vulnerable to corruption. Paul Howard, managing director of data security firm DISUK, said: "The salaries paid to these people are not at the same level as in the UK.

    "That means that if somebody wanted to ask them to do something fraudulent, the amount of money that might be offered would have more of an impact on their life."

    "Very occasionally a bad apple will slip through the screening process"
    Ian Mullen
    Chief executive, BBA

    He also expressed concern about "the speed at which these places are being put together".

    "They are having to bring in great numbers of people - it must be more difficult to do background checks in a country like India," he said.

    US firms outsourcing work were increasingly conducting their own checks of providers' security rather than simply accepting assurances measures were in place, Mr Howard added.

    "I am quite convinced that hasn't been happening in the UK, with these call centres," he said.

    'Bad apple'

    Industry chiefs in India have responded to this year's arrests by proposing a voluntary nationwide database of call centre staff with security clearance.

    BBA chief executive Ian Mullen said: "Bank staff are thoroughly vetted wherever that may be.

    "With over a million people employed in the financial services and with any business, very occasionally a bad apple will slip through the screening process."

    "We treat our operation in India in exactly the same way in terms of how we recruit and how we monitor it"
    Royal & SunAlliance

    A spokeswoman for Royal & SunAlliance, which has predicted annual savings of £10m from basing some customer service operations and one of its seven call centres in Bangalore, southern India, agreed.

    "Our view is that this is not about where a call centre is geographically based," she said.

    "In any operation, from time to time, you get the odd bad apple.

    "The issue is about how well you recruit, and how you monitor and manage staff to minimise the risk of this kind of situation occurring.

    "We treat our operation in India in exactly the same way in terms of how we recruit and how we monitor it."

    India's National Association of Software and Service Companies said in a statement: "Any case of theft or a breach of a customer's confidentiality must be treated extremely seriously."

    But it added: "The problem is not unique to any single nation - it is one that affects us all."
    "I can because I will, I will because I can" ME

  3. #3
    Senior Member BobC's Avatar
    Join Date
    Mar 2005
    Yeah this is another thing about our wonderful outsourcing craze that bears watching. If somebody in China or India rips us off--what course of action can we really take? I just found out that to pay my Gap credit card online I have to go to some call center in INDIA to set up a special account--in other words all my personal info. I pay all my bills online, and went to ad Gap to my payees, and it wouldn't let me so I called Gap. The Gap employee told me I had to go through all this other crap with India just to hand them MONEY--and she sounded disgusted. I said so they are even outsourcing Gap credit and she said, sarcastically, "yeah isn't that great?"

    Soooo I sent an e-mail to the Gap president saying my CHECK was in the mail, and that I would be conducting no more business with a credit agency that operates offshore. They can go to hell. Why should I trust some foriegn country with my information? It's hard enough trying to catch theives HERE.

  4. #4
    Senior Member jp_48504's Avatar
    Join Date
    Apr 2005
    This is not just happening with credit cards. Banks are using it services of companies in India, Student Loan Companies like Sallie Mae, and many others. Protecting your credit is easy, never user a credit card, don’t get student loans, don’t apply for a mortgage, don’t go to college or apply for any type of loans, and don’t open a bank account....
    I stay current on Americans for Legal Immigration PAC's fight to Secure Our Border and Send Illegals Home via E-mail Alerts (CLICK HERE TO SIGN UP)

  5. #5

    Join Date
    Jan 1970
    Lonetree, CO
    piece of cake
    "I can because I will, I will because I can" ME

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts