Private Data Sold From Indian Call Center

Matt Freman writes to mention a ZDNet article on reports that private data is being sold out of an Indian call center. A U.K. television programme, 'Dispatches', follows a 12-month investigative report on illegal privacy-related activities. During the taping of the show thousands of U.K. bank customers had their personal information sold by the staff of a call center. From the article: "Indian IT trade organization Nasscom criticized Channel 4 for refusing to show it any of the footage before it was broadcast on Thursday evening. It urged the program makers to cooperate in rooting out and prosecuting any 'corrupt' call center workers. 'The whole issue of data security is a global problem,' said Sunil Mehta, a vice president at Nasscom. 'There are bad apples in every industry around the world, and these incidents happen in India and the U.K. This is not a widespread problem in India. Security measures and practices that Indian companies have are the best in the world.'"

What can you say

[Garette]

A related atricle on BBC.
http://news.bbc.co.uk/2/hi/business/5405438.stm [bbc.co.uk]
Not every Indian is necessarily corrupt. However, even an handful can ruin the reputation of the entire bunch. The Indian Govt. has to crack down really hard on the people caught seeling the data.

PS: I am an Indian too...

It's not that it's everywhere that's the problem!

[erroneus]

It's that it is beyond the reach of local law enforcement which complicates things.

Let's say that the same crime happpens locally. Local laws are applied against local criminals. If I recall correctly, the last time this issue was discussed, "identity theft" and related fraud weren't necessarily a crime in India or at least they didn't have the same level of urgency out there. Whatever the case, there is no guarantee that the handling of these problems would reflect the same level of justice as it would locally due to disparity of law enforcement priority, communications among law enforcement, etc.

On the other hand, if we had some sort of international treaty regarding these matters, that might balance out the problem. For example, all employees of these call centers should be made to operate under the laws of the city, state and nation of the company they are representing and if they are suspected of being in criminal violation of such laws, they should be extradited to the city, state or nation for criminal prosecution.

But in my opinion, that wouldn't really be enough. These people are simply too far out of reach to be held accountable. I just feel like we're at risk having some rather critical information exported to other countries for processing where our laws and regulations do not necessarily apply. It's bad enough when it happens here on our own soil, but at least we can take SOME action against it. Internationally, it's just all the more complicated.

I watched this,

[joe 155]

last night, people were selling amazing amounts of information. One person claimed (and showed a recording as proof) to have actual voice recordings of people handing over credit card and security numbers...

Whilst this might be just a few bad apples it does make the whole sector look bad, and I'm not sure I want to be giving my card numbers to compainies who outsource so readily without checking fully what staff are up to.

Interestingly though was the response from the banks, which amounted to "so what". They really don't care. Whenever someone is a victim of fraud through these, or other, means they simply pay up and give the customer their money back, which apparently is cheaper than making sure that it doesn't happen - besides not everyone will notice, and they profit from the people who are scammed and don't notice

Banks move call centers, we pay the price.

[Trifthen]

I saw this coming last year when several banks here stated they were moving many services unrelated to call centers, out of the US for financial reasons. It would appear that people generally don't care about others, which is only exacerbated by national identity detracting from emotional identification. What does an Indian care about some schmuck from the UK? About as much some guy in the UK cares about an Indian.

Then again, it could be argued that by sending financial services to the lowest bidder, banks are encouraging wholesale fraud. It's probably a combination of many factors, these only being the low-hanging fruit. I'd like to think banks would be more responsible with our money, but apparently charging outrageous interest rates on loans and transactions isn't enough of a profit.

Re:Its the Economics, STUPID

[Anonymous Coward]

It's also a big example of "you get what you pay for". I don't care about outsourcing to india in the sense that I'm going to a lose a job (i'm good enough at what I do and confident, 2 weeks anywhere and I'll have a good job), it's that information is being sent to workers with the idea that we'll save money if we pay rajeesh only 5 cents an hour. well guess what, that means that your information is being secured by a guy making 5 cents an hour (OK I don't know exact rates) and he is far enough way that you are just a number or statistic to him. If you didn't see this coming, go outside and start bashing your head against a brick wall, cause you desperately need something to make you smarter than you are.

Re:I watched this,

[REBloomfield]

I saw it too, and realised where the three cold calls i recieved earlier this year may have originated from. I was called on my mobile by an middle eastern sounding man or woman, and told that they could move me to a much better contract, and if i was happy they could go ahead and make the change straight away as they had all the details they needed. They hung up when I demanded to know what details they had and where they got them from. Scary stuff; I'm careful with my details, and I haven't bought a mobile 'phone over the 'phone or online like most of the people mentioned.

It was eye opening for my wife, she had no idea how easy it was to commit fraud with a few card details and the CSV number on the back. She doesn't buy anything remotely, so wouldn't know better, but i was shocked that many people could be this open to potential fraud.

Re:Courts and Law

[happyemoticon]

The real question is, how are these things handled by the courts and laws of the countries in which they occur?

"The Indian prosecutors had everything they needed to throw the book at them, until they found out that the police had stapled the CDs and floppies containing the data to their forms."

(elaboration from a story I heard about Indian police a few months ago)

Re:Hmm...

[Maxo-Texas]

In an ideal world, the SE that gave a realistic estimate of 300 hours would get the contract.

In the real world, the SE who says it will take 150 hours and then extends it to 300 hours for various reasons gets the contract.

Re:Courts and Law

[hey!]

While I'm no fan of offshoring, in all fairness, it is true that data theft as described is not a problem unique to India. The real question is, how are these things handled by the courts and laws of the countries in which they occur?

I think you're almost there.

The real question is what are the risks entailed by offshoring, and how do you prepare for them? The stance of authorities in the offshore countries is just part of that.

Let's assume for sake of argument that the law in the other country is aggressive about disclosures of private data. Great, so when this happens to you, where do you find yourself?

Well, the class action suit follows, it's certain that it's going to be in this country, with your company as the target. Why? Because the lawyers aren't going to bring suit in Offshoristan, they don't even know how.

Now you can hire a law firm in Offshoristan to recover the damages you have to pay under the class action. With any luck the wheels of justice turn faster there and you have the settlment in hand to pay off your customers.

If you outsource domestically, you still aren't off the hook, but when you point the finger at the outsourcing firm, it isn't telling the plaintiffs they have to go to Offshoristan to get relief, which I think will not go over well.

Which is not to say offshoring is a bad strategy, its just that you probably need to factor in some things, like the differences in law between the countries, the means you would use to recover any damages, and some form of insurance so you're not caught in between.

Re:Hmm...

[Anonymous Coward]

There ARE lots of qualified NT admins in India, who have the professionalism and knowledge to really research this kind of problem.

Good luck finding them though, since of course the whole point of outsourcing is generally to get scripted drones on the cheap.

So yeah, it's not the country, it's the company.

Re:Hmm...

[stfvon007]

This happened to me. had an email adress that didnt get any spam and only used it for internal company communications. Emailed Leadtek one day about a part that needed a replacement, and boom, spam stars pouring in the next day.

How about fixing the source?

[AP2005]

Almost every post here is just anti-outsourcing. How about fixing the source of the problem: a few numbers (social security, credit card) are required to get anything done, and these same numbers can be used to destroy your identity. This is what makes the data so valuable in the first place. I can't believe that all the money saved by outsourcing is not enough to provide a more secure platform for online commerce. Changing laws in one country is not a solution by itself in a global economy. This will just make it more expensive to do business in that country and US/UK companies will find a call center in a place with more lax laws. A quicker and more effective solution is to hold companies liable for identity loss, so that some of their profits from outsourcing can be channeled to building more secure infrastructure.

We have to realize that this is an inevitable cost of globalization. If we believe that globalization is a good thing overall, then the first world has to adapt too. A country like India has "information services" to offer to the global market and is competing on price. How is this different from any other commodity being traded globally?

Re:How are cases prosecuted?

[CodeBuster]

What assurances does that company or its customers have that the perps are prosecuted?

It depends upon the country, but in popular outsourcing destinations, such as India, the assurance is basically worthless. The Indian court system is a byword for red tape, bureaucracy, and inefficiency that lends new meaning to the phrase, "waiting in hell for a glass of ice water". Nothing gets done without every petty bureaucrat getting his palm greased and even then it is not unusual for cases to spend fifty (50) years winding their way through the system. In fact it is so bad that families actually inherit lawsuits because the disputes cannot be settled within the lifetimes of the original parties.

Lets take a step back

[Vaibhav_Locke]

So I've heard a lot of anti-India, anti-outsourcing, anti-brown people and so on. Lets go back and clear up a few basic points, the stuff that can be readily checked by spending 5 minutes on google.

Indian call center employees aren't being exploited, they don't go through every day burning with the knowledge that Chuck from Portland makes more money than they do. People need to stop looking at this from their perspective, in America you could barely eat on $5000 a year but in India, where the buying power of one dollar is much much higher than compared to the 1st world, that's enough to comfortably put you into the lower middle class income bracket. There are people who make less than $10 a month. So nobody's doing this out of some misdirected anger at the white oppressors making them slave at their terminals, many Call Centers are Indian companies, locally managed and recruiting from colleges and universities where they can get young, educated people who are doing this as their first job out of school, anything they make is good money.

On the issue of accents: Compared to the level of English the average American high school graduate can accomplish, any one of these people could run circles around you in a literary duel, if ever there was one. We speak with accents because we're not native English speakers, we learn hindi/benglai/punjabi/gujrati/tamil as well as English, and take on the speech patterns of the language spoken most often. So, if you choose to ridicule us because of our accents, know that the average Indian high schooler usually knows 3 languages (at least 2) and can probably understand a couple more, as compared to the American kid who's struggling with his one. And guess what? I bet Shakespeare had a pretty funny accent too ...

Third, and this point has been made already but its worth reiterating, this isn't a local Indian problem. I remember 4 separate instances of large scale personal data theft in the U.S over the last year, and I don't even pay that much attention so there's probably more. So, before you break out the stones, look back at the glass walls you're in.