PDA

View Full Version : Corrupt Indian IT bank workers selling YOUR bank details !



eliquant
23rd June 2005, 08:13
Corrupt outsourced Indian IT bank workers selling YOUR bank details for personal gain !!

HSBC and BARCAP were amongst the data leak centres and how can (the long arm of the) UK laws extend over there ? oh dear.

www.thesun.co.uk/article/...24,00.html (http://www.thesun.co.uk/article/0,,2-2005280724,00.html)

cooperinliverp00l
23rd June 2005, 08:22
Meant to of sold at a discount price of £3 per person.

They would of lost out on my account paying that much. I keep all my money in biscuit jars and old whisky bottles

widgetdance
23rd June 2005, 08:24
Dont know why it has taken the papers so long to bring this story to the surface.

I reported this problem here some 18 months ago :hat .

I happened to be chatting to a guy reponsible for security for a major credit card company who were debating pulling their offshore ops for this very reason.

Lucifer Box
23rd June 2005, 08:28
Too right, if anyone should be selling on your banking details it should be corrupt UK banking staff. This off-shoring of corruption has got to stop.

Cooper, please learn the difference between "of" and "have" - you're starting to sound like a Yank and we wouldn't want that. ;)

Lucifer Box
23rd June 2005, 08:40
I happened to be chatting to a guy reponsible for security for a major credit card company who were debating pulling their offshore ops for this very reason.
Was their conclusion "as no one knows about it, who cares?"

That might bite them in the bum if it's revealed they knew it was a problem but did nothing.

cooperinliverp00l
23rd June 2005, 08:50
Lucifer i'm practising for my American Journey in 11 days time. In another 4 days i will stop eating in preperation for the all you can eat restruants. hmmmm elastic jeans here we come

TonyEnglish
23rd June 2005, 08:53
The first time I went there I spent 3 weeks eating huge steaks and showing the yanks how to properly 'binge drink' The net result was over a stone added in weight.

Lucifer Box
23rd June 2005, 08:56
Are you going down the "howdy y'all", "yo my man" or the "praise de lawd" route?

Ardesco
23rd June 2005, 08:59
and peoaple are surprised by this???

Surely everybody knows that India is ruled by bribery and corruption.....

DimPrawn
23rd June 2005, 09:35
Not selling my bank details as I'm with the Nationwide, staffed by nice Swindon people. :D

DimPrawn
23rd June 2005, 13:56
Snippet from the BBC:

Other banks including Halifax, the Royal Bank of Scotland, Nationwide and NatWest, said they did not have call centres in India, so were unlikely to be affected.

Meanwhile, the Amicus union said it had warned of the "data protection implications" of offshoring financial services.

"Companies that have offshore jobs need to reflect on their decision and the assumption that cost savings benefiting them and their shareholders outweigh consumer confidentiality and confidence," senior finance officer Dave Fleming said.

The Sun claims one of its journalists bought personal details including passwords, addresses and passport data from a Delhi IT worker for £4.25 each.

The centre worker reportedly told the Sun he could sell up to 200,000 account details each month.

So all you Barclay, HSBC, Lloyds TSB customers. Your security is worth exactly £4.25. You have been warned.

starchaser1234
23rd June 2005, 17:08
i'm with Nationwide - with no call centers in India.

i suggest to you all that you should seriously think about switching to them.

DodgyAgent
23rd June 2005, 17:54
As Lucifer said. What is the difference between Indian workers selling data and UK workers selling it?

DimPrawn
23rd June 2005, 18:02
Corruption is a way of life in India, plus EU has laws covering data security, where as India has no such legal protection.

Plus £4.25 is probably a yrs salary in India.

It's up to the customers at the end of the day. I voted with my feet and only use financial companies that perform all work onshore.

Lucifer Box
23rd June 2005, 18:34
Has to be said, these are p1ss poor back office systems that allow call centre staff to view customers' passwords. Not even a DBA directly editing the database should be able to view a password, never mind a phone answering gimp.

DBNO
23rd June 2005, 19:55
phone answering gimp.

Racist idiot.

DimPrawn
23rd June 2005, 20:18
http://www.ropeofsilicon.com/Images/people/r/rickygervais.jpg

"shame, racialist" (nods head, looks to camera).

Alf W
23rd June 2005, 20:20
This all smacks of a story The Sun were trying to find but couldn't.

You could probably find someone to sell you dodgy account details down any decent British Inner City boozer.

As for Passwords - not usually revealed in their entirety to Call Centre workers.

Passport and Driving Licence details - not held by banks.

Finally, if it were that easy, do you not think some Eastern European gangster gang would have cleaned up already before The Sun thought of it?

DimPrawn
23rd June 2005, 20:22
Are you trying to insinuate that Britains favourite newspaper, champions of free speech and unswaying supporters of the New Lie could be themselves, be lying?

Lucifer Box
23rd June 2005, 21:18
Racist idiot
WTF?

DimPrawn
23rd June 2005, 21:48
DBNO std reply.

E.g I spoke to a fcuking idiot in a call centre in India.

Response - Racist.

Or, the software dev has been done in India by complete idiots.

Response - Racist.

etc.

TinTin
23rd June 2005, 23:06
Went and got the Sun today for the first time in ages just to read about this. Apparently it's not what it seems to be. Firstly the details appear to have come not from a specific bank's customer database (after all Barclays, RBS/NatWest, HBOS/Halifax and Nationwide haven't 'offshored' to India yet, as opposed to Lloyds/TSB, HSBC, Capital One and others that have) but from payments made from UK customer accounts held in whatever bank/building society, together with proofs of ID, passwords, etc.
To me it sounds like an insurance co db rather than a bank which has taken payments from UK accounts and credit or debit cards. Take one guess (biggest group that has changed its name so many times, no one knows what it is now) for the culprit.
Bad or amateurish journalism in this case, however it's done the trick and more to the point Alistair and Tony have read it (first paper they read in the morning). Hope it results in thousands of cancelled policies for the (hope they reveal it) culprit company.
While we are at it, let's all stop eating Indian for a month (OK, a week) from the dubious takeaways all over the UK. I suppose this might be considered racist (What does DBNO think ?)

Alf W
23rd June 2005, 23:15
Barclays have.

And they got Accenture to their dirty work and Offshore a load of Development roles as well.

All at it.

mcquiggd
24th June 2005, 00:07
A couple of comments....

"What is the difference between Indian workers selling data and UK workers selling it?"

At least some of the money will probably stay in the local economy.... well at least UK Plc will get some tax back on it. I reckon Gordon Brown will want to legalise burglary - but institute a windfall tax per bag marked 'Swag' and 500% VAT on eyemasks.


"Passport and Driving Licence details - not held by banks."

Not so sure about that - virtually everything I have had to do recently - signing a contract, opening a bank account, selling my house - has involved sending a copy of my passport. This was to 'comply with new money laundering / anti terrorism legislation'.

My Irish flatmate had to take her passport, and proof she had a tenancy agreement from me, as well as her past bank statements, letter from her employer etc to open a current account in the UK. And she is obviously a UK citizen.

Reminds me of the time I went to the London passport office, and being the only obviously English person there, was subjected to 45 minutes of questions while people who couldnt speak english were guided to desks where three people sat who spoke most asian languages and had no problems getting it all sorted in 15 minutes.

xoggoth
24th June 2005, 00:53
Valid points from dim and mcq in response to typical bollox on this particular subject from DA. I have to admit that generally DA does not talk bollox sensibly on other subjects, but makes some intelligent comments in a totally bollox way.

Seems long time since you were on here mcq. I know I keep confusing you with that other Mc something whose father lived in Dis and kept ending with "Vote BNP" but perhaps you are not. Or possibly a character in the Simpsons who looks like Arnold Swartznegger. My wife looks like Arnold Swartznegger too, so that makes it statistically much more likely. Sorry about that, I am getting a bit senile these days. Who is?

Lucifer Box
24th June 2005, 08:05
DBNO std reply.
Thanks DP. Means I can hold the "au contraire, some of my best friends have spoken to members of an ethnic minority" reply for another time.

DodgyAgent
24th June 2005, 08:06
My point xog was that the report about Indian data theft was very very biased. It omitted to say whether the problem of theft was entirely due to bank accounts being managed offshore. I was merely questioning whether this information could have been stolen just as easily by corrupt UK workers.

If that is the case then it does not matter where the call centres are. The issue is a lack of security. Most tabloid stories are "spun" in order to create a reaction rather than give an objective view on what is happening.

Such reports obviously appeal to you lot because "offshoring" is hitting your rates though benefitting companies that use them.

Lucifer Box
24th June 2005, 08:26
If that is the case then it does not matter where the call centres are
Low paid people in countries with slack or non-existent data protection laws are, in theory, easier to bribe than those who are better paid and/or know the penalties can be harsh. If both UK and Indian staff are equally corrupt, it clearly wouldn't be as easy in the UK as it would cost you more money to prise the information off them.

MarillionFan
24th June 2005, 08:36
I worked on a set up for a telco some years back and they stored in their Oracle Database the addresses, dob, age, maiden name, password, security code etc of each punter and the credit score it produced.

Nothing encrypted and access could be gained to the relevant tables using any Call Centre Advisors login through a DSN from the CRM!!!!

Scandalous.

Pst
25th June 2005, 07:28
Too right, if anyone should be selling on your banking details it should be corrupt UK banking staff. This off-shoring of corruption has got to stop.
The guy in the UK can be apprehended by the UK authorities as opposed to corrupt Indian Police.

Bundaberg Bum
25th June 2005, 11:07
This is good for us contractors.

The story is spreading around the world and like shite, it will stick to the blanket and be hard to remove. Even if it keeps our rates up for a pound an hour for another year it is a result.

There have been threads on this before on this forum but they were shouted down by the reactionaries or ignored.

I hate to sayit BUT .........

"I TOLD YOU SO !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"

Banks stand and fall on TRUST. If you cannot trust your bank it is finished as a financial entity .

============================================
www.theaustralian.news.co...02,00.html (http://www.theaustralian.news.com.au/common/story_page/0,5744,15722573%255E2702,00.html)

India at centre of credit fraud fear
Brad Norington and Richard Gluyas
June 25, 2005

GUARANTEES that Australian companies can guard against credit card fraud have been undermined, with the revelation that confidential details of 1000 people were stolen from a call centre in India.

As Australian businesses follow a global trend to outsource jobs to call centres offshore, the theft of 1000 British bank and credit card details from a call centre in Gurgaon, a suburb of Delhi, posed a new problem for data security.

Currently, the Australian-run operations of American Express, AXA and Citigroup use call centres or data processing bureaus offshore for their local customers.

Telstra, Optus and some banks such as NAB are also making the move to outsourci

ng, although services are limited so far to information technology, data processing or some customer sales work.

Revelations about the heightened risk of international credit card fraud came as up to 130,000 Australians were to be told their credit card data had been compromised and that they would be given the chance to cancel them as the nation's banks begin a mass mailout.

The Australians are among 40million card holders whose details were accessed via a breach at a US processing facility late last year.

Banks were only notified of the breach at CardSystem Solutions last week.

There is currently no legal requirement in Australia for companies to disclose to consumers if financial services are being provided or if financial data is being held offshore.

Australian companies using offshore services confirmed yesterday that India, where most overseas data-entry work is performed, did not have legislation to enforce protection of confidential information. However, they insisted that strict screening procedures were used for staff employed in offshore call centres, access to information was restricted to individual transactions and Australian laws were applied in all operations where sensitive data was handled.

The manager of a call centre in Gurgaon, a suburb of Delhi, told London's The Times newspaper that it was simple for workers to steal data if they were technically minded or held a managerial position with greater access.

Precautions such as denying data-entry staff access to pens and paper or cameras were futile when data could easily be copied and removed.

An alleged middle man in Gurgaon, Kkaran Bahree, sold 1000 British bank and credit card details to an undercover newspaper reporter and said he could gather up to 2000 a month.

National secretary of Australia's Finance Sector Union, Paul Schroder, said the trend towards "offshoring" work presented customers with a new security risk of fraud.

Mr Schroder said Australia was following a worldwide trend because of the cost reduction from cheaper and available labour in countries such as India and the Philippines.

A spokesman for American Express said the company used Australian laws for its operations in India, which meant there were the same security conditions as those that applied locally.

A spokeswoman for AXA said the company had turned to India for some "back processing" that was subject to the same laws as Australia.

National Australia Bank said a breach of security that occurred in the US had been "resolved", mainly because it had not detected a single case of fraud since February. A NAB spokesman said cardholders were only exposed to possible fraud if they had travelled to the US and swiped their cards during a transaction. i

mcquiggd
25th June 2005, 15:52
"A spokesman for American Express said the company used Australian laws for its operations in India, which meant there were the same security conditions as those that applied locally."

Erm, how do they manage that then? Id love to be able to go abroad and declare myself subject to British law and immune from local laws - 24 hour drinking in Saudi!

"National Australia Bank said a breach of security that occurred in the US had been "resolved", mainly because it had not detected a single case of fraud since February."

Oh, so 'I havent detected a criminal' means no criminals exist.... the Met should try that one....

DBNO
26th June 2005, 14:22
Lets face it I would n't trust m details with anyone associated with India, even the ones who live over here.

Vetran
26th June 2005, 14:30
Big surprise hire people on 80p an hour and expect them to be honest in the face of a years salary - a bit like traffic wardens.Now it depends how the Indian government reacts to this, I imagine they will impose strong data protection laws with hanging as the minimum punishment.

If it were New Lie they would admonish all the bank's customers for being so careless and impose a new data protection tax on all UK based companies.