Indian Call Center Data For Sale?

Guess this is a good enough case against off shore tech support.

Wonder what would happen to a US company that had this kind of security breach.

Absolutely nothing. Granted in this situation, Indians engaging in illegal activity were prosecuted, but Citibank wasn't held accountable for the problems it caused its customers in the USA. These sorts of crimes cost banks nothing because they are able to force the merchants involved to eat the bogus charges.

Of course, innocent victims of such fraud could face serious problems, even after the bank has resolved the problem for itself. Until laws are passed which ban banks from moving customer data outside of this country, this sort of problem will just get worse.

If they know, which now they do, yes, a person defrauded could hold them liable.

Meanwhile, the person defrauded might be out of a house, job or have no assets with which to pursue such a claim because the fraud robbed them of the ability to acquire such things. Said person might not even be able to drive to the courthouse because they could not afford higher car insurance premiums which poor credit scorers must pay.

I've always believe that banks are far more powerful than the US Government when it comes to restrictions on citizens. At least if the government screws up you have some recourse and a presumption of innocence. When a bank screws up, you not only have to prove the bank screwed up, but while you are trying to prove it, you might be subject to many problems due to a fraudulently bad credit rating.

The current legal system offers banks no incentive to correct these problems. Until such fraud actually hits banks' bottom line, there will be no fix.

A short stint (say 30+ years) in a Super Max correctional facility might do the trick!!!

Pnh102, I agree with you my friend.

In addition to banking institutes, this law should apply to ANY American company or corporations outsourcing detailed records to call centers or other 3rd party sources whether overseas or here at home.

In the Citibank example cited. They should be criminally and financially accountable, not only for their own (in)actions yet also criminally and financially for the outsourced companies, for each and every security breach. Apply this equally to all businesses engaging in such outsourcing activity.

We use software/hardware firewalls, to safeguard this info. Yet, in order to conduct business, the cited example are "allowed" to shut our firewalls off.? That's not right.

For what it's worth; (this is the truth)

I got a letter from "_insert_well_known_financial_instution_here" the other day.

Started off telling me that my SSN; Credit Card #; name and other personal information on a tape had been "Thrown out". It went on to say they had spent an enormous amount of resource; involving federal law enforcement and others trying to locate the missing tapes. They claim the tapes had been "compacted" and placed in a land fill. Although, it seems more likely the tape was tossed in the landfil and the compaction was likely from the "spikes" on the wheels of the compacting bulldozer.... but that's just my guess. The letter also offered a "free year of credit monitoring and some 5 digit amount of theft insurance". But to get the monitoring and insurance, I had to fill out a paper with litteraly everything in the clear then use snail mail and send it back using the included business reply letter... (just a minute I need to beat my head against the wall for a minute here...... Ahhhh.. that feels so much better )

I had a very long converstation with some folks at this corporation. (I looked up the corporate phone # because I couldn't trust the data on paper, or is it with all the bogus documents (electronic / paper) floating around I felt safer making a long distance call to a listed corp. phone #).

My conversation started off; with the first person.. I asked one simple question, "was the data on the tape encrypted"?

This poor person had to wander all around to find out (I had to explain what encryption was so he could ask the questions) and he came back saying "DUH... I dunno".

I asked if this Co was so concerend about protecting my data why are they asking me to deliberatly put my data in the clear such that it could be lost / stolen / obtained by others not authorized, and got another "DOH" kind of answer.

So I requested to speak with this persons manager and a few minutes later I was connected to their manager. When I asked about encryption I got a "that is informaiton controlled by our security department and we don't release that data." Of course; I wasn't asking if they had used blowfish; AES; DES; TDES Symetrical or asymetrical keys or key-encrypting-key technology, just if it was encrypted.... same answer.... security department... then I asked them about the security issue of putting all my data back in the clear to mail it back and the manager said, "Look, you have two choices, if you want the free monitoring and insurance; fill out the form and send it back; if you don't want it, then don't fill out the form and don't send it back."

Of course this really bent me out of shape and I requested to go up another level of management. This persons manager returned my call and I asked the same sets of quesitons. This "manager" said they didn't know if the data was "encrypted" but they would find out and let me know.

Then we talked about the issue of them claiming how dedicated they were to protecting my data and ensuring it's privacy, yet asking me to fill out a paper with all the data on it in the clear and thus exposing me again... and should the mail get lost and not delivered on time; I'd not have the monitoring nor the finacial protection...

To this managers credit, they saw the discrepency with what they wrote and the action immediately and you could hear them going (sic) "Hmmmm... there's something really wrong with the letter and what we are asking our customers to do here".. Hmmmmm..???????

Nevertheless, this person went away and a few days later returned my call... saying that the company had decided they should simply enroll everyone and provide everyone the insurance and not need any data to be returned from the customer....

So.. there's a lot of this kind of nonsense going on these days and everyone needs to be dliligent and a little beligerant to make these comanies just "DO IT" and not ask... just get these folks entolled and insured..

--edit note; had to fix a few typeo-s (they come out of cans don't they )

Glad to hear that the result of persistence worked out in your favor.

Barney, this is an excellent post and example of what's wrong with corporate America. One should not need to climb the ladder as high as you did to get favorable results.

In such an event, precautionary measures as you described should be addressed immediately by the company, with no inter-action required by affected clients.

Once the small "mom & pop" shops were put out of business, good customer relations and service went with them.

quote:

---

This poor person had to wander all around to find out (I had to explain what encryption was so he could ask the questions) and he came back saying "DUH... I dunno".

---

That would be funny, were it not true. That quote is a direct lack of direction, responsibility and leadership, starting from the top of the company right to the bottom. And it shows.

Maybe it's time BBR made a hall of shame posting forum, where people with true life experiences as yourself and others can expose corps. that leave customers exposed.

Post the companies names & addresses. Include the names of CEO's, the board of directors, stock or share holder names, who make boneheaded decisions, which compromise the clients security and the lack of respect shown toward clients.

if its a good experience, so be it, no sugar coating allowed. If its a horrible experience of clients security--then its a piss and vinegar post, warts and all.

Now is the time to nip this in the bud before it gets worse than it is. Take re-active steps from their inability of proper action and follow through. Post it all over the web from here to kingdom come and back. Then file lawsuits

The simple way to fix the issues of credit card fraud and Identify theft would be to pass laws that transfer all liability and financial losses away from the victims (the customer and the merchants) and place that liability on the banks and credit issuers who aided (albeit unwittingly) in the fraud.

Quite simply, if all of the money stolen had to be returned to the victims, and the BANKS had to eat the losses, I'm willing to bet within 6 months transaction security would have been GREATLY increased and credit card fraud and identity theft rates would be massively decreased.

This has happened a number of times. Convergys, who does the State of Florida's payroll, was having much of it's work done in India which is was not suppose to be doing because of these exact concerns. I remember about 2 years ago a banks had this happen to them in an Indian call center.
My opinion, personal information entrusted to a company should not leave that company via an outsourced group.

Well, at least they can read numbers.

Being Indian doesn't make you mentally retarded. Our number system is pretty well recognised around the world.

"Our number system"?

-tom

Ok, ok. My number system. I refuse to take responsibility for anything that's ever happened, ever, except the numbering system.

You should of asked for royalties, that was your first mistake!

And not to mention at least 5,000 years old. India has a been using numbers for thousands of years because historically nothing important happened without consulting an astrologer first. The high priced astrologers in past centuries had observational instruments who's precision was not surpassed until the recently. Does it sound like I admire the India, damn straight!

I look families in Southern India who have been temple functionaries for a thousand years or more. India has Hindu temples which where built at the same time as the Egyptian pyramids. The difference is, while the Egyptian Pyramids are in ruin these Hindu Temples have been in continuous use for all of those millennia.

Er... the Pyramids were not designed for everyday use-- in fact, they were (unsuccessfully) booby trapped against invaders. That being said, you might want to take a trip to Egypt some time because there a quite a few pyramids standing like, I dunno, the Great Pyramind of Khufu?

Been there done that. The Pyramids where just the center pieces of a temple complex, they are still impressive but are not in the condition of the Hindu temples in southern India. While the Pyramid's support structures, temples, living quarters, and kitchens are all but gone.

What I meant:

They can't fix things wrong with most American's computers is what I meant. So, it is good they can read numbers.

I can't find the video.

Remember how companies said it would save money? I guess it was to save the cash for when lawsuits will start coming.

Exactly! You get what you pay for.

Only way to force them NOT to do it..

I used to have an AMEX card. First time I had to call customer service and got India, I cancelled it.

Just like Dell, AMEX talks bout their customer service, and then gives me someone who can barely speak english when I need help (and yeah, I know they teach English in the schools in India, so this person must have been a drop out, since they couldn't be understood by anyone who didn't speak her native tongue).

Cancelled my AMEX. For the most part, I just pay cash as I go now. I have an ATM card, but no debit card connected to my checking account.

I do have a MasterCard I keep for emergency's (Like the root canal I needed 2 weeks ago) and large purchases to get the double warranty they offer.

Wonder if I get a double warranty on the root canal

If you were to travel outside the 50 states, the rest of the English speaking world wouldn't understand you either.

And I wasn't outside the United States, I was in Delaware.

If I travel outside the US, I make a point of learning the local language as much as I can. I am a visitor in another person's country, and it's the polite thing to do.

I do business with a US based Fortune 500, and pay $75 a year for the privilege, I expect the CSR to be intelligible when I call.

It's not too much to ask, and since AMEX thought it was, I voted with my dollar, and took it elsewhere..

Well done.

They just went to $85.00 per year, if you are referring to the Gold Amex..

At least he is not using his English to act like a snob.

If working 60 hours a week at 2 different jobs, and expecting good service when I spend my hard earned money makes me a snob, so be it.

I have NOTHING against any people of any decent or nationality. This has nothing to do with the location of the call center or the people staffing it.

It has to do with the death of customer service. Corporate America, has a whole, has abandoned customer service in pursuit of the all-mighty dollar.

If I called AMEX customer service, and the person was polite and intelligible, I wouldn't care that the call center was outside the US.

Conversely, if the call center was placed in the middle of New England, and I couldn't understand the person on the other end due to an overly thick accent, I would be just as miffed.

Especially with something like an AMEX card. You pay them for a service, nothing more. You get nothing physically for your money. Shit, even the damn card remains their property. If the service is bad, why keep it?

Resort to all the name calling you want. I work hard for a living, and if a company wants to earn my money, they'll have to work for it. If they do a poor job, I do the equivalent of firing them, and take my money elsewhere. If they do a good job, they get a loyal customer.

I thought that was how the free market was supposed to work....

I was referring to the individual with a vendetta against the letter 'W'.

I dislike outsourced tech support, however due to personal finances I cannot vote with my dollar in the majority of cases.

I figured that out about 10 min *AFTER* my post. Sorry.

I've been a bit terse lately, work's been stressful.

More often then not, travelling inside the 50 states, the English speaking is getting harder to understand as well.

lol yeah, go to a mcdonalds where the menus are in both ingles and espanol

Yeah, right. Now, based on that logic, I should stop visiting my local grocery store, stop getting my lawn mowed, keep my house dirty, basically end the way I'm living because I DON"T speak a word of Spanish!

Yeah that works in SOME cases... but not in others, like when SBC moved their customer support offshore to India. I mean I guess I could just turn off my phone, DSL, etc but I kinda need them. Big mistake on their part tho. They pissed off so many customers with that crap.

Hmmm...Funny...I have NEVER gotten india on a call to SBC/AT&T except late at night. During the day, I ALLWAYS get an american, usually in little rock or St Louis.

SBC/AT&T is actually pulling back their support back to the USA because it was a disaster in India.

...this could, and does, happen anywhere in the world.

Sadly, the lowest common denominator is money...everyone and everything has a price....the color of skin matters very little.

Do I really need to dig up the countless breaches of privacy that have happened to and by US firms in the US?

Data security is a global problem...that's why us IT security people make the big bucks

I absolutely can't stand the stereotypes flying about...this didn't happen because the people involved were Indian...it was because the people involved were making money!!!

Blaming this on a race is no better than offering fried chicken and watermelon to your black boss when you have him over for dinner!

Before this happened.
I remember when this off-shore thing first started, one of the reasons was security. They said 'your information will never be sold to anyone'. And besides, I don't believe there are any laws in India preventing this. Sure, there are international contracts, ethics, but when you come down to it, per that country's laws, this is not an illegal act.

What did people think was going to happen when companies from the civilized world starting giving all of our private data to indian companies?
The only good thing about this, is the lawsuit potential. If our data is sent to india, it will be stolen.(This is only a matter of time) So companies will have to weigh potential lawsuits and saving a few dollars an hour on employees vs hiring people from the countries they are in and not having all the security issues.

Looking at the bright side. Someone will have $50 million in assets transferred to their personal bank account

»www.sfgate.com/cgi-bin/a ··· 2&sc=944

Lubna Baloch sat in her office in the sprawling Pakistani commercial center of Karachi and gazed at the e-mail she'd composed.

"Your patient records are out in the open to be exposed," Baloch wrote in her e-mail, "so you better track that person and make him pay my dues or otherwise I will expose all the voice files and patient records of UCSF Parnassus and Mt. Zion campuses on the Internet."

ffs this is why I say we need to keep our personal info at home on our shores... period!

Its not going to prevent this, but certainly will reduce it...

Maybe maybe not. But when you have that info stay in america at least you can legislate what the companies can and can not do or what sort of fines/punishments will be dished out if things happen. although if you have noticed with all of the lost laptops and hacked computer networks nothing happens in terms of punishment

Naw.. that's why we need one world government