Friday, June 24, 2005

Card Sharks

Getting a call from Citibank cards is like getting called to your school principal's office. Most of the time, not a pleasant experience.

Well, in the backdrop of the current Sun expose on Indian BPO employees selling credit card information, I have my own little experience to recount.

Citibank: Ma'am I'm calling from Chennai to inform you your card has been 'compromised'.

By whom, what, where - she wouldn't say. But Visa has put my card - which has not been used for many months now - on a watchlist. And so it is being replaced.

Global gichpich
Identity theft and card fraud has become a massive global 'business'. As a report by Tom Zeller in the New York Times dt Jun 21, 05 reveals:

"Want live in premium hotels? Want own beautiful girls? It's possible with dumps from Zo0mer." A "dump," in the blunt vernacular of a relentlessly flourishing online black market, is a credit card number. And what Zo0mer is peddling is stolen account information - name, billing address, phone - for Gold Visa cards and MasterCards at $100 apiece.

It is not clear whether any data stolen from CardSystems Solutions, the payment processor reported on Friday to have exposed 40 million credit card accounts to possible theft, has entered this black market. But law enforcement officials and security experts say it is a safe bet that the data will eventually be peddled at sites like iaaca.com - its very name a swaggering shorthand for International Association for the Advancement of Criminal Activity.

... The Federal Trade Commission estimates that roughly 10 million Americans have their personal information pilfered and misused in some way or another every year, costing consumers $5 billion and businesses $48 billion annually...

A patient criminal will wait until the day a victim receives a billing statement. "That way you have a full 30 days" before the victim is likely to look over his account again, explained one frank tutorial collected by the F.B.I.


What's more, it's estimated that only about 5 percent of cybercriminals are ever caught. And this is one area where IT pros from Russia and eastern Europe are far bigger dadas than Indians, working in BPOs or otherwise.

I am - in no way - condoning apna BPO employee's actions. But supply exists because there is demand.

In this case, it's not like the Sun reporter stepped out of Indira Gandhi airport and was offered stolen credit card numbers. He went looking for people to sell it to him. And yes, there he succeeded.

I am sure British call centre workers may also have obliged the reporter - had he cared to try. Although not for a paltry 4 pounds a piece!

As Steven Spielberg's Minority Report so imaginatively depicted it, there will always be a black market for identities. Today it's credit card numbers, but if and when we go biometric - it could be fingerprints and retinas...

5 comments:

  1. Atleast one major credit card information scam is reported every month and I don't know why the Indian incidents are blown out of proportion. Indian BPO's have already taken necessary measures like disabling webmail access.

    The British press is obsessed with such exposes, they did a similar thing with the Heathrow airport security few months ago.

    ReplyDelete
  2. Hi..
    I read your blog regularly.
    I find it very interesting and fresh.
    Keep it up.
    My blog is http://anildigital.blogspot.com

    ReplyDelete
  3. Anonymous7:36 PM

    True- where there is demand, there is supply.

    Frankly papers like Sun have no locus standi. They thrive on "sensationalism" aka our own Times of India.. Hence it is very difficult to verify the authenticity of the same information. I wanted to refute the same on my blog- Rashmi is right about the fact that there are enough willing britons to do the "needful" for the same amount of money.

    Credit cards are unneccesary headaches. Why even bother to own one to be at the risk of all? Plus, there is no word from any independent organisation as to the security measures adopted by banks. Despite their claims, it is open secret that Indian Companies pay scant attention to security online.

    Lets wait and watch as to how things evolve.

    ReplyDelete
  4. Anonymous9:14 PM

    ITs so true that whenever such an incident happenes in india it is talked about a lot all over ( not just in india)..... Indian BPO workers have become scapegoats in this regard...I work in a BPO firm and prior to this company i was in a inbound calling process .... the section which has the most problems with these jobs coming to india are employees of the corporates who outsource t india.. and not the end-users of the product... which is primarly coz they dont care if their calls are being serviced in India or elsewhere..however if the BPO employees dont realise the data protection issues associated with their jobs...this feeling would change very soon .. coz these actions affect the end users directly...

    Prateek
    http://prematurearticulation.com

    ReplyDelete
  5. Stealing identities in the age of biometrics, like you pointed out? Eerie thought isn't it?

    Whose identity would YOU want to steal? (hypothetically speaking of course)

    http://phoenix2100.blogspot.com

    ReplyDelete

Disqus for Youth Curry - Insight on Indian Youth