Identity Theft? Yeah, That's Been Outsourced, Too

from the nothing-is-safe dept

There's been a lot of attention paid to "pretexting" -- the practice of posing as someone else in order to gain access to their personal data -- lately in the wake of the HP scandal. However, a British TV program has shown that there's more than one way to skin the identity fraud cat, as an undercover reporter was offered the personal details of 100,000 UK bank customers, stolen by offshore call-center workers. The knee-jerk reaction is simply to point the finger at outsourcing and offshoring, but they're largely irrelevant to the situation. Lax corporate security and indifferent attitudes towards data breaches certainly aren't restricted to a particular country, industry or line of work, so the suggestion that banks and other companies that allow offshored workers access to personal financial information could simply solve the problem by bringing outsourced functions back in-house is inaccurate. Quite clearly, many companies' security policies are inadequate, unenforced or nonexistent, whether for in-house employees or external suppliers, and there's currently little motivation for them to take the problem seriously. Whether data is kept internally or shared with offshore workers doesn't really seem to matter -- it doesn't appear particularly secure either way.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    A Non-Mouse Cow Herd, Oct 6th, 2006 @ 10:56am

    Public Service Ads

    I realize there are dangerous keywords there, but this is a news blog, so its just kinda weird to see google inserting the public service ad....

    Doesn't any lawyer take out advertising on "identity theft" (to "help" the victims)?

    Interesting. I think its possible to construe this as censorship; corporate style.

    "We don't like your (news) content, so we refuse to allow you the opportunity to make money from it."

    sigh. that is all.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    suckerpunch-TM, Oct 6th, 2006 @ 11:26am

    Re: Public Service Ads

    Oh... You pay attention to the ads. Weird. Never occurred to me to do so.

    *shrug*

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Gordon Duke, Oct 6th, 2006 @ 11:33am

    I think part of the issue with data theft and outsourcing is that work is outsourced to areas where people work cheaper, and a lower income makes the profits from these kinds of schemes more tempting. Less tempting to risk a $60K/year job on a few $500 info sales, but if you earn $4K/year it is a siginifcantly greater benefit to risk ratio.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    A. E. Armand, Oct 6th, 2006 @ 12:02pm

    umm - you've got the numbers wrong. Unless you're a crackhead with no fence, selling a good chunk of customer info (that can be immediately used for financial fraud) is worth more than most people lowly enough to have to work with real data get even in the US.

    And it doesn't matter what rules you have if you don't and can't enforce them. That's one thing that is different about outsourcing - you lose your voice in the process, as you're just buying content.

    And yeah, there's nothing to motivate them to take it seriously. Those who can afford to, can buy insurance against it, and those who can't afford to are poor and have no effective recourse at all. What else is new?

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Neumann, Oct 6th, 2006 @ 12:14pm

    Correct me if I'm wrong, but isn't "pretexting" something that hackers and general malcontents have been using for years? Only they called it "social engineering."

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Oct 6th, 2006 @ 12:18pm

    do your research

    Do your research and outsource it to a better company, a company that gurantees that there would be no data theft.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    MV, Oct 6th, 2006 @ 1:19pm

    Re: do your research

    Riiiight. Plenty of companies in US "guarantee" that they won't let the information be stolen, that it's "private" won't be sold, etc. Yet theft still happens. The problem is that vast majority of companies in any field fail miserably locking down customer information, its a systematic problem that needs to be addressed on a larger level than individual promises.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Technical Support Biatch, Oct 6th, 2006 @ 3:46pm

    My job gets harder...

    I wouldn't at all mind seeing corporate policies regarding background checks and credit card security issues.

    I do tech support for a small software company, not outsourced and probably never will be...but every time a story like this breaks, it is harder to do sales because people fear sharing credit card info and those that do the theft have an affect on us that are honest and just trying to make a living...we are also affected the other way because our security measures have to be so tight now for people making a purchase that it is acually hard for people to purchase online while we attempt to screen out the frauds. I can't say how many customer we lose because they can't confirm correct credit card info.

    I know that screening employees only will catch those that have already been caught, but it is a start.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    foofdawg, Oct 6th, 2006 @ 3:53pm

    well

    I have to agree that this just points out how careful people need to be with their data, and protect it in the places they can.

    I heard a report today that said something about the Political parties having databases of voters compiled from state information systems and bought from private institutions. They were talking about how the national parties are using these databases to target voters likely to be swing votes, and contact those people to see what the issues were. They made an example and said something to the effect of 'we look for people to target with our messages, specific to them.....so, for instance, if we know this person has children, subscribes to certain magazines, goes to church regularly...

    The last one surprised me, but maybe he just made a bad comparison. Are people really keeping track of who goes to church? Also, it seems like politics is just continuing to get worse, not better.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Bill, Oct 7th, 2006 @ 8:41am

    The problem is everywhere

    Like the article has suggested the problem is very broad.

    I work as in house web designer for a "small" internet company (12M anual sales). I have nothing to do with sales or customer support. Yet, through our enterprise application, I can veiw every one of our 80,000 customers' credit cards infomration.

    As much as I hate to say it, there does need to be a governing organization that can fine companies for lax security measures. Sure it needs proper funding... hmm... $332,319,000,000 spent so far on the war in Iraq.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Captain Nemo, Oct 7th, 2006 @ 9:03am

    Offshoring Issue

    Theft of data and poor quality corporate data security are not problems springing from off-shoring call and support centers, but they are exacerbated by doing so. The big problem with off-shoring and with temporary H1B visa workers, even, is that it is much more difficult to pursue lawsuits against entities in foreign nations. If a domestic employee at a domestic corporation steals intellectual property or customer information and sells that information, it is much easier to pursue civil and criminal actions against the transgressor. But when that employee is a contractor from a nation such as China or India or Taiwan or South Korea or Russia where copyrights and patents are routinely ignored, it is very hard to pursue a legal action for theft of intellectual property. Similarly, there is little concern in those nations for punishing identity theft by their nationals against foreign nationals.

    This, as much as the loss of decent paying jobs and loss of buying power by the middle income segment of society is why the H1B visa program and off-shoring should be curtailed. What we need to do that is pressure on our elected officials combined with a series of shareholder and class action lawsuits directed at corporations that abuse the H1B visa program and routinely off-shore as many of their corporate functions as possible.

    Besides, when has the consumer or the shareholder seen more than a few pennies savings or profit from off-shoring? The savings from off-shoring and abuse of H1B visa hiring goes straight to executive bonuses and nowhere else.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Economics Guy, Oct 7th, 2006 @ 9:48pm

    It's all about the economics of data theft.

    "Do your research and outsource it to a better company, a company that gurantees that there would be no data theft."

    It's really hard for a company to guarantee anything like this. The amount that can be made by stealing and selling customer data far exceeds what the average outsourcing company pays its workers. So long as the economics of data theft are what they are today, this is not a problem that can be solved unless the valuable data is not accessible to these workers. Depending on what tasks are being outsourced, this may or not be a viable option.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Enrico Suarve, Oct 9th, 2006 @ 2:49am

    Re: Offshoring Issue

    I fully agree with Nemo's comments in virtually every case I have come across involving off-shoring it's done purely to increase the dividends to shareholders or create an 'artificial' rise in stockmarket value - which brings up a classic conflict of interest inherent in the entire system
    The shareholders who are after a quick rise in value DON'T CARE about the long term viability of a company and definitly don't care about your data security (if the company gets sued a few years down the line they are going to be long gone)
    Sorry but shareholders make a packet out of this type of thing as well as execs - yes pennies per share (now multiply that by a few million...)
    The outsourcing companies on the program had seemingly no concept of basic security - the (also further outsourced) IT staff were stealing info on USB sticks in the hundreds and thousands from PCs where the info was stored locally (this isn't just guys writing down stuff from a screen). Perhaps if the companies doing the outsourcing removed basic things from their builds like locally stored data, the ability to plug in USB pen drives etc it would help. They probably wouldn't do this as it would be more expensive however...
    Simple fact as proven time and time again is that industry self regulation does not work – corporations only care if they are caught, and in most of the cases shown on the program you’d never even know which crap corporation had ‘given’ your data away anyway

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This