Identity Theft? Yeah, That's Been Outsourced, Too
from the nothing-is-safe dept
There’s been a lot of attention paid to “pretexting” — the practice of posing as someone else in order to gain access to their personal data — lately in the wake of the HP scandal. However, a British TV program has shown that there’s more than one way to skin the identity fraud cat, as an undercover reporter was offered the personal details of 100,000 UK bank customers, stolen by offshore call-center workers. The knee-jerk reaction is simply to point the finger at outsourcing and offshoring, but they’re largely irrelevant to the situation. Lax corporate security and indifferent attitudes towards data breaches certainly aren’t restricted to a particular country, industry or line of work, so the suggestion that banks and other companies that allow offshored workers access to personal financial information could simply solve the problem by bringing outsourced functions back in-house is inaccurate. Quite clearly, many companies’ security policies are inadequate, unenforced or nonexistent, whether for in-house employees or external suppliers, and there’s currently little motivation for them to take the problem seriously. Whether data is kept internally or shared with offshore workers doesn’t really seem to matter — it doesn’t appear particularly secure either way.
Comments on “Identity Theft? Yeah, That's Been Outsourced, Too”
Public Service Ads
I realize there are dangerous keywords there, but this is a news blog, so its just kinda weird to see google inserting the public service ad….
Doesn’t any lawyer take out advertising on “identity theft” (to “help” the victims)?
Interesting. I think its possible to construe this as censorship; corporate style.
“We don’t like your (news) content, so we refuse to allow you the opportunity to make money from it.”
sigh. that is all.
Re: Public Service Ads
Oh… You pay attention to the ads. Weird. Never occurred to me to do so.
*shrug*
I think part of the issue with data theft and outsourcing is that work is outsourced to areas where people work cheaper, and a lower income makes the profits from these kinds of schemes more tempting. Less tempting to risk a $60K/year job on a few $500 info sales, but if you earn $4K/year it is a siginifcantly greater benefit to risk ratio.
umm – you’ve got the numbers wrong. Unless you’re a crackhead with no fence, selling a good chunk of customer info (that can be immediately used for financial fraud) is worth more than most people lowly enough to have to work with real data get even in the US.
And it doesn’t matter what rules you have if you don’t and can’t enforce them. That’s one thing that is different about outsourcing – you lose your voice in the process, as you’re just buying content.
And yeah, there’s nothing to motivate them to take it seriously. Those who can afford to, can buy insurance against it, and those who can’t afford to are poor and have no effective recourse at all. What else is new?
Correct me if I’m wrong, but isn’t “pretexting” something that hackers and general malcontents have been using for years? Only they called it “social engineering.”
do your research
Do your research and outsource it to a better company, a company that gurantees that there would be no data theft.
Re: do your research
Riiiight. Plenty of companies in US “guarantee” that they won’t let the information be stolen, that it’s “private” won’t be sold, etc. Yet theft still happens. The problem is that vast majority of companies in any field fail miserably locking down customer information, its a systematic problem that needs to be addressed on a larger level than individual promises.
My job gets harder...
I wouldn’t at all mind seeing corporate policies regarding background checks and credit card security issues.
I do tech support for a small software company, not outsourced and probably never will be…but every time a story like this breaks, it is harder to do sales because people fear sharing credit card info and those that do the theft have an affect on us that are honest and just trying to make a living…we are also affected the other way because our security measures have to be so tight now for people making a purchase that it is acually hard for people to purchase online while we attempt to screen out the frauds. I can’t say how many customer we lose because they can’t confirm correct credit card info.
I know that screening employees only will catch those that have already been caught, but it is a start.
well
I have to agree that this just points out how careful people need to be with their data, and protect it in the places they can.
I heard a report today that said something about the Political parties having databases of voters compiled from state information systems and bought from private institutions. They were talking about how the national parties are using these databases to target voters likely to be swing votes, and contact those people to see what the issues were. They made an example and said something to the effect of ‘we look for people to target with our messages, specific to them…..so, for instance, if we know this person has children, subscribes to certain magazines, goes to church regularly…
The last one surprised me, but maybe he just made a bad comparison. Are people really keeping track of who goes to church? Also, it seems like politics is just continuing to get worse, not better.
The problem is everywhere
Like the article has suggested the problem is very broad.
I work as in house web designer for a “small” internet company (12M anual sales). I have nothing to do with sales or customer support. Yet, through our enterprise application, I can veiw every one of our 80,000 customers’ credit cards infomration.
As much as I hate to say it, there does need to be a governing organization that can fine companies for lax security measures. Sure it needs proper funding… hmm… $332,319,000,000 spent so far on the war in Iraq.
Offshoring Issue
Theft of data and poor quality corporate data security are not problems springing from off-shoring call and support centers, but they are exacerbated by doing so. The big problem with off-shoring and with temporary H1B visa workers, even, is that it is much more difficult to pursue lawsuits against entities in foreign nations. If a domestic employee at a domestic corporation steals intellectual property or customer information and sells that information, it is much easier to pursue civil and criminal actions against the transgressor. But when that employee is a contractor from a nation such as China or India or Taiwan or South Korea or Russia where copyrights and patents are routinely ignored, it is very hard to pursue a legal action for theft of intellectual property. Similarly, there is little concern in those nations for punishing identity theft by their nationals against foreign nationals.
This, as much as the loss of decent paying jobs and loss of buying power by the middle income segment of society is why the H1B visa program and off-shoring should be curtailed. What we need to do that is pressure on our elected officials combined with a series of shareholder and class action lawsuits directed at corporations that abuse the H1B visa program and routinely off-shore as many of their corporate functions as possible.
Besides, when has the consumer or the shareholder seen more than a few pennies savings or profit from off-shoring? The savings from off-shoring and abuse of H1B visa hiring goes straight to executive bonuses and nowhere else.
Re: Offshoring Issue
I fully agree with Nemo’s comments in virtually every case I have come across involving off-shoring it’s done purely to increase the dividends to shareholders or create an ‘artificial’ rise in stockmarket value – which brings up a classic conflict of interest inherent in the entire system
The shareholders who are after a quick rise in value DON’T CARE about the long term viability of a company and definitly don’t care about your data security (if the company gets sued a few years down the line they are going to be long gone)
Sorry but shareholders make a packet out of this type of thing as well as execs – yes pennies per share (now multiply that by a few million…)
The outsourcing companies on the program had seemingly no concept of basic security – the (also further outsourced) IT staff were stealing info on USB sticks in the hundreds and thousands from PCs where the info was stored locally (this isn’t just guys writing down stuff from a screen). Perhaps if the companies doing the outsourcing removed basic things from their builds like locally stored data, the ability to plug in USB pen drives etc it would help. They probably wouldn’t do this as it would be more expensive however…
Simple fact as proven time and time again is that industry self regulation does not work – corporations only care if they are caught, and in most of the cases shown on the program you’d never even know which crap corporation had ‘given’ your data away anyway
It's all about the economics of data theft.
“Do your research and outsource it to a better company, a company that gurantees that there would be no data theft.”
It’s really hard for a company to guarantee anything like this. The amount that can be made by stealing and selling customer data far exceeds what the average outsourcing company pays its workers. So long as the economics of data theft are what they are today, this is not a problem that can be solved unless the valuable data is not accessible to these workers. Depending on what tasks are being outsourced, this may or not be a viable option.