August 16, 2005 11:17 AM PDT

Indian call center under suspicion of ID breach

An undercover operation that allegedly found customers' data for sale by outsourcers has rocked the Indian software and service industry.

The Australian Broadcasting Corporation reported on Monday that its TV program "Four Corners" was able to get hold of the personal details of Australian customers from an unidentified journalist working undercover in an Indian call center. The same writer recently helped British tabloid The Sun to buy the sensitive data on British citizens.

"The Australian samples appeared to have come from a call centre in Gurgaon," according to a transcript of the program. "The kind of details they provided was alarming--not just the names and addresses of Australian customers but also their telephone numbers, birth certificate details, Medicare numbers, driver's license numbers (and) ATM card numbers."

Special report
India's tech renaissance
Beyond offshoring, a new powerhouse is in the making

ABC did not name the call center involved, but said the provider had been hired by Switch Mobile, an Australian telemarketing company. The Gurgaon center contracted out calls made to Australians to another Indian company, Brick & Click, thus creating a further layer of insecurity, the program said. Switch Mobile has since canceled its contract with the unnamed Indian center.

The National Association of Software and Service Companies, an Indian trade body, has asked ABC to provide details of the operation so that the matter can be reported to law enforcement officials.

"Such reports emanate from 'entrapment operations,' and no person has reported any harm yet," Nasscom said. "In the absence of a formal complaint, even the enforcement officials cannot launch formal investigations and apprehend the criminals."

Nasscom said it would work with authorities in Australia and India to nab the culprits.

"Indian IT companies undertaking work for global companies contractually comply with all the requirements of the relevant privacy and data protection laws of the home country, as well as other security and confidentiality safeguards," Nasscom said. "Each of our customers must perform strict due diligence on all their vendors and ensure contractual commitments to relevant laws."

In the wake of concerns over data security in call centers working for overseas clients, Nasscom has decided to create a register of IT workers hired in call centers. At present, about 350,000 workers are employed in the business process outsourcing sector and the number is projected to grow to a million in another three years.

Prime Minister Manmohan Singh reviewed the matter recently with IT industry leaders and ordered that the Information Technology Act be amended to make it more stringent.

4 comments

Join the conversation!
Add your comment
Where's the outrage?
Reform won't happen until some major breach happens.
Posted by R. U. Sirius (745 comments )
Reply Link Flag
Hasn't there been?
Wouldn't you be shocked if your personal/credit card details were available for sale on the streets, in the hotel rooms in India (which is what the Current Affairs program actually showed being done).

Any business (AmEx, VISA, CBA etc) which outsources its customer related services (such as bill payments, renewals, statements, etc) has put your and my private data at risk.
Posted by (1 comment )
Link Flag
Risks, customer security is not a priority!
Like everything, the moment you outsource your in house data centres for cheaper independent 2nd or 3rd party access, you lose absolute control on data security. As for Visa International, those wimps, chose the cheapest option to cancel the contract, what they should have done is send in the legal cleaning team, to permanently terminate these idiots who chose to illegally accumulate customer credit card data!(after all on their contract no transaction processed= no transaction commission and each miss is a double the loss on any transaction in the form of time money processing costs et al) As for Indian Call Centres, you pays for what you get, and get what you pays for, and since they are contractors, loyalty is for the term of of the contract at best and you have no control on their standards or ethics! From what I have seen and heard the normal business ethics of Indian Corporations is that everything is for sale at the right price! Ah, cheap corporations don't you love them for following Gordon Gekko's motto "Greed is Good!" and the customer is required to pay double all the time! It does show the since corporations don't consider customer data security a priority at any point in time, legislation is now required to automatically notify customers of any data security breaches , with fines based on a percentage of corporate income(to make them more effective as no company with a multi billion dollar annual profit gives a fig for a fine of $50,000-00), and that the companies are fully liable for any personal damage costs through data insecurity!
Posted by heystoopid (691 comments )
Reply Link Flag
Same thing....in the US
There was a news item on the sentencing of a 24 year-old ex-AOL employee who sold a database of millions of customer e-mails, in the US in return for a few thousand dollars. Now, could that happen elsewhere? You bet! This is where corporate governance, security and other checks-and-balances come to play&.not a fruitless debate over outsourcing or offshoring.
- Mohan, Author: <a class="jive-link-external" href="http://www.offshoringmanagement.com" target="_newWindow">http://www.offshoringmanagement.com</a>
Posted by b2bhandshake (83 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.