Confidential details of “millions” of Britons are being “stolen” by “corrupt” staff at call centres in India and sold to fraudsters for a “tuppence,” a British newspaper has claimed.
This is not the first time that such an allegation has been made. Several British companies have stopped outsourcing customer services to India and proudly advertise, “All our call centres are based in the U.K.”
The latest allegations follow a sting operation by The Sunday Times which secretly filmed two “I.T. consultants'' boasting to its undercover reporters how they flogged private information to criminals who could use it to steal potentially “thousands of pounds” from bank accounts of unsuspecting customers.
The information allegedly included names, addresses, phone numbers and credit card details down to the “start and expiry dates” and three-digit security verification numbers. Details relating to mortgages, loans, insurance, and mobile phone contracts were also on offer, according to the newspaper.
Much of the data shown to the undercover reporters were logged “within the previous three days” and involved some of Britain's biggest financial companies and banks, including NatWest and HSBC.
The data was sold often for as little as “two pence per person.”
In a front-page report headed “Your secrets for sale at 2p,” it said: “Criminals who download the confidential information offered undercover reporters a sample of credit card details and medical and financial records that could be used by identity fraudsters and unscrupulous marketing firms...One pair of data traders said they had access to 45 different sets of personal data covering up to 500,000 Britons.''
Naresh Singh, a young I.T. consultant who is said to work for two call centres, is seen on a secretly-filmed video (posted on The Sunday Times website) downloading the data on his laptop and telling the undercover reporters: “This is the kind of data that I'm talking about — 45 different types of data I can provide you…This is the information that would be in there: first name, last name, address, account, city, postcode, alternate number — that can be a mobile number, office number, any number he has shared with us — email ID, date of birth, bank name, name on the card, card type, card number, start date, sort code and CCV (card code verification) number as well ...These would be bank cards, Mastercards, Visa cards.”
The reporters, posing as London businessmen, met Mr. Singh and his business partner Vikas Solanki in a hotel in Gurgaon, home to a number of call centres. Mr. Singh offered to supply a sample for £100.
“Two days later he emailed a total of 841 records, including information on 15 credit cards and data about six people earning £15,000 a month or more. Among them was Efrain Vazquez, 69, from northwest London, who is now retired after a long career in the catering industry. When informed of the data breach, he said: It's worrying that my details can be sold to you like this by people sitting in India,” the paper said.
Mr. Singh was “just one of an army of data traders selling swathes of personal information.” Some even “brazenly” advertised their “services” on various websites.
The Indian authorities, it said, claimed that their efforts to investigate were “stymied” as companies – anxious to avoid negative publicity — did not report data theft.