Identity Theft? Yeah, That's Been Outsourced, Too
from the nothing-is-safe dept
There's been a lot of attention paid to "pretexting" -- the practice of posing as someone else in order to gain access to their personal data -- lately in the wake of the HP scandal. However, a British TV program has shown that there's more than one way to skin the identity fraud cat, as an undercover reporter was offered the personal details of 100,000 UK bank customers, stolen by offshore call-center workers. The knee-jerk reaction is simply to point the finger at outsourcing and offshoring, but they're largely irrelevant to the situation. Lax corporate security and indifferent attitudes towards data breaches certainly aren't restricted to a particular country, industry or line of work, so the suggestion that banks and other companies that allow offshored workers access to personal financial information could simply solve the problem by bringing outsourced functions back in-house is inaccurate. Quite clearly, many companies' security policies are inadequate, unenforced or nonexistent, whether for in-house employees or external suppliers, and there's currently little motivation for them to take the problem seriously. Whether data is kept internally or shared with offshore workers doesn't really seem to matter -- it doesn't appear particularly secure either way.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Public Service Ads
Doesn't any lawyer take out advertising on "identity theft" (to "help" the victims)?
Interesting. I think its possible to construe this as censorship; corporate style.
"We don't like your (news) content, so we refuse to allow you the opportunity to make money from it."
sigh. that is all.
[ link to this | view in chronology ]
Re: Public Service Ads
*shrug*
[ link to this | view in chronology ]
[ link to this | view in chronology ]
And it doesn't matter what rules you have if you don't and can't enforce them. That's one thing that is different about outsourcing - you lose your voice in the process, as you're just buying content.
And yeah, there's nothing to motivate them to take it seriously. Those who can afford to, can buy insurance against it, and those who can't afford to are poor and have no effective recourse at all. What else is new?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
do your research
[ link to this | view in chronology ]
Re: do your research
[ link to this | view in chronology ]
My job gets harder...
I do tech support for a small software company, not outsourced and probably never will be...but every time a story like this breaks, it is harder to do sales because people fear sharing credit card info and those that do the theft have an affect on us that are honest and just trying to make a living...we are also affected the other way because our security measures have to be so tight now for people making a purchase that it is acually hard for people to purchase online while we attempt to screen out the frauds. I can't say how many customer we lose because they can't confirm correct credit card info.
I know that screening employees only will catch those that have already been caught, but it is a start.
[ link to this | view in chronology ]
well
I heard a report today that said something about the Political parties having databases of voters compiled from state information systems and bought from private institutions. They were talking about how the national parties are using these databases to target voters likely to be swing votes, and contact those people to see what the issues were. They made an example and said something to the effect of 'we look for people to target with our messages, specific to them.....so, for instance, if we know this person has children, subscribes to certain magazines, goes to church regularly...
The last one surprised me, but maybe he just made a bad comparison. Are people really keeping track of who goes to church? Also, it seems like politics is just continuing to get worse, not better.
[ link to this | view in chronology ]
The problem is everywhere
I work as in house web designer for a "small" internet company (12M anual sales). I have nothing to do with sales or customer support. Yet, through our enterprise application, I can veiw every one of our 80,000 customers' credit cards infomration.
As much as I hate to say it, there does need to be a governing organization that can fine companies for lax security measures. Sure it needs proper funding... hmm... $332,319,000,000 spent so far on the war in Iraq.
[ link to this | view in chronology ]
Offshoring Issue
This, as much as the loss of decent paying jobs and loss of buying power by the middle income segment of society is why the H1B visa program and off-shoring should be curtailed. What we need to do that is pressure on our elected officials combined with a series of shareholder and class action lawsuits directed at corporations that abuse the H1B visa program and routinely off-shore as many of their corporate functions as possible.
Besides, when has the consumer or the shareholder seen more than a few pennies savings or profit from off-shoring? The savings from off-shoring and abuse of H1B visa hiring goes straight to executive bonuses and nowhere else.
[ link to this | view in chronology ]
Re: Offshoring Issue
The shareholders who are after a quick rise in value DON'T CARE about the long term viability of a company and definitly don't care about your data security (if the company gets sued a few years down the line they are going to be long gone)
Sorry but shareholders make a packet out of this type of thing as well as execs - yes pennies per share (now multiply that by a few million...)
The outsourcing companies on the program had seemingly no concept of basic security - the (also further outsourced) IT staff were stealing info on USB sticks in the hundreds and thousands from PCs where the info was stored locally (this isn't just guys writing down stuff from a screen). Perhaps if the companies doing the outsourcing removed basic things from their builds like locally stored data, the ability to plug in USB pen drives etc it would help. They probably wouldn't do this as it would be more expensive however...
Simple fact as proven time and time again is that industry self regulation does not work – corporations only care if they are caught, and in most of the cases shown on the program you’d never even know which crap corporation had ‘given’ your data away anyway
[ link to this | view in chronology ]
It's all about the economics of data theft.
It's really hard for a company to guarantee anything like this. The amount that can be made by stealing and selling customer data far exceeds what the average outsourcing company pays its workers. So long as the economics of data theft are what they are today, this is not a problem that can be solved unless the valuable data is not accessible to these workers. Depending on what tasks are being outsourced, this may or not be a viable option.
[ link to this | view in chronology ]