Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Your Rights Online

Offshored Identity Theft 292

Travoltus writes "The threat of increased misuse of consumer personal data by offshore criminals was first made publicly known with the UCSF Pakistani medical transcriber scandal. Then, in a logical progression of events, it was discovered that foreign criminal interests were offering money to offshored call center workers to surrender consumer data. Now that threat has been realized: Offshored call center staffers at Mphasis BPO have allegedly stolen £200,000 using United States customers' personal information. It is believed that Indian police reacted swiftly to catch the thieves, but only £12,000 has been recovered so far, and it is not really known who orchestrated this theft or where the rest of that money is now. It is also unknown as of yet how much of a mess this has created for the U.S. citizens who were victimized. Let's hope that the people whose information was stolen don't have to go through what other identity theft victims have to endure, to clean up their good name."
This discussion has been archived. No new comments can be posted.

Offshored Identity Theft

Comments Filter:
  • I don't get it (Score:5, Insightful)

    by gowen ( 141411 ) <gwowen@gmail.com> on Tuesday April 12, 2005 @08:48AM (#12210797) Homepage Journal
    Why is identity theft by foreigners considered more scary that identity theft by Americans. I'd bet you $100 that the vast, vast, vast majority of credit card fraud on Americans is committed by their fellow countrymen[0].

    [0] Or women.
    • Re:I don't get it (Score:5, Insightful)

      by gonk ( 20202 ) on Tuesday April 12, 2005 @08:51AM (#12210811) Homepage
      It is hard to enforce U.S. law on foreigners.

      • by Anonymous Coward on Tuesday April 12, 2005 @08:57AM (#12210867)
        <troll>Yeah? Well it's pretty hard to enforce international law on the US.</troll>
      • Re:I don't get it (Score:5, Informative)

        by gowen ( 141411 ) <gwowen@gmail.com> on Tuesday April 12, 2005 @09:01AM (#12210898) Homepage Journal
        But the Indian police have already arrested the perpetrators. If you want to extradite them, I'm sure the Indian authorities will be glad to let you have them (seriously, it's probably more hassle than its worth to process them themselves, with the US peering over their shoulders.)From TFA
        "Distressing as this incident has been, it is a sad but realistic fact that no system can be 100 percent foolproof. The deterrence of prompt action is, therefore, critical," Karnik noted. "In this context, the proactive efficiency and the prompt success of the police reinforces the reputation of India as a country with a strong legal and enforcement framework."
        Contrary to some people's opinion, the world outside the US is not a lawless desert.
        • Contrary to some people's opinion, the world outside the US is not a lawless desert.

          The original poster was just stating a fact. If a criminal who is a UK citizen flees to the UK (a law abiding country), it's still much harder to find them and extradite them than if they remained in the US. And frankly IMHO, the only reason this crime was prosecuted was because it harmed greatly the reputation of the Indian firm running the call center.

          Having said that, the problems mentioned here didn't magically app

      • So, is identity theft and/or fraud not a crime in these countries? If not, then why on earth are businesses offshoring this sort of work there? If so, then what's the problem? Either way, they'll be treated as the criminals they are.
        • Re:I don't get it (Score:4, Interesting)

          by khallow ( 566160 ) on Tuesday April 12, 2005 @10:08AM (#12211376)
          The question isn't whether identity theft and/or fraud is illegal (though that may be a problem here), but the matter of enforcement as a deterent. Frankly, it's a lot easier to get away with crimes when they cross national borders. Don't steal too much at a time and you'll probably be safe.
      • Re:I don't get it (Score:5, Interesting)

        by WIAKywbfatw ( 307557 ) on Tuesday April 12, 2005 @09:09AM (#12210962) Journal
        So you think that the Indian authorities would be soft on this sort of crime because the victims aren't Indian citizens? Please.

        If anything - and I speak with a great deal of personal knowledge about the country having travelled there many times - they're probably more vigilant about crimes against westerners than they are about crime in general.
        • China (Score:3, Insightful)

          by Lifewish ( 724999 )
          IIRC, it's very very hard for foreign companies to get Chinese companies prosecuted. India may be very law-abiding; be aware that that isn't a universal trait.
        • If anything - and I speak with a great deal of personal knowledge about the country having travelled there many times - they're probably more vigilant about crimes against westerners than they are about crime in general.

          I don't see your point. A western tourist or businessperson mugged in the neighborhood can put a lot more heat on a police force than some vague group of people who may never set foot in India.

          • What makes you think that their wouldn't be pressure on the police force from politicians concerned about the negative impact of such incidents?

            I think - actually, I know - that they'd be very concerned about the potential for lost jobs if these incidents weren't properly dealt with as well as the potential bad publicity that they bring.
    • Re:I don't get it (Score:5, Interesting)

      by cthulhuology ( 746986 ) on Tuesday April 12, 2005 @09:00AM (#12210895) Homepage
      Identity theft by foreign thieves is scarier because the US legal system and police systems alone aren't sufficient to track them down. International crime has jurisdictional issues, and you have no guarantee that the authorities in whatever country you're dealing with will cooperate, or even have the means to do so. This isn't an "outsourcing is bad because foreigners can't be trusted" problem, it is a "outsourceing is bad because the same rules that protect US customers need not apply". Anything that makes getting away with identity theft easier / harder to prosecute makes the situation worse.
    • I don't consider the story to be that the info was stolen by foreigners but that it was an organized setup and operated as such.
      With it being done this way it should of been made a story(not on /.) no matter where it happened.
    • Not if they are smart. Not that all criminals are genius, far from it. But even an idiot knows that getting caught is a factor. Now if you live in Nigeria what are the chances that someone making a complaint will get a warrant issued for your arrest. And if the warrant were issued Big F'n Deal! Try serving an arrest warrant in Nigeria issued from the US. NOT GONNA HAPPEN. So it is a big deal when the crime is occuring from other countries because we can arrest any nimrod who abuses access here (see t
    • Sources say that somewhere between a quarter and third of illegal credit is done by spouses or parents of underage children(*).

      (*) DOB not verified in many credit card applications, so its easy to get cards in children's name.
    • Because, as stated in the article, it is more difficult to apprehend the offenders when they live in foreign countries.
  • by Anonymous Coward on Tuesday April 12, 2005 @08:50AM (#12210804)
    Please fill in you credit card number, social security number, date of birth, mother's maiden name and your password to all you most important information below:
  • by VanillaBabies ( 829417 ) on Tuesday April 12, 2005 @08:50AM (#12210808)
    The worst part about stuff like this is that the system is set up in favor of the person stealing the information. There are what seems to be very few safeguards to prevent the theft of someone's information. However, when it's time to clean up the mess, those responsible for it, including companies that were mishandling the information, are nowhere to be found. Thus leaving the victim to spend excessive amounts of time and money clearing their "good" name. Just proves the only person watching out for you is yourself, so be careful who you trust.
    • by Anonymous Coward
      I don't really care about identity theft If some one steals my identity and trashes it I'll just go and steal a new one :)
      Seems to be an easy thing to do.
  • Ownership Society (Score:2, Interesting)

    by bigtallmofo ( 695287 )
    This is one of the biggest problems that I see with our apparently inevitable slide toward an ownership society [cato.org].

    The plan as I read it is to offshore everything with the thought that we'll still own the capital and intellectual property that people who do the actual work will be dependent on. I think incidents like this shine a spotlight on why this kind of thing won't work in the long term. What happens when the people who do the actual work (and that you're throwing the equivalent of scraps to) decide
    • The plan as I read it is to offshore everything with the thought that we'll still own the capital and intellectual property that people who do the actual work will be dependent on. I think incidents like this shine a spotlight on why this kind of thing won't work in the long term. What happens when the people who do the actual work (and that you're throwing the equivalent of scraps to) decide they don't like your arrangement?

      That's not the only thing wrong with the "ownership society".

      Even if it works, t
  • by egyber ( 788117 ) on Tuesday April 12, 2005 @08:53AM (#12210834)
    Putting the focus on the fact that the thieves were working in outsourced operations is beside the point. The necessary assumption for this story to make sense, is that these off-shore workers steal more money from Americans than other Americans do. While I don't have statistics in front of me, I highly doubt that the off-shore theft problem is even comparable to in-house work. Big deal, some people stole a relatively small sum of money... it's only news because those "evil Indians" are taking all our jobs and are now stealing our money too!
    • Why is it a "necessary assumption" for this "story to make sense" that off-shore workers are stealing MORE money from Americans than Americans are stealing?

      Let's assume that Americans steal a billion dollars a year from other Americans in identity theft. Under your theory, it's would not be news that Indians are "only" stealing a million a year. Heck, under your theory, it wouldn't be news if Indians were "only" stealing $999,999,999 a year. Exactly how does THAT make sense?!
    • by YrWrstNtmr ( 564987 ) on Tuesday April 12, 2005 @09:11AM (#12210972)
      No, it's not 'slightly ridiculous'. It's a new wrinkle in the identity theft schema.

      People know about id theft here, and try to combat it in their personal dealings. And some people don't trust offshore companies, so they don't deal with them. One less avenue for your information to be screwed with.

      Now, the homegrown companies you deal with and trust are making that decision for you. Releasing your info offshore, and you have no knowledge of it, and can't prevent it. And can't fight back.

      Is offshore ID theft a big problem? No, not yet. Much smaller in terms of actual losses. But it is a whole other way to get screwed over.

  • by Transcendent ( 204992 ) on Tuesday April 12, 2005 @08:54AM (#12210841)
    "They took er jerrrrbs!"

    Though, this time it's not as simple as preventing the future from happening.
  • Its the LAW! (Score:3, Insightful)

    by Anonymous Coward on Tuesday April 12, 2005 @08:55AM (#12210852)
    The real reason for not wanting my personal information to leave this country is that I have more faith in the laws of my country to be able adequately deter & punish the folks who commit these sorts of crimes. I don't think that non-US citizens are any more or less good people, but they may have less of a deterrent to do the right thing.
    • Re:Its the LAW! (Score:4, Interesting)

      by erroneus ( 253617 ) on Tuesday April 12, 2005 @09:33AM (#12211115) Homepage
      ...and the fact is, we already have so little control over our personal information, that I have to concur with the assertion.

      Is it nationalist or racist? I don't know really. I just don't want all of my information out of control. It shouldn't be legal to sell personal information in the first place. "Credit history" and like information has become a very abused business and falls neatly within the predictions of disaster by the people who protested this system decades ago. Has it improved our lives? Our economy? Anything?

      It made rich people richer and citizens into 'consumers.'
  • by JonToycrafter ( 210501 ) on Tuesday April 12, 2005 @08:56AM (#12210859) Homepage Journal
    "stolen £200,000 using United States customers' personal information"

    £200,000?! I smell a rat. What kind of Americans keep that much British money around?
  • by Rude Turnip ( 49495 ) <[valuation] [at] [gmail.com]> on Tuesday April 12, 2005 @08:58AM (#12210872)
    "Keep your friends close and your enemies closer."

    Closer, in the instant case, meaning the same continent or at least someplace where we can capture and prosecute the fsckers.
    • at least someplace where we can capture and prosecute the fsckers.
      They've been caught. There's an extradition treaty in place. There's no will to extradite because, in the grand scheme of things, a theft of $400,000 is not worth the paperwork. The Indians will punish them, and I can guarantee to you the conditions in Indian prisons make US prisons look like holiday camps.
  • Whoe's responsible? (Score:5, Interesting)

    by cpn2000 ( 660758 ) on Tuesday April 12, 2005 @09:00AM (#12210890)
    I think a good deterrant to these things would be to make the company who owns this data take responsibility if it gets in the wrong hands. While this does not solve the problem, companies will be more wary of who they do business with if their neck is on the line, it wont simply be a question of awarding work to the lowest bidder.
    While offshoring of these type of jobs may be inevitable, I would expect companies to be damn sure of what they are doing if they are handing my personal details to a third party, especially one outside the US

    While dealing with identity theft happening within the US is bad enough, it would be a nighmare trying to sort this out when it happens overseas.
    This does not mean that people outside the US are any more (or less) dishonest than within. But when you try to track down criminals in another country you are essentially at the mercy of the police in that place, and there may be no way of compelling them to help ... i.e you are essentially at their mercy.

    • Say my visa company is broken into and my personal info (ssn, mothers madien name, etc.) is copied by the perps in say India. Now, a year or so later, some dork in Easter Europe is using my personal information to get credit cards, home loans, whatever. How do I know that the personal information compromised through my visa company was used to assume my identity? It could have just as easily been someone who patiently taped together my shreaded documents or some other company with my personal information th
  • by JonTurner ( 178845 ) on Tuesday April 12, 2005 @09:00AM (#12210892) Journal
    That's all that matters to upper management -- savings. Now, with many offshoring efforts only yielding 10 or 15% savings, what does an event like this do? It blows any potential savings, resulting in a net loss. Nice going, Mr. Shiny Hair And Teeth Strategic-Thinker!

    Now, this question is directed at those big-shot CIOs who troll here, let me ask you something (feel free to reply as ACs). How much money does something like *this* cost your precious bottom line? And when it happens again, then what? What could possibly happen that would make you think "Gee, maybe our technical staff shouldn't live on the other side of the world and work for somebody else (including our competition)?" Or does that even matter?

    Yeah, yeah, I know... Fugeddaboutit, it's purely rhetorical. I realize that employment horizon of the corporate ruling class is only as far ahead as their golden parachute payout. I'm sure you'll find a way to blame these failures on somebody else, Mr. Executive, and your replacement can implement a new strategy for cleaning up the mess.
    • Yeah, but it's not like you can exactly boycott some of these companies. If your company's HMO happens to used an outsourced medical transcription outfit, not much you can do about it even if you were made aware of it. If your hospital or bank use one, it's unlikely that they would even disclose that information to you, even if you tried to pry it out of them. For that matter, how many of the companies that don't outsource that kind of work employ background checks or demand security clearances? None, I'd b
  • by Anonymous Coward on Tuesday April 12, 2005 @09:01AM (#12210903)

    "The threat of increased misuse of consumer personal data by offshore criminals was first made publicly known with the UCSF Pakistani medical transcriber scandal"

    As a Pakistani, I am somewhat offended by the incorrect assumption made here. The medical transcriber was not paid for her work. She then "threatened" to release the medical data of various patients. Desperate mesure for sure, but she really didn't have much recourse. She couldn't take them to small claims court in Pakistan or something like that. Does this make her a "criminal" as suggested by the story? I hardly think so.
    • The true criminals where the Gringos that outsourced the transcribing job to a Pakistani, knowing that she would have no legal means to demand the just payment for her work. From her point of view, the medical records had been abandoned by their former owners, I suppose, so the laws about abandoned property should apply. I don't know what are such laws in Pakistan, but "finders keepers" is the norm in most places.
  • Sounds familiar (Score:5, Informative)

    by smooth wombat ( 796938 ) on Tuesday April 12, 2005 @09:04AM (#12210928) Journal
    This story sounded strangely familiar so I did a quick check and sure enough this previous story [slashdot.org] covers essentially the same information.

    Maybe it's not the same story but both stories originate from Pune, India and both deal with employees of a call center transferring money in the amount of Rs 1.5 crore.

  • by micron ( 164661 ) on Tuesday April 12, 2005 @09:08AM (#12210957)
    There is a remedy for handling this in the future for US citizens. We need to push our legislators to enforce it, which is obviously hard to do.

    US Corporations are legally (criminally and civily) liable for the accuracy and protection of data that they collect on US Citizens.

    This then needs to be negotiated into international treaties.

    This would make a given company think twice about what information it really needs to be collecting, and how it will be protected. If the company wishes to outsource work, fine, that needs to be disclosed, and the company still remains liable for the protection of that data.

    There need to be laws, and the laws must have teeth. This is a "service" that companies are carrying out "in the public trush." They need to be penalized for violations.
    • US Corporations are legally (criminally and civily) liable for the accuracy and protection of data that they collect on US Citizens.

      Well, these are US companies who are doing the outsourcing. They are already responsible and need to be held liable under the rules they are already subject to. When companies that outsource and end up with breaches start getting sued, they'll either have to stop out-sourcing or put better controls on things.

      This then needs to be negotiated into international treaties.


      • You are correct in that US companies are already outsourcing, and they are already responsible and need to be held liable under the rules they are already subject to.

        The problem is that we think that they should be held liable, and we think that they are already responsible.

        For a proof of this theory, try getting inaccurate data removed from your credit report. Darn near impossible without a lawyer getting involved. The reporting companies. If they were liable for mis information, I would imagine that dat
        • If a company is going to be permitted to outsource your personal information to a country, then I as a consumer want to be sure that the country my data is in has some notion of criminal inforcement for theft and fraud related to my personal information. We have similar policies in place for defense department work today.

          I think that is better served by restricting where and under what circumstances data can be exported to, otherwise every time a company tries to outsource to a new country, you're going to

  • I wonder how long before class action lawsuits arise out of this. It seems reasonable to assume that outsourcing and offshoring of this sensitive personal information would be a risky practice and could even border on negligence.
  • I'm surprised that there haven't (atleast to my knowledge) been any lawsuits on this matter. From what I can tell, non of the companies that have offshored their business have had their customers sign some sort of release waiver.

    I for one know that if I ended up in such a situation, without the knowledge that my private information was being handled by a 3rd party and that I suffered losses as a result I would sue the ass of that company!

    Maybe until this sort of thing starts to happen we won't see much ch

    • Ever read the EULA 'shirk'-wrapped piece of butt-wipe that you have to go through in order to use it?

      Did you just click through in order to get to the software?

      Are you sure it was just some provisions on the software. How about not holding the bank responsable for identity theft related problems...? For all you know, you've already bent over and told 'em to start fuckin...
  • Stuff that cannot be easily stolen via some simple data transfer or bit level copy over a network.

    For example, own gold, silver, Real Estate, Automobiles, etc. Pay for these things... do not use credit cards, only use cash. Place the titles/proof of ownership in a safety deposit box at the bank and give your lawyer and next of kin copies as well. Now, let's see some foreign guy steal your ID... who cares?
    • by iggymanz ( 596061 )
      hahah, good luck getting a even a mediocre job without showing some ID, and probably being subject to a credit check. So I'd agree with you that it would be great to live that way, except we don't have a free society in which to do it.
    • Because YOU'LL have to pay them back.

      ID theft is bad enough (believe me, I know first hand,) in one country with one set of laws and one court system.

      Trying to clear up foreign debts may be beyond the ability of anyone. And with the bankruptcy laws being tightened, you may get served with papers from Lower Slobbovia that you knew nothing about and that will have you reaching for a tall glass of 'Kool-Aid.'
  • by Anonymous Coward on Tuesday April 12, 2005 @09:29AM (#12211089)
    On behalf of American Identity Thieves Workers Union I would like to strongly protest against this clear
    loss of jobs of American people!

    Indian identity thieves steal our, American thieves jobs and endanger our true American way of life!

    I honestly believe that our government should do something about it!
  • by mixy1plik ( 113553 ) <mhunt@eciLAPLACEn.net minus math_god> on Tuesday April 12, 2005 @09:31AM (#12211102)
    We need better access to our credit reports. FOR STARTERS. I'm entitled to ONE free report PER YEAR but I have to write 3-4 seperate letters, mail them, and wait? This is unacceptable. We should have FULL access to our credit reports from all the bureaus for free. I don't want to line Suze Orman's pockets and shell out $50 every time I want my reports from all the bureaus. Identity thieves move fast, and we move slow. This is really frustrating. I'm in the process of buying a house, and I'm fiercely protective about my credit being checked as it lowers it a few points every time. (Another thing I think is stupid.)

    We need more control over our own credit reports, since advancing our lives is completely dependent on them.

  • by Aumaden ( 598628 ) <Devon...C...Miller@@@gmail...com> on Tuesday April 12, 2005 @09:56AM (#12211283) Journal
    Despite what some have said, this isn't about foreigners being untrustworthy. This is about good ol' fashioned greed.

    Imagine US call center workers... Let's say they make ~$35K/year.

    How much do they need to be offered before they'll break the law? 2x salary? 3x? more? Remember, the workers are withing US jurisdiction and will probably be identified. It needs to be enough money to "get away." Let's say 3x salary.

    $105K (3x salary) is almost 30 percent of what the thieves stole.

    Now, export that job to someone getting paid $8K/year and it not only makes it cheaper for the company outsourcing the work, it also makes it cheaper for the thieves. 3x salary would only be 6% of the take.

    And, it may not even require that much money. Being overseas places the call center staff well out of US jurisdiction. Unless the offense is something particularly vile, nations (US included) will generally protect their own.

  • I realize there are bad people everywhere, and I also realize Indian police are cracking down on this. It still makes me nervous that the outsourced data and theft is outside the U.S. legal system and recourses to the vicitims is about nil.

    So with that in mind, when is some credit card company and bank going to advertise that they guarantee all your data will remain within the U.S. and not be outsourced?

    Someone does that, I'll switch to them. I don't care if their rates are not as competitive. I'll pay

  • by dmarx ( 528279 ) <dmarx@hushma[ ]com ['il.' in gap]> on Tuesday April 12, 2005 @10:24AM (#12211499) Homepage Journal
    You get what you pay for.
    Do you honestly think that somebody could actually go unpunished doing what the Pakistani woman did with confidential medical records in the US? Offshoring has turned into a race to the bottom. I think that companies that put their customers' information at risk by sending it to places with lax privacy laws should be subject to a tax of 50% of their total earnings. The funds of this tax will be used to help ID theft vitctims get their lives back together.
  • It is impossible to get cheap good stuff. Period. Everything of quality costs money in this world. Take a look at everything from cars to clothing: once quality starts to rise, so does the price. "Cheap" Hondas are no longer cheap (but reliable). I pay a bit more for good service from Speakeasy because I enjoy fast ticket resolution (if problems exists) and talking to Bobs, Marrys and Johns from the United States.

    If customers are willing to accpet cheaper goods, they should be willing to accept lower quali

  • East India? (Score:2, Interesting)

    by aalu.paneer ( 872021 )
    East Indian police

    What is East Indian? Is there a Red Indian police? West Indian police? Who wrote this? Do people still live in world of "East Indian"? Wake up and learn respect.

"For a male and female to live continuously together is... biologically speaking, an extremely unnatural condition." -- Robert Briffault