Feeds

Indian call centre credit card 'scam' exposed

Symantec renewal details end up on black market

The essential guide to IT transformation

An undercover investigation by the BBC has exposed evidence of the theft of credit card details by workers at an Indian call centre used by security giant Symantec.

A BBC reporter posing as a fraudster bought allegedly stolen but valid UK card details from a Delhi-based man, who denies any wrongdoing. Three of the victims of the scam had bought software renewals from a call centre which handles Symantec software licences.

In a statement, Symantec said it had launched an investigation into the incident, which is thought to be isolated. In the meantime it is offering credit monitoring services to the three confirmed victims.

The BBC ran a story alleging that they have purchased three credit card numbers from a call center that handles some Symantec customer transactions. Upon notification by the BBC of this situation, Symantec immediately launched an internal investigation. We are still determining the facts behind this allegation but there is no indication that Symantec's online network has been compromised.

As a precaution before we have finished our investigation, we are extending an offer for credit monitoring services to the three customers in question. As we continue our investigation, we will promptly notify any additional customers impacted by the situation and will take appropriate action to protect the interests of our customers. Any customer who believes they may have been impacted by this situation should email their contact information to: Global_Purchase_Query at symantec.com.

The BBC team latched onto the issue following a tip-off that put them in touch with a suspected credit card fence. They filmed subsequent meetings, one of which took place in a Delhi coffee shop. The BBC reporters were offered hundreds of plastic card details each week at a price of $10 dollars per card, more than double the online going rate.

Reporters agreed to buy a sample of 50 cards, receiving 14 initially at the meeting and a promise that the remainder would be sent by email later. The seller claimed the numbers were culled from call centres that handle telephone bills and mobile phone sales.

The BBC team found that the name and addresses details of card holders sold to them were consistently valid but the card numbers were invalid, usually because the supplied digits were out by one number. Around one in seven of the card details, however, were valid and referred to cards in active use by UK customers.

The BBC contacted the owners of these cards and warned them of the problem. Three of those affected had bought Norton subscriptions over the phone within hours of each other.

It's not the first time evidence of call centre fraud has been exposed by undercover reporters. Channel 4's Dispatches and The Sun newspaper have each run separate undercover operations to expose similar frauds over recent years.

Last month the Reg reported how an Indian call centre was under suspicion for using the identities of Britons to mount an insurance fraud scam.

The latest figures from banking industry association APACS, published on Thursday, show that card fraud losses reached £609.9m in 2008. Phone, internet and mail order (card-not-present) fraud made up £328.4m of this total, up from £290.5m in 2007.

Stolen credit card details are, of course, the mainstay of such fraudulent losses and why reports of fraud in Indian call centres merit attention. It's worth remembering that stolen card details come from numerous sources – skimming, hacking and mail interception being just three – with call centre-related scams probably making up only a tiny slice of the growing pie. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?