Channel 4 senior reporter, Sue Turton exposes the seedy world of the trade of personal data in Indian call centres. In a 12-month undercover investigation, Turton infiltrated criminal networks which trade British consumers' bank and other confidential information for huge profits in India, the world's new call centre capital.
While the general public will probably view this as a slur on the entire offshore call centre business, those closer to the industry know that this is an issue primarily with the lowest end of telemarketing and especially within the mobile phone industry. We report on the findings on the show, explain a little bit more about how the mobile industry operates and what the mobile phone industry must do to stop us all looking bad.
In a show aired on Channel 4 on Thursday 5th October, 2006, senior reporter, Sue Turton, was able to buy bank account details, credit card numbers, signature numbers, passport and other sensitive information easily from middlemen in India.
I switched on the television just before 9pm to make the show and had to laugh as the first advert I saw was for Natwest who are the champions of UK call centres in the banking industry. However, my laughter at Natwest's clever marketing ploy was soon shocked as Channel 4 showed how the full process worked with regard to data theft in India's call centres works.
Uncovering the methods used to thieve confidential data ranging from credit card numbers to passport details, Turton exposes the alarming security failures in a number of commercial call centres which allow detailed financial data on individuals to be gathered and sold on with ease. She discovers shocking data protection breaches and a new phenomenon known as 'data farming' the unauthorised 'harvesting' of personal data to be sold on or exchanged for profit.
The show showed how the process works from beginning to end. Call centres dialling for mobile phone companies extract credit or other banking information from people they sell to which is part of a legitimate sales process. This data including credit card numbers, expiry dates and security codes is stored by the call centre and even though the data is sent through to their clients in the UK, a copy is stored on the databases at the call-centre. This data is then taken out of the call centre through a variety of methods including memory sticks. It is then sold through a network of middlemen to other clients or to criminal gangs for between 5 and 25 pounds per record. In some cases, the call centre owners are involved in the sale of this data!
What the show didn't demonstrate was the way the mobile phone industry works and why it is particularly prone to this type of fraud. The 5 major networks in the UK sell their phones through distributors. These distributors appoint retailers who range from High Street shops to internet traders. Sometimes, there are even resellers of the distributors. These resellers or retailers pay a commission to centres in offshore locations to sell their services for them. These call centres are generally small, unprofessional outfits set up by local entrepreneurs who believe the hype that they can make a quick profit out of setting up a call centre. With demand for quality staff high in India, these centres normally attract the rejects from the more established and professional centres. The centres are almost always expected to provide the data themselves and generally receive limited or no training support from the retailer. In most cases, the retailer will not have conducted any due diligence on the centre and will manage them at arm's length. Without any full understanding of the call centre industry, these centres will generally not even install the most basic of security features that you would see in the internationally run centres. Agents often have access to rewritable cd-roms, USB ports for memory sticks and mobile phones with cameras will be allowed at desks unchecked. They will have conducted limited or no background checks on their staff and will generally have a laissez-faire attitude to what is brought on to and taken off the call centre area. With limited technical capability, the data will often be at the mercy of poorly paid IT staff. However, I believe that the issue lies directly with the UK mobile phone industry starting with the networks themselves. T-Mobile have taken a lead in restricting the way mobiles are sold offshore but the other providers have been slow to follow suit. The networks have the power to ensure that their brands are correctly sold so it amazes me how they allow this to happen. The distributors are also a major problem in this area. They simply want volumes of sales. Two years, I went to see a distributor about reselling mobile phones through offshore centres. During the meeting, they told me how their process works with regard to redemption of vouchers. They offer extraordinarily low deals to consumers knowing that only a certain percentage of consumers would remember to take up the offer. They then showed us how we, as a reseller, could make this process even more difficult for the consumer to redeem their money. I was so shocked at the way the industry worked that I refused to be involved. It is now no surprise that an industry which openly suggests such policies attracts a lot of unethical resellers. The resellers and retailers are often small ventures with limited knowledge of how to successfully manage an offshore vendor. They are simply interested in volume of sales regardless of the approach taken to get them. They have absolutely no interest in their brand. However, I have always held the view that they should care as if a call centre sells a contract on behalf of a mobile retailer, that mobile retailer is responsible for the actions of the call centre and the Data Protection lawyer interviewed by Channel 4 was adamant that they are.
The mobile phone industry has to take drastic action very quickly for its sake and the sake of the wider outbound industry. I would suggest the following:
- The networks improve and effectively implement a code of practice for their distributors immediately. If necessary, they should suspend all offshore sales until this has been completed.
- The distributors develop a more effective code of practice for distance selling and do proper backgrounds checks on their retailers. They should also insist on bonds being paid by any retailers.
- Retailers should only be forced to conduct due diligence on every reseller particularly in regard to data handling. They should only be allowed to use vendors who conform to industry standards such as NASSCOM members.
- The Indian Government (and UK Government where appropriate) need to make some quick arrests. There was plenty of evidence in the documentary to make this happen.
The message the offshore industry needs to deliver is that this is isolated primarily to one particular industry and demonstrate the practical measures in place to ensure this doesn't happen.
One thing is for certain and that is that there won't be many mobile phones sold today!