Indian call centres sold health records, credit cards

Indian call centre staff have sold credit-card details and patient records to third parties according to reports.

An investigation by the The Sunday Times found "corrupt Indian call centre workers" sold confidential personal data of more than 500,000 Britons to cyber criminals and marketing firms.

Two alleged call centre information technology staff met undercover reporters and boasted of having 45 different sets of personal information.

The data included names, addresses and phone numbers of credit-card holders, and the cards' start and expiry dates and three-digit security verification codes. Other information being sold on related to mortgages, loans, insurance and mobile phone contracts.

The Daily Mail claimed that the information is being sold for cents and one of the consultants met the undercover reporters in a hotel room in a town near Delhi, carrying a laptop full of data.

“What's most alarming about this case is how easy it seems for call centre staff to misuse confidential information.," Marc Lee, EMEA sales director at Courion, said. 

"In this case the selling of sensitive data could have been prevented or detected at an early stage had the call centres' IT staff had effective systems in place to control and monitor user access to confidential information. Such access risk management systems should be able to control who is accessing customer data, how it is being used, where and when."

“Another effective measure to prevent insider threats would be to implement specific restrictions for copying confidential data onto USBs or other external devices, or disabling access to such information from specific locations or at certain times.”

This article originally appeared at scmagazineuk.com