-------- Original Message -------- Subject: Bruce Schneier on indian call center leaking credit card data Date: Mon, 27 Jun 2005 01:20:34 +0530 From: suresh@private (Suresh Ramasubramanian) To: declan@private CC: dave@private http://www.theregister.co.uk/2005/06/23/indian_call_centre_fraud_probe/ The Sun organized a sting where they caught a call center employee selling credit cards. This is hitting the headlines with the usual stories about the dangers of outsourcing. Bruce has a refreshingly different, and accurate, viewpoint, as always - srs http://www.schneier.com/blog/archives/2005/06/indian_call_cen.html June 24, 2005 Indian Call Center Sells Personal Information There was yet another incident where call center staffer was selling personal data. The data consisted of banking details of British customers, and was sold by people at an outsourced call center in India. I predict a spate of essays warning us of the security risks of offshore outsourcing. That's stupid; this has almost nothing to do with offshoring. It's no different than the Lembo case, and that happened in the safe and secure United States. There are security risks to outsourcing, and there are security risks to offshore outsourcing. But the risk illustrated in this story is the risk of malicious insiders, and that is mostly independent of outsourcing. Lousy wages, lack of ownership, a poor work environment, and so on can all increase the risk of malicious insiders, but that's true regardless of who owns the call center or in what currency the salary is paid in. Yes, it's harder to prosecute across national boundaries, but the deterrence here is more contractual than criminal. The problem here is people, not corporate or national boundaries. Posted on June 24, 2005 at 09:35 AM _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Mon Jun 27 2005 - 06:59:09 PDT