Symantec plans to end call center relations amid data leak investigation
by Steve Ragan - Mar 27 2009, 16:00Thanks to a BBC investigation, one without any legal questions or arguments, Delhi-based Saurabh Sachar has been filmed selling hijacked credit card information. The interesting aspect is that the card numbers apparently came from a call center, from where they were harvested during telephone orders for Symantec products.
Sachar, who denies any wrongdoing, was filmed taking money in a coffee shop in exchange for a list of credit and debit card accounts. The account information, which was valid for the most part, contained names and addresses but some of the card account numbers were off by one digit, the BBC reported.
When the account holders were contacted, three told Beeb reporters they had just purchased Symantec software over the phone -- giving credit to Sachar’s claims that the account details he was selling came from Indian call centers. Symantec called the incident isolated, but tracked it to a single source within the e4e call center, based out of Bangalore.
"We are investigating how this incident happened and will take any appropriate steps to address any opportunities for improvement in our processes," Symantec said in a statement.
"We have engaged with the local law enforcement officials in India and will cooperate fully with that investigation," the broadcaster added. "We are in the process of reviewing all possible options to manage this third party call centre, including moving away from it."
On Wednesday, Symantec said that for reasons it would not disclose, which are unrelated to the disclosure of account information, it was in the process of moving information to a new vendor.
When confronted with his actions, Sachar said the filmed money exchange involved nothing illegal; the reporters had borrowed money and were just paying it back. As for the paper list given to them after the money traded hands, that was simply a list of directions and a "kind of balance sheet," he explained
Police are sill investigating the matter and no arrests have been made at time of publishing.
Instances of 'card not present' (CNP) fraud, which account for half of all online fraud, grew by 13 percent in 2008, reaching a total of £328.4 million GBP or 54 percent of all card fraud losses, according to recent research by the UK payments association Apacs.
Want regular updates from The Tech Herald? Follow us on Twitter.
Comment on this Story