Your Credit Card info may have been SOLD by employees at Symentec

Norton Security | Norton Internet Security
1

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9130220&intsrc=hm_list

 

 

Read Article.....Your Credit Card info may have been SOLD by employees at Symentec.  Check your BILLS.

2

Okay mods, :smileywink: you've made my post look out-of-place. :smileytongue: :smileywink: The following was originally in an entirely different thread:

 

Unless you want something else to worry about, you might not want to read the following from TheRegister.co.uk Crime department:

 

Indian call centre credit card 'scam' exposed
Symantec renewal details end up on black market

 

"An undercover investigation by the BBC has exposed evidence of the theft of credit card details by workers at an Indian call centre used by security giant Symantec.

"A BBC reporter posing as a fraudster bought allegedly stolen but valid UK card details from a Delhi-based man, who denies any wrongdoing. Three of the victims of the scam had bought software renewals from a call centre which handles Symantec software licences.

"In a statement, Symantec said it had launched an investigation into the incident, which is thought to be isolated. In the meantime it is offering credit monitoring services to the three confirmed victims."

 

Sigh... :smileysad: "If it ain't one thing, it's somethin' else..." :smileywink:

 

To be fair, it's been pointed out that such call centers are probably used by more than just Symantec, so it may not be strictly a Symantec problem. Nevertheless, it affects Symantec customers.

 

Something to be said for having better wages for call-center/tech-support employees, I suppose - less temptation for them to engage in, er, 'extracurricular activities' such as stealing customers' credit card info  ("The BBC reporters were offered hundreds of plastic card details each week at a price of $10 dollars per card:smileysurprised: more than double the online going rate") or doing other rogue things (pcmag.com article).

 

I can say this much, after reading of the BBC investigation, I won't be calling Norton to plead with them to remove my credit-card info from the Norton Account (which is currently NOT POSSIBLE :smileymad: :smileysad: as I've already complained about on this forum). Instead the card is simply canceled through the bank - problem solved.

Message Edited by j2000 on 03-23-2009 07:37 PM
3

Hi Sea_Monster,

 

Thanks for the 'heads up'.

 

This issue isn't unique or new or peculiar to Symantec. While this article involves Symantec in India allegedly, the issue is something that affects everyone who uses the internet or pays for services with a credit card.

 

Presenting the article without qualification is a bit unfair to Symantec - IMHO.

 

Outsourcing call centre business has become common practice around the globe.  Low labour cost countries, like India, handle such things on behalf of private companies and even government agencies.  I live in Australia.  If I call Microsoft or DELL or ... then I often find myself talking to someone with a heavy Indian accent called 'Barry' or 'Sue'.  I've stopped giving any of them my credit card details because I am not confident that they will resist the temptation to onsell it to criminals.

 

I don't know how to discuss the issue without appearing racist.  I could not care less about race, colour or creed ... only about whether I receive good customer care and that my records (credit card, name, address etc) are safe.  These folk earn relatively piddling amounts compared to western employees however, as I understand it, they are relatively well paid by their domestic standards.  Suppose they earn $50 US per week ... how tempting do you think it would be for them to be presented with an offer of $5,000 for a batch of cards numbers and identity info?

 

In terms of Symantec, they aren't doing anything that is wildly outside the norm for many businesses: reducing operating costs to keep their product prices competitively low. 

 

Maybe we could be offered the option of buying online from a Symantec 'store' located and staffed in the US, OR from an Indian centre (or other low labour cost country) ?  If it cost more for me to purchase via a US based 'store' then I'd consider it a bargain and happily pay.  At least I would have a choice and I would never willingly choose to pay for anything via an Indian call centre.

 

Identity theft and many corporate IT security breaches are most often related to disgruntled employees - irrespective of the country of origin.  Symantec (any company) probably uses some form of encryption and monitors data access for signs of suspicious activity.  Given the huge volume of traffic it would take a while to detect a one off theft and by then, the culprit might have disappeared into a vaste population of a billion people.

 

Now, with terrorism on the rise again in the sub-continent (especially the tribal areas of Pakistan and Afghanistan) there are plenty of nutters who will happily cut off someone's head if they don't hand over this sort of information.

 

Aside from drawing our attention to this matter, what do you suggest Symantec might do about it to protect us in the future?

 

I'm not disrespecting you in any way - my question is genuine.

 

Cheers.

 

 

4

So, has Symantec performed a thorough risk analysis before they outsourced the call centre jobs? Risk to their customers and risk to their own business? This is crazy! What’s next?

5

Nice pointers…mcullet

Really there aren’t any thing SYMENTEC can do.  Even if the call centers were to move back to the USA, there will always be some “rotten apples” amongst the  “good apples”.

Every now and then we heard news of Credit Card being stolen…mind you, I was a victim too.  

Ultimately, it is the Buyer that is always the Victim.

Thank you

6

If they can do credit card fraud then selling the key provided by users can easily done.

 

:O i hope my key is not being distributed as i live in capital of INDIA and also i have provided my key 2 times asked by the employees on various occassions :O 

7
Sea_Monster wrote:
Nice pointers.....mcullet

Really there aren't any thing SYMENTEC can do.  Even if the call centers were to move back to the USA, there will always be some "rotten apples" amongst the  "good apples".


Ultimately, it is the Buyer that is always the Victim.

Thank you

Online shopping is convenient for the customer and VERY profitable for the vendors, or they would not be offering it. When a company ventures in to the online business, they must ensure customer security and privacy. Therefore, there better be something Symantec IS doing right now! 

It is the employers' responsibility to make every employee sign a pledge to keep their customers' information private, regardless of country or race.  The call centre employees are no different from your local grocery's cashier. They are not authorized to use the customers' credit cards for their own uses, are they? 

On the other hand, you are right, ultimately we, the consumers must be vigilant with our credit cards. Never give them to questionable companies. But who would have doubted a SECURITY company like Symantec? 

 

8

Hi all,

 

Certain Credit Card companies will allow you to use a "dynamic" (temporary) credit card number for a single transaction. It can be used either online or by phone. What I suggest is to check with the issuer of your Card to see if they provide this kind of service - if anything goes wrong, the original Credit Card number is protected.

 

I have used this personally, here is the USA.

 

:smileywink: