A UK-based media group has unearthed a racket allegedly involved in selling credit card details of British customers in New Delhi.
In another case of data theft being traced to India, a BBC investigation has exposed activities of a criminal gang that sells credit card details of UK customers reportedly stolen from call centres in the country.
In a sting operation, BBC reporters posing as fraudsters from London bought names, addresses and valid credit card details of UK customers from New Delhi-based Saurabh Sachar, who acted as a broker to arrange the sale.
The BBC team went to India on a tip off after being put in touch with a man offering to sell stolen credit and debit card details. Two undercover reporters met the broker in a Delhi coffee shop for an encounter that was filmed secretly.
He said he could supply them with hundreds of credit and debit card details each week at a cost of USD 10 a card. After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14.
Sachar, who said the remainder would be sent later by e-mail, claimed some of the numbers had been obtained from call centres handling mobile phone sales or payments for phone bills.
The investigation were broadcast on BBC's prime time news on Thursday. Similar cases of money being illegally withdrawn in India using details of UK customers, who use their cards while making purchases physically here or through the phone and online have come to light earlier.
After the BBC team returned to UK, Sachar continued to supply card details to one of the reporters by email.
The BBC said nearly all of the names, addresses and post codes sold were valid but most of the numbers attached to them were invalid -- often out by a single digit.
However, about one in seven of the numbers purchased were active cards still in use by UK customers and their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.
The BBC team contacted the owners of these cards and warned them that their details were now being bought and sold in India. Three of the customers had, within hours of each other, bought a computer software package by giving their credit card details to a call centre over the phone.
Within hours of making the purchase, their details were fraudulently sent on to the reporters. Sachar denied any wrongdoing or illegal activity.
The software was made by Norton, which is part of the Symantec corporation.
Symantec, which launched an investigation after being informed of the the undercover probe, said the leak had come from a single source which has now been removed.
In a statement it said: "We are investigating how this incident happened and will take appropriate steps to address any opportunities for improvement in our processes. We have engaged with the local law enforcement officials in India and will cooperate fully with that investigation".
"We are in the process of reviewing all possible options to manage this third party call centre, including moving away from it," Symantec said.
Data protection lawyer Pavan Duggal told the BBC: "India is only paying lip service to data protection. We don't yet have a dedicated legislation on data protection. Until such times as India comes across with strong stringent provisions on data security we will have instances like this keep on happening."
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}