A BBC sting operation has exposed a criminal gang in India that sells credit card details of UK customers, reportedly stolen from call centres in India.
A BBC sting operation has exposed a criminal gang in India that sells credit card details of UK customers, reportedly stolen from call centres in India.
In a sting operation, two BBC reporters posing as fraudsters from London bought names, addresses and valid credit card details of UK customers from New Delhi-based Saurabh Sachar, who acted as a broker to arrange the sale.
The BBC team was in India after being put in touch with a man offering to sell stolen credit and debit card details. The reporters met the broker in a Delhi coffee shop for an encounter that was filmed secretly.
He said he could supply them with hundreds of credit and debit card details each week at $10 a card. After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14.
Sachar, who said the remainder would be emailed later, claimed some of the numbers had been obtained from call centres handling mobile phone sales or phone bill payments.
The investigation was broadcast on BBC’s prime time news on Thursday.
After the BBC team returned to UK, Sachar continued to supply card details by email.
The BBC said nearly all of the names, addresses and post codes sold were valid but most of the numbers attached to them were invalid — often out by a single digit. However, about one in seven of the numbers purchased were active cards still in use by UK customers and their owners could have been subjected to fraud if the cards had fallen into the hands of criminals.
The BBC team contacted the owners of these cards and warned them that their details were being bought and sold in India. Three of the customers had, within hours of each other, bought a computer software package by giving their credit card details to a call centre over the phone. Within hours of the purchase, their details were fraudulently sent on to the reporters. Sachar denied any wrongdoing or illegal activity.
The software was made by Norton, part of Symantec corporation. Symantec, which launched an investigation after being informed, said the leak had come from a single source, now removed.
“We are investigating how this happened and will take appropriate steps to address any opportunities for improvement. We have engaged with law enforcement officials in India... We are in the process of reviewing all possible options to manage this third party call centre, including moving away from it,” Symantec said.
Data protection lawyer Pavan Duggal told the BBC: “India is only paying lip service to data protection. We don’t yet have a dedicated legislation on data protection. Until India comes across with strong stringent provisions on data security we will have instances like this.”
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}