Monday 2 December 2019

How data outsourced by firms lands with fraudsters

How data outsourced by firms lands with fraudstersNOIDA: The recent unearthing of a fake call centre that targeted Flipkart and Myntra customers has once again brought to fore the damages data breaches can cause.

From offering fake jobs, insurance policies, holiday packages and huge discounts on online shopping to siphoning money from bank accounts, mushrooming fake call centres in Noida are increasingly becoming hi-tech to dupe gullible people. And such scams thrive mainly on data leak from “official and non-official sources”, say experts.

In fact, in the past two years, over 30 call centres have been busted in Gautam Budh Nagar, most of which were based on data leak. Cyber crime experts suggest that data leak can happen via multiple sources and dark markets where data of online shoppers, life insurance companies, portals etc are easily available.

They stress that the primary reason for data theft is outsourcing of data by online shopping websites to third party customer care entities, from where it could be used for illegal purposes. Experts also say that online shopping websites need to own the liability as Section 76 of the IT Act makes the custodian of the customer data liable for action in case of any breach.

According to Gautam Kumawat, a cyber security expert who works with different police departments and criminal investigative agencies, individual data has become the “new oil”.

“Data is the new oil. Data in bulk and of all types is available everywhere. In case, someone wants to get data of credit card/debit card users, online shoppers, those with salary less than Rs 50,000, voters in a particular area. Ask for it and you can get all sorts of data in the data market,” he says.

“While there are many agencies which make use of individual data for multiple purposes, there are many players who simply sell it off at cheaper rates,” he adds.

How does data get leaked?

“When you check into a hotel/restaurant/grocery store etc, they ask you for your phone number. This data goes to the retail chain or the company concerned. But this data gets leaked by mainly two sources from the parent company. Either the parent company hands over the data of their customers to a third-party vendor for different purposes or someone from the internal team of the company tends to sell it off,” Kumawat explains.

Cyber crime expert Rakshit Tandon, who works with the UP Police in cyber crime cases, agrees. “Most private companies, including shopping websites, tend to outsource the data to a third-party vendor. Usually it’s a mole in the vendor or the company itself, that can sell off private data of customers to a criminal.”

“The moles are either bribed by the criminals or has a partnership with the criminals concerned. At times, there is a percentage of the profit sharing that comes into play between the seller and the buyer of data,” he adds.

However, experts say that while avoiding data leakage is not possible for the customers, it is for the respective companies to own up responsibility.

“There are black markets in Delhi, where data is easily available. But the question, how it reaches them? The parent company is liable for the data leakage as per Section 76 of the IT Act. They should ensure security of their customers’ data,” says Prof Triveni Singh, SSP of Azamgarh in UP.

1 comment:

  1. Great blog. All posts have something to learn. Your work is very good and I appreciate you and hopping for some more informative posts. STO PR Agency