Are you worried about identity fraud? What can you do to protect yourself?
Police are investigating claims that an Indian call centre worker sold bank account details of 1,000 UK customers to an undercover reporter.
The Sun claims one of its journalist was able to buy account holders' passwords, addresses, phone numbers and passport details from an IT worker in Delhi for £4.25 each.
Is enough done to keep our identity secure? What do you to protect yourself? Have you been affected by identity fraud?
This debate is now closed. Read a selection of your comments below.
The following comments reflect the balance of opinion we have received so far:
Those of us with any IT security awareness have feared that this would happen since off shoring was introduced. The human element is always the weakest link in any security system. In a country where wages are so low, it was inevitable that this would happen.
Pete Zimmer, Halesowen, England
Working in a large bank you soon realise how every procedure revolves around budgets, headcount and personal empires. Loyalty, quality and knowing the customer are things only found in the banking museums. It is inevitable that if you take the existing mess and export it to the other side of the world there will be problems and security issues. Strange isn't it, the most successful bankers (the Swiss) don't outsource their banking.
Charles Smith, London, UK
Even shredding is not enough for the determined thief. My advice is burn all sensitive information that you don't need.
Hanif Rehman, UK
I thought the Data Protection Act prohibited companies from sending personal details off shore to countries who do not have similar data protection rules, unless they had written permission. India does not have a Data Protection Act so how do these companies get round shipping personal data to these off shore call centres?
Steve, Largs, Scotland
I can understand the call centre people having access to details like DOB, addresses etc. However I fail to understand how come they know the passwords. Password encryption should ensure only the computer knows these passwords. Banks whose passwords are known to any individual other than the account holder and bank computer deserve to be out of business. Securing passwords/pins is a very small job.
Netar Young, London
Our identity is not and never has been secure. Many people are involved in processing data, many of those are paid legal minimum wages, it would be very surprising indeed if a few of those people were not amenable to bribery. However tight the security systems are there will always be ways around them for someone with a little intelligence.
This is a piece of sensational journalism by The Sun. Lets face it, if security can be breached easily as has happened at Buckingham Palace, Windsor Castle and Heathrow Airport, it does not take a genius to get a few bank account details from a bent call centre worker. Such information can easily be obtained in the UK as well, if you target the right people.
Vijay M, London, UK
Shortly before he died my father left me sound advice worth more than all the material belongings I inherited. "Avoid credit, direct debit, stay off the internet, keep your money stashed away from banks and buy everything in cash." In the forty six years I knew him, nobody once so much as took one ill-gained penny from him!
Patrick V. Staton, Guildford, UK
Those who avoid internet banking are deluding themselves, to use the telephone and post to communicate bank issues is opening you up to a far greater risk than direct connection with a secure bank server via the internet. Phone lines are easily tapped and conversation easily overheard, post is easily lost or stolen before it even reached you. There is some fraud by bank employees and the more employees who look at your account record (i.e. each time you call phone banking) the greater the likelihood of the details being compromised. Bank call centre workers are treated like battery hens and are paid low wages, it's hardly a surprise that these hens resort to fraud! Paperless direct communication with the bank is the way forward!
Bad apples are at work everywhere, but the geographical and economic distance between the UK an India mean this type of crime is likely to be very tempting. The sooner Indian colleagues are paid the same as counterparts in the West, the better
Vince Marshall, Bracknell, UK
I just love the quote from the Police Officer: "While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare," that's great then - when my account is plundered that will be a great reassurance! So, one employee of potentially hundreds sell 200,000 identities a month and that's "relatively rare"?
Rob, Cheltenham, UK
This case is a clear reminder of the dangers of outsourcing certain jobs to other countries. Identity theft is becoming a menace. The government need to come up with stringent measures to protect the identity of its citizens. The effect of identity theft is devastating. Apart from wrecking one's credit, it takes time and even money and legal process to clear one's name. Although I have not been affected by it but minimizing the use of credit card will go a long way in protecting oneself. Also, check your credit report at least twice a year and report any unusual activity immediately. Prevention is better than cure.
Omorodion Osula, Boston, USA
I do not think that anyone will admit as to just how insecure this kind of personal information. When you consider that it is possible for a hacker to gain access to places like the Pentagon, then it becomes plainly clear that an establishment such as a bank would really present no real problem to anyone with the know-how.
Michael David Thompson, Kristiansand, Norway
Very worrying really. Given the profits the banks make, surely if they decide to cut corners and outsource to a foreign country, am I allowed to prosecute them if they lose my details in this fashion. The data protection act says that they must responsible look after data and I don't think it's responsible to locate in a country where similar rules don't apply?
Recently I had a call from my credit card company, and straight away the caller asked me for my password. I just said he could be anyone pretending to be from the CC company. However, I was able to confirm him as being above board by asking him for a couple of random digits from details that do not appear on my statement - that being my direct debit instruction. However, in the light of this article I'll instead ask for his extension number and call him back using the published phone number.
Michael, Basingstoke, UK
I think it would be just as easy for the reporter get the same information from workers in the US and the UK, if not more so.
Naeem Bari, St Louis, USA
We need to move these call centres back to British soil as soon as possible. It is absolutely outrageous to trust foreigners with our personal details. It's like leaving your passport at Delhi airport - simply asking for trouble.
Joshua Bishop, London
I feel my identity is pretty secure as no-one would want to steal it as my credit record is so bad.
Adrian Cannon, Edinburgh, Scotland
The savings companies have made in off shoring call centres is not passed onto the customer. On the other side, the number of people put out of work is passed onto the taxpayer. This ought to be considered by the government and companies financially penalised. As a customer, I now ask where call centres are placed and try to avoid doing business with ones outside the UK.
Dave, Tonbridge, UK
The EU has strict data privacy laws, which India lacks. The financial services industry has become so dependent on India that it is now almost impossible to take out insurance without your personal data leaving the EU. This is a huge risk that these companies are forcing us all into taking.
Bill, Blantyre, Scotland
Not really as long as you take sensible precautions such as shredding statements and other personal information. Online banking and the use of credit cards is NOT a source of identity theft and is perfectly safe if used sensibly (no easily guessed passwords etc). It's worth pointing out that, of the £1.3 billion the Government claims is lost through identity theft, only about £35 million would be saved by these new identity cards (at a cost of how much to set up and manage?).
I'm just grateful that my bank does not have offshore call centres. If they ever do I shall certainly take my custom elsewhere. It just goes to show how ill=thought out the whole idea off-shore outsourcing was in the first place.
Melanie, London, UK
As an IT contractor, I did a short stint with a major UK bank last year. If I could tell you what I saw, you would never put your cash in a bank ever again. Makes this call centre issue seem like small beer.
I've worked in the Financial Services and currently work in a call centre and I predicted problems with security the minute UK banks started to move business to India. It is impossible to enforce the same regulation in India as you can do in the UK. As an example, think of the prohibitive cost of sending independent auditors out to India. It's time that the FSA moved to tighten regulation and ban UK banks from using outsourced call centres abroad.
If you think your "identity" information is insecure now, just wait 'till the government introduce ID cards. All that detailed information on central government computers; it's the fraudsters dream come true!
Ron Levy, Rayleigh, Essex
This is scaremongering, xenophobic drivel. This kind of fraud can happen anywhere. Just because the Indians are gaining ground in the world due to hard work and good investment, the populist UK press is trying to beat them down. One case of alleged fraud against how many real success stories for Indian business?
Nev, Nice, France
Clearly the banks put profit before our identity - they have no need to do otherwise. If my (or your) financial identity was stolen, how could we ever prove that it was a bank's fault? The bank would always say their systems are secure and deny liability. Meanwhile they make basic errors such as allowing one employee complete access to every part of our financial data, including passwords. Rare congratulations to The Sun for exposing this.
Mark Fulford, Southampton, UK
No nothing is safe these days. I have already stopped using any bank or company that uses foreign call centres. Recently I phoned BT to see if I could stop spam phone messages and unwanted advertising but they said that if the call originated from abroad they could do nothing - this inherently means that nothing is safe or secure when you are connected to any so called service not based in the UK. I urge all UK residents to do the same so that service and trust are restored back to the high levels we had previously! What ever happened to "Customer Satisfaction ?"
Piers Catton, Blandford Forum UK
As someone who works in IT and deals regularly with security and security breaches, I can assure you that incidents of this kind are not "relatively rare", as the City of London Police claims. Most incidents are hushed by the banks/financial institutions as soon as they are discovered and never make it to the attention of the media. Incidentally, this does not happen only with the data farmed out to India, although the number of incidents from there has been steadily increasing.
F D, Woking, UK
It is almost impossible to be entirely secure although it's easy to take some basic steps. I bought a high-security cross-cut shredder and anything with my address on it goes through the shredder (it's also a great way to deal with junk mail). I don't use online banking or telephone banking. I also refuse to use a chip-and-pin card for the simple reason that it is hard to think of anything easier to crack than a 4-digit number entered on a keypad in full view of the queue behind.
John B, UK
Why aren't our passwords encrypted? I write websites that access databases, and every one of those passwords is encrypted. Why don't banks encrypt the passwords so that no one can read them, not even staff in a call centre? One-way encryption, it's called, and it works. Don't let anyone but the account holder know their password. Is it something as simple as this that could stop call centre staff accessing our accounts or selling on the passwords?
Chris, London, UK
Many of the Call centre agents in India are working just to make quick money, not to make a career out of this profession and this includes the companies who win the contract from UK/US/Europe and subcontract it to even cheaper firms. To add to this crisis, there is no reference check or background check done when these people are employed. I am not surprised that this has happened and come to light. The future of security related personal data is definitely not secure if this does not change.
Emmanuel Benjamin, Crawley, W Sussex
My bank is constantly reminding me online of ways to stop fraud (keep your user ID and password secure etc) and all the while my details could have been sold, used or whatever to anyone. Banks make money hand over fist and they should start investing more into other ways of tackling fraud besides customer negligence. My trust with online banking has now sunk to a very low level!
Rob Davies, Cardiff, UK
I was recently in Central London and found a box of mortgage applications on a busy pavement. It appeared to have been thrown out with the rest of the rubbish. Finance companies must take more care of their data. I have handed details to the FSA and hope they will take action.
For every advancement in this day and age there is an advancement in the criminal world. We have to rely on other people sat behind computers more and more to be in control of our identities. Having worked in buildings with call centres, and seeing some of these people and their incompetence with a PC, it scares me that these people handle my finances. It is only a matter of time before the speed of our technological advancement crashes and burns due to criminal minds and companies' lack of care to the matter.
Gareth Brook, Wakefield, West Yorkshire
I think a shredder is a good idea. I trust no one, I watch where my card goes when I hand it over in restaurants, I challenge any institution I phone (banks and the like) when they first try to identify who you are, I stop them and refuse when I know all I want to do is ask a general question not relating to my business with them. I also suggest getting your credit list from the credit agencies, you'll be surprised by what accounts you think where closed when they're not, which means that company can use your details. Don't sign up to any competitions or freebees, as your details or partial details are often sold on (even if you do tick the box). Don't take store cards of any type, they only increase your details exposure.
Robert Bahrani, London, UK
I think "identity fraud" needs legislation to clarify that it a problem for the banks, not for us. I know who I am. It is up to an organisation dealing with me to do their due diligence and identify me properly. If they fail, and give money to a stranger, that should be their problem. But if the government introduced legislation clarifying this point, there'd be no excuse for their ID cards obsession.
Simon Richardson, London, UK
The more we rely on electronic data in our everyday lives, the more we lose control of our ability to protect ourselves from impersonation. This is an unfortunate result of the technology that is meant to make our lives easier - it also makes it easier for the criminals to take from us. ID cards will make this easier too. I mean, let's face it, what with international terrorism and drugs money, it shouldn't be too easy to forge these new means of proving 'Civis Brittanicus Sum'
Billy Mcilroy, Glasgow, UK
I have had an issue with my bank acct whereby £4,600 was put into my bank account by the Royal Bank of Scotland and within a few days was withdrawn. I suspected that a fraud had been committed against me and that someone had also been able to obtain my details from the bank. It turned out to be human error or so they told me. Even though I have requested a full investigation my bank manager tried to fob me off and have not heard from them since even after they verbally offered me £100 in compensation even though the stress and worry it caused as I'm not well paid and cannot afford any costly errors like this they seem to be quite good in keeping their customers in the dark. A good example of the bank causing the problem themselves but given what has transpired with the banks involved it makes me wonder if there is something more sinister going on that I'm not being told.
Norman Birch, Birmingham, England
One of my credit cards was hacked to the tune of $500/£311 five years ago, and people have pretended to be from one of the banks named in the article which I bank with. I'm not changing my bank. The Sun's public service was to ensure the fault lies with the banks' own security procedures so users cannot be blamed. They'd have to pay up in the event of successful hacking.
Ken, London, UK
Having twice been the victim of identity theft, I am even more concerned following the ease with which the Sun's journalists obtained personal information. It seems that the banks and credit card companies are accepting the costs as an occupational hazard - but for how much longer? The police do not want to get involved, and the financial organisations refuse to offer any details as to how the crime was committed. Surely there will come a time when the cost of reimbursing and investigating identity crime will be passed on to the customer. On a lighter note - now that we are all (quite rightly) paranoid and have been lulled into a false sense of security, all the identity thieves have to do is set up a business making shredding machines and hey presto! Legitimate income and big profits!
Ron Slugend, London, UK
After almost 13 years in IT moving into a senior data architecture role, the conclusion I have drawn is your electronic identity data is no more secure than your home is to a thief. Yet in terms of law enforcement and detection of cyber crime very, very little is being done in the UK. With the now global nature of insurance and banking call centres, security is diminished. In terms of protecting yourself, the best way is to always ask yourself 'Why do they need to know this?' This is especially true with on-line website registrations. Usually, information on lifestyle choices together with your address is worth a small fortune to marketing companies. As for bank and credit card statements... the best way to protect yourself is a £30 paper shredder. Most identity theft is by thieves raiding bins outside your home. Joining the telephone preference service will immediately make you aware of cold-callers. Also in the case of telephone banking services, changing your password once a month will help.
Mike, London, UK
I feel that my identity is reasonably secure, if only because I take sensible precautions - I shred receipts and I avoid online banking like the plague. The problem is, as we are seeing here that as long as there are links in the banking chain that can be corrupted then identity is never truly secure. The solution will lie only with the banks, who must invest even more in ensuring that this sort of thing is impossible. Either that or we all need chips implanted in our hands to replace bank cards etc!
Jim, Birmingham, UK
The banks and other businesses have engineered this situation through sheer greed. They move call centres etc to third world economies for cheap labour, does it not however occur to them that the price of bribing personnel has fallen dramatically also. In such an economy, what would be considered a paltry incentive in the West is a huge return for leaking information to fraudsters. I will be asking my bank/credit card/ insurance etc if they use overseas centres, if so I will be looking to move to one that does not.
I'm against UK jobs being lost as banks move call centres to India, but I'm sure a Sun reporter could quite easily obtain account details of customers from a call centre in the UK.
No, our identities are never secure. The issue of identity theft coupled with the ransacking of bank accounts using stolen user information is huge. The banking institutions insist that their systems are secure. But they would say that wouldn't they. They are hardly likely to admit that your money could be accessed by someone else using the same technology that the banks use themselves. Anyone who works in either banking or IT, and I do, will tell you that no system is secure. To make matters worse, these same banks then allow call centre workers in countries where the labour is cheap to administer customer accounts. I for one will not bank or do business with any company, bank or utility company that allows its call centres to be placed overseas.
Bryan McGuire, Warwick
This story highlights the problems with information security particularly outside of Europe where the Data Protection Act does not apply. UK institutions should not be allowed to farm out this data abroad.
Ken, North Tyneside
Identity theft will always be with us. Now that we have established a culture where personal details must be transferred from one place to another in order to secure payments, access information or make use of services, we're paradoxically more vulnerable to identity theft than we were in slower, less advanced times. The precursor to the Cashless Society has reduced us to no more than information (Chip and pin technology, anyone?), and information stored in computers by human beings will always be subject to theft. Biometric information won't deliver the safety from identity theft it promises - it will just force the ID thieves to new levels of ingenuity.
Tony, London, UK
Having experienced identity theft and the refusal of the police to deal with it, yes it does scare me. It's seen as a victimless crime as normally the big businesses end up paying.
Simon Mallett, Maidstone, UK
This is the very reason we should not have identity cards with all our personal details on. To those who do not object to ID cards because "I have nothing to hide" you will have exactly nothing to hide because it will be freely available fraudulently!
I've been the target of (unsuccessful) ID fraud at least twice. For one of those attempts someone had raided my dustbin and stolen a credit card statement and phone bill before calling me pretending to be from my bank. I've now bought a shredder and destroy everything, even junk mail. If you remember that banks never call you and ask for confidential information you should be alright.
With so much at stake everyone should be concerned with identity fraud. Consider the ease journalists from the Sun had procuring private financial information complete with passwords and the stark reality begins to hit home.
Eddie Espie, Cookstown