BBC Buys Compromised Credit Card Details from India

BBC reporters have bought valid stolen credit card details from a man in New Delhi, India. The cards are thought to have been leaked from Indian call centers, including one handling Symantec software license renewals.

Acting on a tip, a team of undercover BBC reporters flew to India to meet Saurabh Sachar, a man willing to sell details of credit and debit cards belonging to UK citizens. The broker offered to provide hundreds of credit card details for a price of $10 a piece.

The reporters agreed to acquire information on 50 cards and 14 were supplied to them on the spot. The rest were sent later via e-mail. The Delhi-man specified that the details had been obtained from call centers handling payments for international companies.

According to the BBC, the details of one in seven cards that they had received were completely valid. The rest also had valid names, addresses and post codes, but the credit card numbers were off by one digit.

When notifying the card owners that their information had been compromised, the reporters learned that three of them made a purchase from Symantec and supplied the details over the phone. These purchases had been made only hours before the reporters bought the cards in India.

A Symantec representative noted that the company launched an investigation into the incident and that it was offering free credit monitoring services to the affected customers. He also said that the call center had been identified and that this was most likely an isolated incident. The IT security vendor is considering ending the business relationship with the center.

"As we continue our investigation, we will promptly notify any additional customers impacted by the situation and will take appropriate action to protect the interests of our customers," a statement reads. The authorities in India have been alerted and are also investigating the case.

Meanwhile, the man who sold the credit card details to the BBC reporters is denying everything. He claims that the reporters owed him money and that the document filmed on tape was a balance sheet. He has also denied supplying any information via e-mail.

Outsourcing might save companies money, but it also poses a great security risk for customers. This is because countries that are heavily used for outsourcing do not have data protection laws nearly as strong as the U.K. or the U.S. In fact, according to a local lawyer, India does not have any legislation dedicated to data protection.