Insider fraud at call centers is becoming a common problem. Can you imagine the wealth of personal information available to lurking fraudsters? (All it takes is one deceptive person with the right access credentials, and voila! You have a scam and a bunch of angry victims.) According to an article on BankInfoSecurity.com, eight co-conspirators didn’t just imagine the plethora of personal data available, they allegedly took advantage of a prominent phone company’s database and participated in a huge fraud scheme that left its victims calling for help.
The story states that the alleged fraud scheme involved an employee of a call center which handled direct sales and customer inquiries for a major phone company. As a result of his position, the employee had access to customer information including names, addresses, email addresses, phone numbers, Social Security numbers (SSN), birth dates, credit and debit card numbers and passwords. (It’s a fraudster’s dream! What more do you need for a scam?)
Here’s how the scheme worked, according to the indictment. The call center employee and another defendant allegedly provided additional co-conspirators with enough personal information from the call center files to allow their names to be added as ”authorized users” on victims’ credit, debit and bank accounts without the knowledge of the account holder. (This should seriously make you cringe. Yes, it could happen to you too.) These ”additional users” then purportedly received their own personal debit or credit card which was linked to the victims’ accounts. (And, as you might guess, there were probably a few shopping sprees that took place.)
So far, five of the eight defendants have pleaded guilty for their role in the identity theft scheme. Two of the co-conspirators recently pleaded guilty to one count of using an unauthorized device and one count of aggravated identity theft. If convicted, they face a maximum of 10 years in prison for access device fraud and a mandatory two years for the aggravated identity theft charge.
While each of these defendants deserves his or her day in court, this case brings to light security issues that face call centers and financial institutions regarding the protection of personal data. Access to personal records containing SSNs and other valuable information to authenticate customers is dangerous and is the ”golden key” for scammers who are always looking for their next victim. It’s a good guess that these alleged fraudsters are all wishing they had the phone numbers of a few good lawyers to help them out of this mess.
Source: Today’s ”Fraud of the Day” is based on an article titled, ”5 Guilty Pleas in ID Theft Fraud Scheme,” written by Jeffrey Roman and published by BankInfoSecurity.com on July 31, 2014.
Five out of eight defendants have pleaded guilty for their role in an identity theft scheme involving the theft of personal information from an AT&T call center for use in unauthorized wire transfers and to obtain credit and debit cards.
The fraud scheme involved exfiltrating data from a call center that handles direct sales and customer inquiries for AT&T and then using it for fraudulent purposes, prosecutors say.