BPO staffer in Bangalore compromises with HSBC data, 233,000 pounds stolen

A security breach at international bank HSBC’s off-shore data processing centre in Bangalore has come to light after twenty customers of the bank in London complained that their monies had been transferred without their knowledge.

A 24-year-old staffer at HSBC’s Electronic Data Processing India (HDPI) Nadeem Hamid Kashmiri has been charged with stealing confidential data of its customers in the UK to the illegally siphon off money from their accounts.

According to a complaint lodged by HDPI with the Bangalore Cyber Crime Police, Nadeem Hamid Kashmiri, who joined the company on December 12, 2005, is said to have accessed personal information, security information and debit card information of some customers in the UK from March to May this year.

These details were passed on to his “co-fraudsters” in UK, who diverted funds to the tune of 233,000 pounds through ATM, debit card and telephone banking services at the behest of Nadeem, the complaint said.

The fraud at HDPI comes barely a year after a similar security breach was reported from a BPO in Pune.

Soon after HSBC received complaints from its customers that funds had been transferred from their account without their knowledge, the HDPI initiated an internal inquiry and found Nadeem to be culprit. The system records showed that Nadeem had accessed confidential information without authorization. “To access such information for any business requirement, a prior permission is needed”, HDPI’s Vice President Pradeep Dar told reporters.

“Nadeem facilitated his accomplices to impersonate the actual customers to enable them to cheat the HDPI and HSBC customers”, Cyber Crime Inspector General of Police Mahapatra told reporters.

Soon after the internal inquiry was ordered, Nadeem went missing. Investigations have revealed that Nadeem had joined the company on “false records and misrepresentation”. He had furnished a false address and mobile number at the time of joining.

Mahapatra said the UK police, which was trying to nab the fraudsters there, would be contacted in the probe. “We have formed police teams to trace Nadeem”, he said.

HDPI officials said Nadeem had joined the company “with the intention to deceive and cheat the bank and its customers. He had begun accessing the accounts of customers without authorization from the day he was deputed to the processing unit on February 6 this year”.

Meanwhile, Nasscom (National Association of Software and Service companies), an industry body for Indian IT, has come out with a statement that “such security breaches are not unique to offshore operations and can happen in any country”.
Nasscom Vice President Sunil Mehta said Nasscom will work with legal authorities in the UK and India to ensure that those responsible for any criminal breaches promptly prosecuted and face the maximum penalty.