> "A former Chase call center rep tells the story about this one thief who was > able to rip off one customer for over $40,000, thanks to his constant > outwitting > out the internationally out-sourced security department. > > "The Americans would beg and plead with the Filipinos to not unblock the > account, and over and over again they would. Says our insider, if US security > had been able to intervene from the get-go, he would never have been able to > do so much financial damage."
> http://consumerist.com/5069018/how-outsourced-call-centers-are-costing-millions- > in-identity-theft Well, everyone knows I am not a fan of outsourcing. However, I think that outsourcing, per se, may be getting a bad rap on this one. Why *couldn't* the "US security" intervene? Why wasn't there a provision for an alert on the account? Why wasn't there a lock on the account requiring that it be dealt with locally? Why wasn't there either a flag or a lock on the account requiring at least a supervisor be involved? I don't see just dumb call centre staff here. I see bad design. ====================== (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] What you can do or think you can do, begin it. For boldness has magic, power, and genius in it. - Johann Wolfgang von Goethe victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
