$350,000 Citibank theft victims 'gullible and careless'

The Indian IT firm at the centre of the $350,000 theft from US Citibank accounts has defended its security procedures and branded the victims "gullible" and "careless" for handing over their PIN numbers.

Three former call centre workers at Indian firm Mphasis, which Citibank uses for customer service support, were arrested by police this week after four US Citibank customers discovered $350,000 had been looted from their accounts. New reports in India today claim police have identified that another $75,000 was stolen on top of that.

The staff used their positions dealing with the Citibank customers over the phone to trick them into giving their PIN numbers. These were then used to transfer money into the accounts of nine other gang members.

Mphasis, which today posted a 23 per cent rise in quarterly profits to $7.1m, insisted the fraud could not have been prevented and said its security procedures helped identify the individuals as soon as the theft came to light.

"The initial investigations reveal that Mphasis' security procedures in fact worked and the fraud could not have been prevented as some gullible customers have parted with their passwords/pass-codes carelessly. The accused individuals had no prior criminal record and passed all reference checks," the company said in a statement.

Mphasis said it is also backing calls by Indian IT trade body Nasscom for an improvement in the background checking system for the 350,000 workers employed by the Indian business process outsourcing (BPO) industry and for the Indian government to increase penalties for such crimes.

This silicon.com comment article on the incident raises the question of whether this is a problem specific to the Indian offshore outsourcing industry or to the wider call centre and BPO industry around the globe.