The show started out by buying UK card and bank account details in India. What was fascinating was that one of the Indian data brokers was selling not just customers’ personal data but the voice recordings of phishing calls made from call centre employees to customers in the UK capturing card numbers, CVV and so on! Hilariously, the phisher is recorded saying "your information is protected under UK Data Protection Law". So next time I hear "this call may be recorded for training purposes" I guess I should hear it as "this call will be recorded and sold on the open market".
One of the guys she filmed had 200,000 customer’s details (in some cases including passport and driving licence details as well as banking details) that he claimed to have bought from various call centres. Not all of them were bank call centres: mobile operator call centres were mentioned specifically. The data was apparently being stolen from the call centres on USB flash drives.
Anyone watching this (me, for example) couldn’t have helped but be worried. But it did leave me thinking that if we want to make strides in the digital identity world, we need to find ways to make a real dent in this type of crime.
What do we want! Two-Factor Authentication!
When do we want it! Now!