BBC recently did an undercover story uncovering some unscrupulous individuals selling valid UK credit card details.
While this is not particularly unusual by itself it turns out the source of the cards was linked to Symantec.
The cards details were all acquired after users had just bought Norton subscriptions.
A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation.
Reporters posing as fraudsters bought UK names, addresses and valid credit card details from a Delhi-based man. The seller denied any wrongdoing and Symantec corporation, from whom three victims bought a product via a call centre, called the incident “isolated”. Card fraud totalled £609m during 2008, according to payments group Apacs.
Symantec said it requires rigorous security measures of any third-party call centre agents and it believed the breach had been limited to a single agent. The BBC team went to India on a tip off after being put in touch with a man offering to sell stolen credit and debit card details.
He told the pair he could supply them with hundreds of credit and debit card details each week at a cost of $10 dollars a card. After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14. He said the remainder would be sent later by e-mail.
The man claimed some of the numbers had been obtained from call centres handling mobile phone sales, or payments for phone bills. Back in the UK, the broker continued to supply card details to one of the undercover reporters by email.
Nearly all of the names, addresses and post codes sold to the BBC team were valid. But most of the numbers attached to them were invalid – often out by a single digit. However, about one in seven of the numbers purchased were valid – active cards still in use by UK customers. Their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.