A 24-year-old Bangalore-based call centre employee (who was sacked on June 3) accused of accessing confidential data of 28 HSBC UK account holders and passing it on to accomplices in UK, who in turn siphoned off 233,000 pounds (Rs 1.8 crore), was today arrested by the Karnataka police.The employee, Nadeem Waheed Kashmiri, had been absconding after a case was registered against him in Bangalore. Using the data provide by Waheed, ‘‘co-fraudsters’’ in UK transferred funds from 20 accounts through telebanking, ATM and debit cards between March and May 2006, investigations by the bank and the police reveal.Investigations were on in India and the UK into the fraud ‘‘perpetrated using details accessed at HSBC’s’’ Bangalore-based BPO unit, HSBC Electronic Data Processing India Pvt Ltd. ‘‘Authorities managed to freeze transactions on eight accounts amounting to around 117,000 pounds,’’ a senior cyber crime official said. Waheed joined HSBC-EDPI on December 12, 2005 and began illegally accessing security information of customers from February 7, 2006 when he started working on the processing floor, HSBC vice-president for customer telephone service Puneet Dar has stated in his complaint to the Bangalore cyber crime police. The fraud surfaced after some HSBC customers in the UK complained to the bank of funds being taken out of their accounts without their knowledge. Investigations by the bank and the UK police revealed that prior to the commencement of fund-diversion from each account, calls had been made to the customer service unit in Bangalore by someone pretending to be the account holder. The account holders, however, said they had not made the calls. In Bangalore, the bank’s investigators looked at the audit logs of all customer service executives and found that 18 of the 28 accounts had been accessed by Waheed ‘‘barely 30 minutes prior to the ‘customer’ calls from the UK. All account access by Waheed was in violation of the company’s rules, security norms, HSBC EDPI has said in its complaint. A further search for links between calls from the UK and the unauthorised data-access showed that Waheed had accessed a total of 28 HSBC UK accounts, sources said. Police said Waheed passed on personal information, security information and debit card information of a random UK customer to ‘‘co-fraudsters’’ in UK directly or through intermediaries. The police were yet to ascertain how he transferred it, but suspected the use of multiple mobile phones for the purpose.
