« Access to share registers and predatory share offers | Main | ACCC chairman speaks on reforms »
Data security controls
The UK Financial Services Authority (FSA) has fined stockbroker Merchant Securities Group Limited (Merchant Securities) for not adequately protecting its customers from the risk of identity fraud.
Merchant Securities had inadequate procedures for verifying the identities of customers that contacted the firm by telephone. Instead, the firm relied on being able to recognise customers' voices and talking with them informally about personal matters such as holidays or hobbies. Personal account numbers which could be used, with a customer's name, to access account information were included in routine letters.
Furthermore, back up tapes containing unencrypted customer information were stored overnight in a bag at the home of a member of staff. Merchant Securities did not address the risk involved in its staff being able to use instant messaging and web based email. There was no evidence, during the FSA's investigation, that customer details had been lost or stolen.
Merchant Securities co-operated fully with the FSA and agreed to settle at an early stage of the FSA's investigation. It qualified for a 30% discount under the FSA's executive settlement procedure. Without the discount, the fine would have been £110,000.
June 26, 2008 in Financial Services, Privacy | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341d4c5453ef00e5538c9ca48834
Listed below are links to weblogs that reference Data security controls:
Subscribe to my RSS feed
