The Financial Services Authority has fined a stockbroking firm
for failures in data security that put its customers at risk of
identity fraud.
The
FSA fined Merchant Securities £77,000 for a series of failures
including its reliance on staff recognising customers' voices to
verify their identity and storing unprotected customer data at the
homes of employees overnight.
The FSA said staff at the firm relied on talking informally
about personal matters to confirm its customers' identities.
Back-up tapes containing unencrypted customer information were
stored overnight in a bag at the home of a member of staff the FSA
said, and personal account numbers were wrongly included in routine
letters.
Margaret Cole, director of enforcement at the FSA, said, "It is
unacceptable that despite increased awareness of data security
issues, a firm should be so careless about its systems for
protecting customers' personal details.
"We will not wait until information has been lost or stolen
before taking action against a firm. The level of the fine for a
firm of this size should serve as a warning to others to take data
security seriously."
Merchant Securities' failure to protect customer data emerged
when the FSA carried out the research for its 2008 report
Data Security in Financial Services.
Patrick Claridge, acting chief executive of Merchant Securities
said the company has taken steps to improve its systems and
security.
Merchant Securities said there is no evidence that customer data
was stolen. "FSA found no evidence of any theft or compromise of
customer information," said the company in a statement.