Stockbrokers fined £77k

LONDON - The UK Financial Services Authority (FSA) has fined stockbroking firm Merchant Securities Group £77,000 for failure to protect its customers from the risk of identity fraud. It is the first time the UK regulator has fined a stockbroker for data security issues.

The regulator says Merchant Securities had inadequate telephone procedures for verifying customers' identities. In fact, the firm relied on recognising customers' voices over the phone and talking to them about informal matters such as hobbies and holidays. Personal account numbers, meanwhile, which could be used together with a customer's name, to access account information, were included in routine letters. The FSA also revealed that unencrypted back-up tapes upon which customer information was stored, were kept overnight at an employees home, while staff were allowed free access to personal messaging and web-based email services in the workplace.

The FSA discovered the failings in September 2007 during a visit to the firm as part of wider thematic research into how firms managed data security risks. There have been no known cases of identity theft related to the matter.