Stockbrokers fined £77k
Losses and Lawsuits
LONDON - The UK Financial Services Authority (FSA) has fined stockbroking firm Merchant Securities Group £77,000 for failure to protect its customers from the risk of identity fraud. It is the first time the UK regulator has fined a stockbroker for data security issues.
The regulator says Merchant Securities had inadequate telephone procedures for verifying customers' identities. In fact, the firm relied on recognising customers' voices over the phone and talking to them about informal matters such as hobbies and holidays. Personal account numbers, meanwhile, which could be used together with a customer's name, to access account information, were included in routine letters. The FSA also revealed that unencrypted back-up tapes upon which customer information was stored, were kept overnight at an employees home, while staff were allowed free access to personal messaging and web-based email services in the workplace.
The FSA discovered the failings in September 2007 during a visit to the firm as part of wider thematic research into how firms managed data security risks. There have been no known cases of identity theft related to the matter.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact [email protected] to find out more.
You are currently unable to copy this content. Please contact [email protected] to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email [email protected]
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email [email protected]
More on Regulation
Risk Management
US banks harbour concerns over agencies’ cyber risk rule
Lack of reporting template means “people can give the least amount of data possible”, warns CISO
Receive this by email