Data security controls

The UK Financial Services Authority (FSA) has fined
stockbroker Merchant Securities Group Limited (Merchant Securities) for not
adequately protecting its customers from the risk of identity fraud.

Merchant Securities
had inadequate procedures for verifying the identities of customers
that contacted the firm by telephone. Instead, the firm relied on being
able to recognise customers’ voices and talking with them informally
about personal matters such as holidays or hobbies. Personal account
numbers which could be used, with a customer’s name, to access account
information were included in routine letters.

Furthermore,
back up tapes containing unencrypted customer information were stored
overnight in a bag at the home of a member of staff. Merchant
Securities did not address the risk involved in its staff being able to
use instant messaging and web based email. There was no evidence,
during the FSA’s investigation, that customer details had been lost or
stolen.

Merchant Securities co-operated fully with the FSA and agreed to
settle at an early stage of the FSA’s investigation. It qualified for a
30% discount under the FSA’s executive settlement procedure. Without
the discount, the fine would have been £110,000.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.