FSA fines stockbroker over weak data security

The Financial Securities Authority has fined the Merchant Securities Group £77,000 for failing to protect customers from identity fraud.

A stockbroker has been fined 77,000 by the Financial Services Authority (FSA) for failing to protect its customers from identity fraud despite the firm not having had a data breach.

The FSA visited Merchant Securities Group (MSGL) in September 2007, to look through the stockbroker's systems and controls. The firm did not have a breach of any sort, but was looked at as part of an FSA drive to gather information about how firms manage their data security.

During the visit, the FSA found that Merchant did not have proper procedures for identifying customers over the telephone, but relied on recognising customers' voices or knowing details about their personal life. In addition, account numbers were sent out in letters containing customers names.

As well, back-up tapes of customer data were stored overnight and unencrypted in the home of a staff member, and staff were openly allowed to use webmail and instant messaging despite concerns about data risks.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Margaret Cole, director of enforcement at the FSA, said: "It is unacceptable that despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details. People have a right to expect their details to be kept secure and firms should be committed to treating their customers fairly in all aspects of their business."

She added: "Reducing financial crime in the UK is a priority for the FSA and our recent data security report showed that many firms still need to do more to get it right. We will not wait until information has been lost or stolen before taking action against a firm. The level of the fine for a firm of this size should serve as a warning to others to take data security seriously."

The original fine against Merchant Securities was 110,000, but it was reduced by 30 per cent as part of a settlement deal that saw Merchant co-operated with the FSA from an early stage.

In a statement, Merchant Securities stressed that there was no loss of customer data at any point. "The FSA found no evidence of any theft or compromise of customer information," the statement said. "MSGL has listened to the FSA's concerns and has undertaken a thorough review of all its systems and controls for the protection of customer data to ensure that they are now robust. Changes implemented since October 2007 mean that MSGL is confident that the shortcomings in its systems and controls identified by the FSA have been fully resolved."

Patrick Claridge, acting chief executive of Merchant Securities, said: "We have taken steps to improve our systems and security for our clients' benefit and will continue to do all we can to protect their interests in the future."

The FSA has previously fined Norwich Union some 1.26 million after a data breach.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020