FSA issues fraud warning
The Financial Services Authority (FSA) is urging firms to change their attitude to data security and do more to help prevent their customers falling victim to identity fraud and other types of financial crime.
The warning follows an FSA review of systems and controls for data security at 39 firms including banks, building societies, insurance companies and financial advisers.
There were examples of good practice across the industry, but many firms still underestimate the risk of data loss and fraud to their businesses, and especially to their customers.
This includes senior management at firms not recognising the value of their customers’ data to fraudsters or that staff could pose a similar threat to data security as that posed by computer hackers and burglars.
Also on occasions of significant data loss, firms seem more concerned about adverse media coverage than on being open and transparent with their customers. Following the review, one firm has been referred to enforcement.
Philip Robinson, director of the FSA’s financial crime and intelligence division, said: “It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking this risk seriously. Customers have a right to be confident that firms are doing everything reasonably possible to keep their personal and financial details safe.
“Some firms have made progress by adopting good practice while others need to do more in this area to ensure that they are treating their customers fairly. Firms getting data security right is a key priority for the FSA and we expect the industry to raise its standards.
“This report provides a wealth of information including examples of good practice that could help firms benchmark their own systems and controls and make necessary improvements. We will follow up on this work with firms and will not hesitate to take action if future breaches are found.”
Peter Hurst, chief executive of UK fraud prevention service CIFAS, said: “In the light of the frequency and scale of data breaches during 2007, the FSA review is timely. It is right that concerns surrounding this serious issue should be aired so that public confidence in the security of personal data can be restored.
“The review is also right to emphasise the need for organisations to take a holistic approach to information security, acknowledging that this extends far beyond IT controls, and indeed should start with proper vetting of staff.”