FSA fines stockbroker over weak data security
The Financial Securities Authority has fined the Merchant Securities Group £77,000 for failing to protect customers from identity fraud.


A stockbroker has been fined 77,000 by the Financial Services Authority (FSA) for failing to protect its customers from identity fraud despite the firm not having had a data breach.
The FSA visited Merchant Securities Group (MSGL) in September 2007, to look through the stockbroker's systems and controls. The firm did not have a breach of any sort, but was looked at as part of an FSA drive to gather information about how firms manage their data security.
During the visit, the FSA found that Merchant did not have proper procedures for identifying customers over the telephone, but relied on recognising customers' voices or knowing details about their personal life. In addition, account numbers were sent out in letters containing customers names.
As well, back-up tapes of customer data were stored overnight and unencrypted in the home of a staff member, and staff were openly allowed to use webmail and instant messaging despite concerns about data risks.
Margaret Cole, director of enforcement at the FSA, said: "It is unacceptable that despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details. People have a right to expect their details to be kept secure and firms should be committed to treating their customers fairly in all aspects of their business."
She added: "Reducing financial crime in the UK is a priority for the FSA and our recent data security report showed that many firms still need to do more to get it right. We will not wait until information has been lost or stolen before taking action against a firm. The level of the fine for a firm of this size should serve as a warning to others to take data security seriously."
The original fine against Merchant Securities was 110,000, but it was reduced by 30 per cent as part of a settlement deal that saw Merchant co-operated with the FSA from an early stage.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
In a statement, Merchant Securities stressed that there was no loss of customer data at any point. "The FSA found no evidence of any theft or compromise of customer information," the statement said. "MSGL has listened to the FSA's concerns and has undertaken a thorough review of all its systems and controls for the protection of customer data to ensure that they are now robust. Changes implemented since October 2007 mean that MSGL is confident that the shortcomings in its systems and controls identified by the FSA have been fully resolved."
Patrick Claridge, acting chief executive of Merchant Securities, said: "We have taken steps to improve our systems and security for our clients' benefit and will continue to do all we can to protect their interests in the future."
The FSA has previously fined Norwich Union some 1.26 million after a data breach.
Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.
Nicole the author of a book about the history of technology, The Long History of the Future.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
The CEO's guide to generative AI: Be a creator, not a consumer
Whitepaper Innovate your business model with modern IT architecture, and the principles of trustworthy AI
By ITPro Published
-
Building a strong business case for GRC automation
whitepaper Successfully implement an innovative governance, risk & compliance management platform
By ITPro Published
-
Sundar Pichai: AI keeps me up at night
News The Google chief warned that recent AI developments will have a profound impact on society
By Ross Kelly Published
-
ChatGPT privacy flaw exposes users’ chatbot interactions
News OpenAI has not expanded on the flaw in detail, nor indicated its reach
By Rory Bathgate Published
-
2022 Magic Quadrant for data integration tools
Whitepaper Using research to evaluate suitable vendors for their existing and upcoming data integration use cases
By ITPro Published
-
Redefining modern master data management in the cloud
Whitepaper Why you need a modern MDM solution built for the cloud
By ITPro Published
-
Magic quadrant for data quality solutions
Whitepaper Amplifying analytics for better insights and for making trusted, data-driven decisions
By ITPro Published
-
Oracle to act as US data auditor for TikTok
News All US traffic on the social media platform will be routed through Oracle's cloud infrastructure
By Rory Bathgate Published