Merchant Securities fined £77,000 for poor data security

If an advisor has around 150 customers, only 20% of whom are in frequent contact, it is not sufficient to rely on recognition of their voices and chatting about personal matters like holidays or hobbies as means to verify identity. The practice has cost Merchant Securities, a stockbroker with about 850 retail and institutional clients, a £77,000 fine. The FSA also criticised the firm for including customers’ account numbers in written correspondence on the basis that this might have been intercepted by a fraudster and used together with the party’s name to access their data. Investigators found that back-up tapes containing unencrypted client information were stored overnight at a member of staff’s home address while internal controls around instant messaging and web-based email for employees with access to customer data were inadequate – monitoring was ad hoc and directed to concerns about productivity rather than information security. There was no evidence that any customer details had been compromised.