Posted on May 2nd, 2008 No comments
LONDON (Reuters) – Financial services companies must change their attitude to security to curb the rise in identity fraud, the Financial Services Authority says.
The FSA issued the warning following a review of data security systems and controls at 39 firms including banks, building societies, insurance companies and financial advisers.
Although it found examples of good practice across the industry, it said firms underestimated the risk of data loss and fraud to their businesses — especially to their customers.
One company has been referred to the FSA’s enforcement division.
The call comes just days after Information Commissioner Richard Thomas said companies and government departments had suffered an “inexcusable number” of security breaches since the loss of millions of personal details last year.
Thomas said he had been told of 94 data breaches since November, with two-thirds from the public sector and the rest from the private sector. Half of the commercial breaches were from financial institutions.
Prime Minister Gordon Brown ordered an urgent review after HM Revenue and Customs said it had lost data on 25 million people, exposing them to the risk of identity theft and fraud.
The FSA said that, on occasions of significant data loss, firms seemed more concerned about adverse media coverage than on being open and transparent with their customers.
Speaking at the body’s annual conference on financial crime, Philip Robinson, its director of financial crime and intelligence, said: “It is worrying that, despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking this risk seriously.
“Customers have a right to be confident that firms are doing everything reasonably possible to keep their personal and financial details safe.”