FSA fines stockbroking firm for weak data security controls

Merchant Securities had inadequate procedures for verifying the identities of customers that contacted the firm by telephone. Instead, the firm relied on being able to recognise customers’ voices and talking with them informally about personal matters such as holidays or hobbies. Personal account numbers which could be used, with a customer’s name, to access account information were included in routine letters.

Furthermore, back up tapes containing unencrypted customer information were store