Speaking at the 1st-The Exchange annual conference last week, FSA financial crime operation team member Robert Gruppetta said unprotected data is now at the root of its fight against money laundering, fraud or market abuse.
He said: “Poor data security and the way that customer data is protected by firms is currently the biggest risk to the FSA in terms of its financial crime objective. Customer data is really easily transportable and there is a very mature market for selling data online. Data has a cash value for criminals and is a valuable commodity that needs to be protected.”
According to Gruppetta, fraudsters sell 50 credit card numbers for 20, with discounts for bulk orders. They operate across multiple jurisdictions, making it difficult to bring to justice.
During July to December 2007, the FSA visited 39 firms to assess the measures they have in place to secure customer data. It discovered that only eight of the compan- ies had good controls to prevent data loss, eight did not lock away customer records at night and only 15 had shredding facilities.
Gruppetta said: “We found significant weaknesses in the way that firms are protecting data they hold about their customers.”
He added that companies must step up the governance, training, disposal methods and physical security they have to safeguard client data.
“We are relying on you to think about the risks to your business and to put in place appropriate systems and controls proportionate to the scale and complexity of your business.”