A U.K. insurance house has been slapped with a record fine by the Financial Services Authority (FSA) watchdog for incompetent customer account security.
The latest offender is Norwich Union, which allowed fraudsters to impersonate customers when phoning its call centers, cashing in policies on an astonishing 74 occasions out of a total of recorded 632 attempts. The criminals -- 11 suspects have now been arrested -- were able to steal a total of £3.3 million (AU$7.7 million) during the scam, which took place in 2006.
The FSA has hit the company with a £1.26 million fine, a record for the U.K., and even larger than that levied on The Nationwide Building Society earlier this year for losing a laptop full of unspecified customer data in August 2006. The Norwich Union only avoided an even larger fine of £1.8 million by promptly settling the charges with the industry regulator, and agreeing to tighten up its procedures.
One of the most serious charges was that the company failed to react to the pattern of fraud, allegedly initially only informing customers who had been or were current directors of the company. In other words, the company realized fraud was happening but was unable to put in place extra security to stop further occurrences of fraud from happening.
"Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure," said the FSA's Margaret Cole.
"It is vital that firms have robust systems and controls in place to make sure that customers' details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft."This fine is a clear message that the FSA takes information security seriously and requires that firms do so too," she added.
The Norwich Union for its part claims to have tightened up its procedures, which appear to have been compromised by the ease with which criminals were able to use data taken from a variety of public sources to impersonate policy holders.
"We are sorry that this situation arose and apologized to the affected customers when this happened," Mark Hodges, Norwich Union Life chief was reported to have said. "We have extensive procedures in place to protect our customers but in this instance weaknesses were exploited and we were the target of organized fraud," he said using a degree of understatement.
The Norwich Union since has refunded stolen money and reinstated the hacked policies.