LONDON (ShareCast) - City watchdog the FSA has fined stockbroker Merchant Securities £77,000 for not adequately protecting its customers from the risk of identity fraud.

This is the first time the Financial Services Authority (FSA) has fined a stockbroking firm for weak data security controls.

However, Merchant Securities qualified for a 30% discount as it co-operated fully with the FSA and agreed to settle at an early stage of the investigation. Without the discount, the fine would have been £110,000.

The FSA said the broker had inadequate procedures for verifying the identities of customers that contacted the firm by telephone.

Instead, the firm relied on being able to recognise customers' voices and talking with them informally about personal matters such as holidays or hobbies. In addition, personal account numbers which could be used, with a customer’s name, to access account information were included in routine letters.

It said back up tapes containing unencrypted customer information were stored overnight in a bag at the home of a member of staff, adding that Merchant Securities did not address the risk involved in its staff being able to use instant messaging and web based email.

However, there was no evidence, during the FSA's investigation, that customer details had been lost or stolen, the watchdog added.

“It is unacceptable that despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details,” said Margaret Cole, director of Enforcement at the FSA.

“We will not wait until information has been lost or stolen before taking action against a firm. The level of the fine for a firm of this size should serve as a warning to others to take data security seriously,” she added.

Merchant Securities' failings came to light in September 2007, during a visit by the FSA, rather than through their own systems and controls.

In a separate statement, the group said it has listened to the FSA's concerns and has undertaken a thorough review of all its systems and controls for the protection of customer data to ensure that they are now robust.

“We have taken steps to improve our systems and security for our clients' benefit and will continue to do all we can to protect their interests in the future,” said chief executive Patrick Claridge.

• News Channel