Further proof of the “do as I say, don’t do as I do” approach to identity fraud adopted by so many of our financial services companies comes in the form of the £1.26m fine meted out to Norwich Union.
In what proved to be an alarmingly unsophisticated scam, fraudsters were able to steal £3.3m from NU policyholders.
Criminals used publicly available data – such as names and addresses and dates of birth – to impersonate Norwich Union customers and through telephone calls to NU Life were able to obtain further confidential information. They then changed customer details so that policies were paid out to the wrong accounts.
In some cases, the Financial Services Authority discovered that call centre staff had let the fraudsters have the complete bank account details of policyholders they were impersonating.
A fairly basic lapse in security and NU can count itself lucky the FSA imposed a reduced fine because of all the strict new measures and clear guidelines it has now introduced.
But it still begs the question why such common sense measures were not already in place?
The frauds took place in mid-2006, a time when there were plenty of stories around alerting us all to the growing threat of identity fraud and theft.
Such stories tend to point the finger squarely at the ignorant public for failing to display any sort of common sense when it comes to protect sensitive personal information.
But the fine imposed on Norwich Union once more highlights that the biggest culprits are the companies we foolishly trust to look after our financial affairs for us.
It will take more than a £1.26m fine to smash this “do as I say, don’t do as I do” culture and the FSA needs to get even tougher to break this spell of complacency so many financial services companies remain under.