Norwich Union Life has been slapped with a record fine by the Financial Services Authority (FSA) watchdog for incompetent customer account security.
The insurance firm, part of the Aviva group, allowed fraudsters to impersonate customers when phoning its call centres, cashing in policies on 74 occasions out of a total of 632 recorded attempts. The criminals – 11 suspects have now been arrested – were able to steal a total of £3.3m during the scam, which took place in 2006.
The FSA has hit the company with a £1.26m fine, a record for the UK, and even larger than that levied on Nationwide earlier this year for losing a laptop full of unspecified customer data.
Norwich Union only avoided an even larger fine of £1.8m by promptly settling the charges with the industry regulator and agreeing to tighten up its procedures.
One of the most serious charges was that the company failed to react to the pattern of fraud, allegedly initially only informing customers who had been or were current directors of the company. In other words, the company realised fraud was happening but was unable to put in place extra security to stop further occurrences from happening.
"Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure,” said the FSA’s Margaret Cole.
"It is vital that firms have robust systems and controls in place to make sure that customers' details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft."This fine is a clear message that the FSA takes information security seriously and requires that firms do so too," she added.
Norwich Union for its part claims to have tightened up its procedures.
"We are sorry that this situation arose and apologised to the affected customers when this happened.", Mark Hodges, Norwich Union Life's CEO, said in a statement. "We have extensive procedures in place to protect our customers but in this instance weaknesses were exploited and we were the target of organised fraud," he said.
Norwich Union since has refunded the stolen money and reinstated the hacked policies.
Find your next job with computerworld UK jobs