Norwich Union fined £1.26m after ID theft

Norwich Union fined £1.26m after ID theft

FSA throws book at insurer for security failures

Norwich Union Life has been fined £1.26m by the Financial Services Authority (FSA) for exposing customers to the risk of fraud.

The FSA fined the insurer for not having effective systems and controls in place to protect confidential customer information, and failure to manage its financial crime risks.

Norwich Union Life's failings allowed fraudsters to use publicly available information including names and dates of birth to impersonate customers and obtain sensitive details from the firm's call centres.

In some cases fraudsters were able to ask for confidential customer records to be altered, including addresses and bank account details, successfully requesting the surrender of 74 customers' policies totalling £3.3m in 2006.

The FSA ruled that Norwich Union Life had failed properly to assess the risks posed to its business by financial crime, including fraudsters looking to obtain confidential customer information.

"Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure," said Margaret Cole, director of enforcement at the FSA.

"It is vital that firms have robust systems and controls in place to make sure that customer details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft.

"This fine is a clear message that the FSA takes information security seriously and requires that firms do so too."