FSA calls on financial services firms to improve IT security
12 November 2004 | 6164 views | 0
Banks are failing to keep pace with IT security in the fight against fraud according to a report from the UK's Financial Services Authority (FSA). The watchdog also warns that criminals are applying for jobs in financial services firms in order to gain access to sensitive customer data.
The FSA says there is evidence that organised crime groups deliberately target financial services firms to place staff to commit crime, particularly identity theft, and urges banks to carefully screen new staff.
The report reviewed 18 firms including retail and wholesale banks, investment firms and insurance companies. The study is part of the FSA's new approach to fighting fraud in the financial services sector.
The FSA says although major firms, particularly in the banking sector, have built defences in response to targeting by hackers and fraudsters, other sectors and small and medium-sized firms are less prepared.
The study highlights the need for senior management to take on responsibility for information security, which includes a continual review and update of security systems.
The FSA says traditional threats to security still exist in some firms because of a lack of investment in security frameworks. Some companies failed to adequately control employee access rights or user administration in their networks, while legacy systems with poor security design were also identified as a common threat. The regulator also warned that personal devices - such as PDAs, USB pens and smart phones - could be used to steal corporate information or act as sources of virus infection.
Philip Robinson, financial crime sector leader, FSA, says: "Hackers and fraudsters are refining and improving their techniques as we speak. In the fight against fraud, firms will have to run to stand still if they are to protect their assets and those of their customers."
But some firms have responded to the emergence of new information security threats, such as phishing. Security awareness campaigns for customers were also identified as an effective defence strategy being used by firms.
Robinson says: "Firms should follow a preventative approach rather than reacting to a situation once it has happened which can be costly and damaging to reputation."
The FSA also called on consumers to take steps to prevent attacks from fraudsters, by taking care when disclosing their personal details or following the security tips offered by their online banking service.