Media Centre
Fraud Updates
PCB News
Fraud Updates 2007
19 December
In yet another embarrassing lapse in the security of personal information, the Government has admitted that the names, addresses and telephone numbers of three million British learner drivers have gone missing.
The information had been stored on a hard drive by an external contractor based in the US which had used a secure courier to deliver the disc to its facility in Iowa. The hard drive is believed to have disappeared in May.
It remains to be seen what steps the Information Commissioner will take to fine the responsible Department of the Government should it consider there have been breaches of the Data Protection Act.
The news of this breach of data security came in the same week that Norwich Union was fined a record £1.26m by the FSA. The fine was imposed after lax security at the firm's call centres allowed fraudsters, posing as customers, to gain access to customer personal information.
The fraudsters used the information gathered to steal £3.3m from policies during 2006.
Both these examples further illustrate the importance of ensuring that adequate safeguards are in place to protect confidential personal information and that effective protocols are in place in the event of a breach.
13 December
December 15, sees the Money Laundering Regulations 2007 come into force, these will replace the 2003 regulations.
The new Regulations increase the obligation on businesses to prevent money laundering taking place and are intended to further restrict criminal access to the financial system.
Businesses will now be required to carry out more detailed customer due diligence, including ongoing monitoring. Businesses will also have to satisfy themselves not only as to the identity of the customer, but also the beneficial owner of the customer.
Businesses must adopt a risk based approach to ensure that the measures which are in place to prevent money laundering and terrorist financing are appropriate to the level of risk identified. On the flip side of this is the introduction of a simplified due diligence requirement where there is a lower risk of money laundering.
The 2007 Regulations extend the ability of businesses to rely on verification of customer identity provided by third party firms. Also extended are the types of companies to which the Regulations now apply. Almost all businesses where large sums of money are managed now come within the Regulations.
Businesses must ensure that compliance with the Regulations is taken seriously. The penalties for non-compliance can be severe and include significant prison sentences and unlimited fines.
5 December
In a highly unusual move, the Director General of MI5 recently sent a letter to the chief executives and security chiefs of 300 banks, accounting firms and law firms which contains a warning of cyber attacks by "Chinese State Organisations".
The letter suggested that groups of Chinese nationals, backed by the Chinese Government have used tools such as Trojans to infiltrate the computer systems of firms such as Shell and Rolls Royce in order to obtain confidential information.
Steven Philippsohn, who is Chairman of the Cybercrime Working Party, has stressed the need for companies to be vigilant in protecting their trade secrets and confidential information.
News of the letter comes amid growing concern about the security of confidential information stored on computers. Credit card details have long been offered for sale on the internet for as little as £1.00 while it has been suggested that the information stored on two CDs recently mislaid by HMRC could be worth as much as £100m in the wrong hands.
| January 2008 | November 2007 |