HSBC lost a disc of data and the FSA says firms need to do more
Financial services companies need to do more to stem the rise in identity fraud, the Financial Services Authority (FSA) has said.
Companies underestimate the risk of data loss and fraud to their businesses, especially their customers, it said.
The survey follows a string of high-profile security breaches.
Nearly half of the 39 companies interviewed in a survey offered staff no data security training.
Medium-sized and small firms were the worst offenders, it found, and one unnamed firm has been referred to the FSA's enforcement unit as a result of data security failings.
They showed a "lack of awareness that customer data is a valuable commodity for criminals," it said.
"As a consequence, systems and controls are often weak and sometimes absent," it said.
"It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking the risk seriously," said Philip Robinson, the FSA's director of financial crime and intelligence.
There have been a series of high-profile data losses.
Banking giant HSBC lost a disc from its Southampton office, containing details of 370,000 customers.
In the past year, both the Nationwide building society and the Norwich Union insurance company have suffered heavy fines and public reprimands for not looking after customer details properly.
In the most spectacular example yet of data loss, last year the HM Revenue and Customs (HMRC) lost some computer discs while in transit between London and Newcastle.
The FSA reviewed data systems and controls at 39 firms, including banks, building societies, insurance companies and financial advisers.