The weaknesses in Norwich Union Life’s systems and controls allowed fraudsters to use publicly available information including names and dates of birth to impersonate customers and obtain sensitive customer details from its call centres. Also, in some cases they were able to ask for confidential customer records such as addresses and bank account details to be altered. Fraudsters then used the information to request the surrender of 74 customers’ policies totalling 3.3 million in 2006.
During its investigation, the FSA found that Norwich Union Life had failed to properly assess the risks posed to its business by financial crime, including fraudsters seeking to obtain customers’ confidential information. As a result, it said that its customers were more likely to fall victim to financial crimes such as identity theft.