Banks are well-equipped against fraud, while others lag behind

The FSA is urging firms to make tighter checks before taking staff on.

And it also warned that the latest personal organisers and mobile phones can be connected to computers in order to steal corporate secrets.

Its latest report reveals crime groups are also often using companies to commit ID fraud.

Fraudsters get hold of an individual's details, which are used to acquire money, good and services.

There is no room for complacency and criminals will seek to exploit vulnerable points where they can find them Philip Robinson, FSA

Employee fraud

The FSA looked at the security systems of 18 High Street banks, insurers, fund management firms and stock brokers.

The firms were chosen to give a cross section of the UK financial services industry.

How the firms dealt with external security threats such as hackers and scam operators was examined in detail.

In addition, firms were quizzed as to how they protected client information and ensure staff are who they say they are.

What employee checks finance firms should undertake Verify school, university and employment record Undertake credit and address checks Check Bank of England terrorist lists Check for County Court judgements Random audit recruitment agency staff Carry out vetting of contractors and overseas employees Source: Financial Services Authority (FSA)

The report concluded that there was: "evidence that organised crime groups deliberately target financial services firms in order to place staff to commit financial crime, in particular identity theft."

Of particular concern to the report's authors was "poor standards of vetting," particularly when it came to using staff recruited by a contractor or recruitment agency.

One firm reported that a payment clerk had spied on a colleague when he entered his password and used the information to access a client's dormant bank account.

The employee then moved �80,000 from the dormant account into his own, using his colleague's password.

The FSA recommended that firms needed to step up their vetting procedures, including checking school, university and employment history of all employees, even those employed by a contractor.

Companies are focussing their spending on securing systems from external attack... and are not sufficiently aware of the threat posed by people with internal access Rob Cotton, NCC group

'Vulnerable points'

According to the FSA while some major firms, particularly in the banking sector, are well-equipped to deal with fraudsters, other sectors and small and medium-sized firms are less well prepared.

"Firms should follow a preventative approach rather than reacting to a situation once it has happened which can be costly and damaging to reputation," said Philip Robinson, financial crime sector leader at the FSA.

"Having been the target of criminals in recent times, via the internet and other technologies, the major banks tend to have strong defences in place.

"But there is no room for complacency and criminals will seek to exploit vulnerable points where they can find them, including in other sectors or smaller firms."

A leading IT security group said that it was not surprised that the FSA had found holes in firms' security.

"Companies are focussing their spending on securing systems from external attack via sources such as the internet and are not sufficiently aware of the threat posed by people with internal access," Rob Cotton, chief executive of the NCC group said.