Aside from maybe your home equity, your investment accounts, including your 401 (k) and other retirement accounts, are probably where most of your equity resides. What happens if these accounts are hacked?
Here is this week’s question:
With all the hacking going on, big or small, how would a person’s IRA, 401 (k), or pension be affected in the event of a hack? Are there any protections for the holder of these accounts?
You would assume that you would not suffer a loss if someone fraudulently withdraws money from any type of account, whether it is a bank, brokerage, credit card, or a pension plan. But this is not the case.
While there are laws that limit your losses if your credit or debit cards are compromised, there are no specific laws protecting you from cyber theft losses in your brokerage account.
If hackers gain access to your brokerage account by hacking into your company’s servers, there’s a good chance you’ll get your money back. But if cyber theft happens on a more personal level, the outcome could be much worse.
Suppose you receive an email from your brokerage firm stating that your monthly statement is ready for review. You click the link in the email, which takes you to the login page of your brokerage website. You enter your username and password, check your balances and get on with your day.
But the email you replied to was bogus. The website you were on looked like the login page for your brokerage account, but the site was a decoy designed to separate you from your login information. Now that they have your username and password, the crooks are able to empty your account.
Does the brokerage firm have to reimburse you? No. They might just pretend that you are supposed to keep your login details secret and you haven’t. The fact that you replied to a legitimate looking email is not their problem. No law requires them to reimburse you.
A few months ago, the SEC examined 57 brokers and 49 registered investment advisers. According to their report:
Written policies and procedures generally do not address how companies determine if they are responsible for customer losses associated with cyber incidents. The policies and procedures of only a small number of brokers (30%) and advisers (13%) contain such provisions, and even fewer brokers (15%) and advisers (9%) offered guarantees of guarantees to protect their customers against cybersecurity-related losses.
What happens if you get ripped off?
If you have money with a brokerage or investment firm, the first step is to see what kind of protection your broker offers in the event of a cyber breach. Here are links to the fraud policies of three popular investment firms:
As an example, here is the language used by Vanguard to present its policy:
Our commitment to online security is simple. If assets are removed from your account during an unauthorized online transaction at Vanguard.com® – and you have followed the steps in the your responsibilities section below – we will refund you the assets taken from your account during the unauthorized transaction.
It looks nice. But what exactly are your responsibilities? Here are the highlights.
- Regularly review your accounts.
- Protect your Vanguard.com username, password, and other account information.
- Protect your computer.
- Do not respond to requests for personal or financial information by email.
- Cooperate with us and stay informed.
You can consult the details under each of these headings on their political page, but you get the idea. Unlike a credit card, when it comes to investment accounts, you aren’t off the hook just because someone has hacked your information. You are responsible for the security of your account. It’s also worth noting the fine print at the bottom of the policy page, which reads in part:
This protection does not apply to unauthorized activity caused in whole or in part by your fraudulent, intentional or negligent acts or omissions, including the activity of a person whom you have intentionally or negligently authorized to transact on your account, or to whom you have intentionally or negligently given access to security information relating to your account. This protection does not apply to unauthorized account activity or access to the account by an employer or a representative of the plan sponsor who is authorized to access your account but who acts outside of their authority.
In other words, if you negligently allow someone to obtain your login information, the warranty does not apply. (And who decides what constitutes negligence? They do.) In the case of retirement accounts, the guarantee also does not apply if your employer or plan sponsor scams you; something that is completely out of your control.
This lack of accountability of investment firms is frightening, especially in light of the potential money involved and the number of online frauds that occur these days.
To protect yourself
The SEC issued an investor bulletin titled Protect your online brokerage accounts against fraud that every investor should read. Here are the steps they suggest:
- Choose a strong password, protect it and change it regularly
- Use two-step verification, if available
- Use different passwords for different online accounts
- Avoid using public computers to access your online brokerage account
- Be careful with wireless connections
- Be very careful before clicking on any links sent to you
- Secure your mobile devices
- Regularly check your account statements and transaction confirmations
Click the link above for more details on their suggestions. Other sites to review include that of the SEC Online Brokerage Accounts: What You Can Do to Protect Your Money and Personal Information, FINRA Protect your online brokerage account: security must come first when signing in and out and the FTC Tips for using public Wi-Fi networks.
At the end of the line ? Your investment accounts don’t have the same legal protections as your credit cards, and they are likely to hold a lot more money. Take the necessary precautions.
Do you have a question you would like to answer?
A great way to get answers to any money-related question is to visit our forums. It’s the place where you can express your opinion, explore topics in depth, and most importantly, ask questions and get answers. This is also where I look for questions to answer in this weekly column.
I founded Money Talks News in 1991. Got a CPA (currently inactive) and also got licenses in stocks, commodities, options principal, mutual funds, insurance -life, the securities and real estate supervisor. Do you have time to kill? You can learn more about me here.
Do you have more questions about money? Browse many more Ask Stacy answers here.
Disclosure: The information you read here is always objective. However, sometimes we receive compensation for clicking on links in our stories.
I like the article