The cyber attack this summer on JPMorgan Chase compromised the accounts of 83 million households and 7 million small businesses. Last year, the information of 40 million cardholders and 70 million others was breached at Target. In September, hackers got 56 million names, addresses and phone numbers at Home Depot. Fortunately, it has been reported that the various hackers did not get detailed information such as account numbers, passwords, social security numbers and dates of birth. Even so, cyber attacks are on the rise.
The financial industry is working on prevention- JPMorgan, e.g. plans to spend $250 million per year on security. Congress is discussing legislation. Regardless, individuals need to take primary responsibility for the safety of their identity and assets.
Therefore, we thought we would recap some of our earlier comments regarding prevention of identity theft. In addition, we’ll update you on the safety of your accounts at Schwab and your 401(k) plans.
Here’s what you should do re digital security:
- Choose tough to decipher passwords
- Use anti-malware/spyware and anti-virus programs
- Don’t respond to “phishing scam” e-mails
- Shop online only on secure sites
- Don’t use the same password for multiple sites
Here’s what to do at home:
- Shred everything with sensitive information
- Protect snail mail
- Don’t fall for telephone scams
- Use a bolted-down safe for important documents
When out and about:
- Limit the amount of information you provide at store checkout registers
- Avoid “shoulder surfers”
- Watch what you carry
- Carry your wallet in your front pocket, if possible
- Change your credit card to include a PIN
- Monitor your credit card and bank activity at least every few days
- Order a free credit report
- Put a security freeze on your credit files to prevent new accounts
At the same time, we’re pleased to report that assets held at Charles Schwab & Co. or company 401(k) plans should be secure. Here’s Schwab’s guarantee: “Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity.”
Schwab monitors every disbursement from each account. Anytime a transfer request comes through to send money to a third party, Schwab will first contact the investment adviser, such as DWM, to make sure we have talked with the client and that this disbursement is authorized. In addition, in many cases, Schwab will also contact the account holder directly. We’ve seen phone calls on transfers of as little as $600. We and Schwab recognize that it’s a bit of a pain to have to answer a call about a transfer for which you have already signed, but in this day and age of hackers, it’s a necessary and valuable procedure.
A few caveats about the guarantee. First, account holders need to safeguard their account access information including login ID, password and security questions. If they share it with anyone, Schwab will not cover the loss. This information is not shared by Schwab with us, Orion, or any other party. Second, if you suspect you have been a victim to activity you didn’t authorize within your Schwab account, Schwab needs to be notified immediately.
Unauthorized activity in a 401(k) or similar account would be very difficult to accomplish. First, there are only certain times that a participant could request funds from the account. They could do it to borrow money from their account, when they terminate employment, or when they have an in-service withdrawal. All of the requests are typically done through the human resources department of the employer and require signed documentation. In addition, we have only seen transfers from 401(k) plans either go directly by wire, trustee to trustee, to the same registration at a new custodian or, in the case of a check, mailed to the participant’s home address and made payable to the participant and the new custodian.
In addition, we have been asked about the cloud services DWM uses based on the breach of the Apple iCloud. We are pleased to report that Orion and MoneyGuidePro never request, nor receive, any client account access information.