As you most likely already now, as a DWM client, you have a few ways to access your information:
As you most likely already now, as a DWM client, you have a few ways to access your information:
This month I attended the annual Schwab Solutions event in Chicago. It is an excellent opportunity for DWM to make sure we are up to date on all the recent enhancements to Schwab’s technology offerings, which we offer to our clients. The focus was on cybersecurity and fraud prevention: Cybercrime is now more profitable than the illegal drug trade. That’s scary. In addition, “Financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries, with attack patterns changing frequently to outwit IT pros, according to Websense.” Phil Muncaster, Info Security Magazine. One great way to help prevent fraudulent wires or identity theft is to take advantage of electronic signatures and approvals through the Schwab Alliance website and the Schwab Mobile app on your smartphone. No pen needed! They also have some other really handy features too, like remote deposit (great for those April 14th IRA contributions!). It’s quick, easy, and, most important, secure. Schwab even has a guide that will walk you through setting up both.
On the Schwab Alliance website, you can view real-time information, nickname your accounts, retrieve 1099s, enroll in paperless delivery, approve wires, electronically sign applications, and more. You can even update your contact information (no need to sign a change of address form!)
Schwab also offers a very useful app. As with the website, you can see your Schwab accounts, approve wires, and electronically sign applications. And you can remotely deposit checks. It’s available for iPhone/iPad, Android, & Kindle.
The electronic approval tools are a key feature of the website and app. It enables you to access forms and wire requests securely by logging directly into Schwab with your credentials, thus helping prevent fraud. Besides coming to sign in person, this is the most secure method. Email was not designed with security in mind, and accounts can be easily hacked. You may not realize what kinds of data a thief could mine from your sent and filed emails. It could be enough for them to commit wire fraud or steal your identity. For this reason, it’s best to avoid using email for anything that contains sensitive information.
So what’s the next step? Follow the guide to set up your Schwab Alliance credentials and app on your phone. Make sure your cell phone number and email address are up to date (which can be done through Schwab Alliance). That’s it! The next time we need you to sign a Schwab form or approve a wire, you will receive an email with a link to the Schwab Alliance login page. You will also receive an alert on your phone screen prompting you to log in to the Schwab Mobile app to approve/sign digitally. It will walk you through the signing or wire process; just click a few buttons and you’re done! We can even include DWM forms in the same ‘envelope’.
We are confident the Schwab Alliance website and mobile app will save you time and give you peace of mind.
When you hear ‘two-step’, a certain dance move may come to mind. That two-step may be fun, but a different kind of two-step is becoming critical to your account security. Two-step verification, also called two-factor authentication, is becoming widely available for accounts of all kinds from Amazon to Paypal to your email service. It adds a step in the login process beyond the usual username and password to verify you are really who you say you are, and protect your account from hackers and thieves. It requires ‘something you know’ (i.e. a password), plus ‘something you have’ (like your smart phone or a one-time code generator). That way, even if someone guesses or gets a hold of your login information, they won’t be able to log into your account.
Why is this necessary? One good example is an attempted wire fraud that happened to a DWM client recently. The client had received an email with an attachment from someone he knew. When he opened the attachment he unwittingly installed malware (malicious software) that allowed the would-be thief to have full access to his email. You may not realize what kinds of data a thief could mine from your sent and filed emails if they can get into your account. It could be enough for them to steal your identity or guess their way into other accounts, especially if you use the same username and password across websites as many people do. In this case, the thief continued an old email thread to make a wire request, and used the client’s signature block and writing style (including correct spelling and punctuation) to look very legitimate. Fortunately, Schwab instituted a verbal verification protocol a few years ago because these kinds of fraudulent wire requests by email were sharply on the rise, and many attempts had been successful. Furthermore, DWM is familiar with most of our clients’ money movement habits, which adds another layer of security. Anything out of the ordinary sends up a potential red flag and warrants additional verification and scrutiny. We called the client and found out he had not sent the request and wasn’t aware his email account had been hijacked. He immediately reset all his passwords, activating two-factor authentication so the thief couldn’t get into other accounts, scanned his computer for malware, and is fortunate he didn’t sustain a financial loss or spend countless hours to repair his credit or other accounts.
Another example, of someone who wasn’t so lucky, is Mat Honan. He’s a technology writer who had his whole digital life wiped out in less than an hour by hackers who did it just for fun. With a little social engineering and information that was available on the internet, his laptop and phone were remotely wiped (including irreplaceable family pictures), he lost his online document storage, his social media accounts, his email history, you name it. If the hackers had been financially motivated they could have easily ordered things through his Amazon or Apple account linked to his credit card, or worse. (You can see the full story here, but I don’t recommend reading it before bed- it may give you nightmares.)
Based on the above examples, you can see how two-factor authentication has become a necessity. And it’s really not that difficult, although there are several ways websites achieve the ‘something you have’ step:
If you log in from a phone, tablet, or computer that you haven’t previously verified, they may text you a single use code to log in.
Other sites use an app like Authy or Google Authenticator (free for smart phones), which creates a new code every 30 seconds.
A few sites, such as Schwab, use a physical code generator that looks like a small key fob, which generates a new 6 digit code every time you log in. To request a free security token, simply call 800-435-4000. Besides the protocols in place to prevent fraudulent wires, Schwab has a security guarantee which covers 100% of any losses from a Schwab account due to unauthorized activity.
A list with links that will take you to the right place for each website can be found here: https://twofactorauth.org/. As I started this process myself, I was shocked by how many websites I use were on the list that I hadn’t even thought of.
Putting this extra layer of security in place may be a small inconvenience, but it’s nothing compared to the inconvenience of losing your digital life or identity.
Learning is so very important. Just because one has undergone extensive training through classroom work, hands-on experience, or has obtained a prestigious designation like the Certified Financial Planner practitioner or the Chartered Financial Analyst charterholder, doesn’t mean the education stops there. At DWM, we actively participate in ongoing education to keep us up-to-date with the latest and greatest in an industry that is constantly evolving and changing by the second.
In this blog, I’ll provide a little insight about what I think is the “mack daddy” educational event in our industry: Schwab’s annual IMPACT convention, held this year in beautiful Denver, Colorado. For a Registered Investment Advisor Representative like me, I think it’s the best convention available in terms of blending thought-provoking speakers, networking opportunities, and collaborative learning that can be customized to an advisor’s personal taste.
For example, the educational sessions that I chose included ones such as health care reform, social marketing, and investor behavior. I also attended many investment-oriented sessions including, but not limited to, emerging markets, liquid alternatives, fixed income, and smart beta. It was also great fun to hear different ideas and research some of the newest products from over 300 exhibitors in the 500,000+ square foot Exhibit Hall. One can also see CNBC broadcasting within the Hall, where, as they say, “the heartbeat of the industry beats”, represented by the networking of around 2000 of the country’s finest advisors (including yours truly).
There are always a number of good speakers at this event. Charles Best, who leads DonorsChoose.org, a nonprofit organization that provides a simple way to address education inequity, spoke of how the same technology behind “crowdfunding” can help students in schools with needs. Dr. Dambisa Moyo, economist and author, gave us macroeconomic views on global affairs and where this world may be heading if we don’t take action now. But the most thrilling presenters were this year’s keynotes: Dr. Ben Bernanke, our former Fed Chairman and President George W. Bush. Bernanke talked about the crazy times during the Great Recession and how he and his team led us out of the turmoil and brought this country back on its feet. George W. talked about his new passion and talent for painting and how anyone can reinvent themselves however old or young they are. He also had everyone rolling when he told us the story about how Putin made it a point to show him how Putin’s dog was bigger, stronger, and better than Bush’s dog, Barney.
These events are great in that we get to hear past and future leaders and gather our own ideas which ultimately make us better leaders. We leave an event like this with new ideas, strategies, and knowledge to propel us individually forward, our firms forward, and our clients forward.
My four day agenda was jam-packed. The days were long amongst all the sessions and networking, but there were still a little time for fun which for me included a stop at fabulous Mile High Stadium and culminated with the final night event featuring the band Train (“Hey Soul Sister”).
In an effort to continue to learn and gain knowledge, Les and I attend many educational events and workshops like this throughout the year. They equip us to be stronger advocates for our clients and for our industry. Never stop learning. Knowledge is power!
The cyber attack this summer on JPMorgan Chase compromised the accounts of 83 million households and 7 million small businesses. Last year, the information of 40 million cardholders and 70 million others was breached at Target. In September, hackers got 56 million names, addresses and phone numbers at Home Depot. Fortunately, it has been reported that the various hackers did not get detailed information such as account numbers, passwords, social security numbers and dates of birth. Even so, cyber attacks are on the rise.
The financial industry is working on prevention- JPMorgan, e.g. plans to spend $250 million per year on security. Congress is discussing legislation. Regardless, individuals need to take primary responsibility for the safety of their identity and assets.
Therefore, we thought we would recap some of our earlier comments regarding prevention of identity theft. In addition, we’ll update you on the safety of your accounts at Schwab and your 401(k) plans.
Here’s what you should do re digital security:
Here’s what to do at home:
When out and about:
At the same time, we’re pleased to report that assets held at Charles Schwab & Co. or company 401(k) plans should be secure. Here’s Schwab’s guarantee: “Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity.”
Schwab monitors every disbursement from each account. Anytime a transfer request comes through to send money to a third party, Schwab will first contact the investment adviser, such as DWM, to make sure we have talked with the client and that this disbursement is authorized. In addition, in many cases, Schwab will also contact the account holder directly. We’ve seen phone calls on transfers of as little as $600. We and Schwab recognize that it’s a bit of a pain to have to answer a call about a transfer for which you have already signed, but in this day and age of hackers, it’s a necessary and valuable procedure.
A few caveats about the guarantee. First, account holders need to safeguard their account access information including login ID, password and security questions. If they share it with anyone, Schwab will not cover the loss. This information is not shared by Schwab with us, Orion, or any other party. Second, if you suspect you have been a victim to activity you didn’t authorize within your Schwab account, Schwab needs to be notified immediately.
Unauthorized activity in a 401(k) or similar account would be very difficult to accomplish. First, there are only certain times that a participant could request funds from the account. They could do it to borrow money from their account, when they terminate employment, or when they have an in-service withdrawal. All of the requests are typically done through the human resources department of the employer and require signed documentation. In addition, we have only seen transfers from 401(k) plans either go directly by wire, trustee to trustee, to the same registration at a new custodian or, in the case of a check, mailed to the participant’s home address and made payable to the participant and the new custodian.
In addition, we have been asked about the cloud services DWM uses based on the breach of the Apple iCloud. We are pleased to report that Orion and MoneyGuidePro never request, nor receive, any client account access information.
Nowadays, wherever you go, it seems half the people around you are looking down at their phones. (That is, if you take the time to look up and notice this phenomenon). In fact, over 90% of the US adult population owns a smart phone. But you can make good use of your screen time because one of the best ways to stay current on your investments is through mobile apps. We would like to spotlight two important (and free) ones today.
DWM: We recently blogged about our Client Portal overhaul. Did you know you can see the same information through our mobile app? You can see all your accounts in one place, check balances and positions, see performance, run reports, view statements, and contact us. It’s available for iPhone/iPad & Android.
(Click on any image to see a full size version)
Schwab: In addition to Schwab Alliance, Schwab offers a very useful app. You can see your Schwab accounts, approve wires, electronically sign applications, deposit checks, pay bills, find a branch, and more. Even more exciting capabilities are coming soon. It’s available for iPhone/iPad, Android, & Kindle. Schwab even has a one page guide that will walk you through set-up. (Again, click on any image to see a full size version)
Credit card and bank or credit union apps are also handy to have on your devices. Simply search for them in the iTunes Store for Apple users, or the Google Play Store for Android devices.
If you have trouble finding what you’re looking for, AppCrawlr is “the app discovery engine”. This is a great, user friendly site where you can find apps by category or many other criterion, for any device.
Of course, make sure all your devices are password protected so sensitive information isn’t accessible to prying eyes. This is one of the easiest things you can do to protect your identity.
Lastly, for our clients, you are welcome to bring your tablets and smart phones to our meetings. We would like to make sure you are able to login and answer any questions you might have.