Identity theft is a significant concern for many online consumers, as reports of data breaches and identity fraud cases are reported in record numbers for the past several years. And while nearly 120,000 various forms of credit card fraud were reported last year by consumers, the fact is that banks and merchants largely take the hit, often waiving the fraudulent activity from the consumer's account.
For individual investment holders, such as people holding assets in mutual funds, stocks, and retirement accounts, an entirely different risk is possible – the risk of being wiped out by cyber thieves, with almost no recourse of action, and very limited protection policy for your investment assets.
For firms that do offer protection policy against identity theft and fraud, they can have very strict and difficult to understand security protocols for you to observe, often buried under thousands of words on hard-to-find webpages. Consumers' Checkbook actually did a report on how difficult it was to find any protection policy guidelines for 15 leading online brokers, and how impossible it would be to follow every single guideline offered by some brokers, guaranteeing you to lose your claim under a security analysis.
However, scattered throughout thousands of words of documents are 9 major requirements and recommendations most commonly mentioned by the firms with protection policies. We'll try to expand on some of those recommendations for you to better understand them. After reading the list, you can also check out more useful information from IdentityGuard, a fraud protection service.
Security recommendations and requirements from investment firms
Regularly check your account balances, at least weekly. Immediately report any unauthorized or suspicious activity – Here's a helpful article on credit card fraud detection.
Be aware of phishing scams. Emails that appear to be from your bank, mutual fund, or other financial institution, asking for you to confirm some of your account details. They may even contain a link to an authentic-looking website, with a spoofed SSL certificate for HTTPS authentication (cyber criminals have gotten very crafty lately). Always confirm with your bank or other financial institution over the telephone that they are indeed trying to contact you.
Use strong, unique passwords. This is really common advice, and a thing most people know they should do, but remembering complex passwords is really troublesome for many people. We recommend using a password manager software that can generate strong passwords, and store them in encrypted vaults. You should never allow your browser to store login credentials, as they are stored in easily hacked local database files on your computer.
Always keep your computer's operating system and security software up to date. It can be a pain to remember if you disable automatic updates, so try to find a balance of allowing your computer to automatically update at evening hours, and then automatically shutdown the computer after updates are applied.
Avoid passing credentials over public WiFi. Doing any kind of financial transaction or even checking your bank account over a public WiFi can make you a vulnerable target for network packet theft, which means someone else on the same WiFi network capturing your data as it's being transferred over the WiFi. If you absolutely must do business at Starbucks, use a strong VPN to encrypt your data transmissions locally.
Do not share your investment account login credentials with third-party aggregation sites such as Mint, Quicken, Yodlee, etc. In the event of a data breach on these websites, your investment firm may refuse to cover your losses, since it will be assumed that while sharing your credentials with these sites, you authorized all transactions through them.