http://www.theglobeandmail.com/servlet/story/LAC.20070814.RCARRICK14/TPStory/Business By Rob Carrick August 14, 2007 It's time to start thinking about security, and not just commission fees and service, when you decide which online broker to use. The Investment Dealers Association of Canada says its members are reporting about two to three instances of hackers gaining access to client accounts each month, and the results can be costly both in dollars lost and aggravation. That's the message from a woman who contacted this column last week about an incident on July 30 in which a hacker gained access to her account, sold her holdings and began buying shares of a Nasdaq-listed company. "I was just shocked when I heard this happened," said the woman, who asked that her name not be used. "I'm not very computer savvy and I didn't know that this was a risk that I was taking when I traded with a discount broker online." The woman's broker, Montreal-based TradeFreedom Securities, had as of yesterday promised to restore her account to the state it was in before the intrusion. But her experience has led her to wonder if she'd be better off with a broker that offers a security guarantee against losses from fraud. Her brush with a hacker began two weeks ago when she was unable to log into her account online. She said she was told by her broker after calling in that someone had gained access to her account, sold her holdings and purchased 11,400 shares of SourceForge Inc., an Internet company. She recalls being told that her account had been frozen when TradeFreedom's internal systems noticed some trading anomalies. Presumably, the fraudster was trying a version of the pump-and-dump scam, where big purchases are used to bid up the price of a stock. The fraudster then sells his own personal position in the stock, taking advantage of the upward price move. SourceForge's share price didn't tank after the unauthorized purchases in the woman's account, as sometimes happens. However, she said she missed out on a rise in a core stock in her portfolio that was sold by the hacker. "What gets me is that it was my intention not to sell the stock," she said. The key question here, of course, is how a hacker got access to the woman's username and password, which are needed to access an account online. Experts say your personal data can be stolen if you click on strange e-mails that introduce spyware or viruses to your computer, but the woman said she has anti-virus software on her computer, and that she hasn't opened any suspect e-mails. TradeFreedom is still investigating. So it goes with security problems such as these. It's difficult to know exactly how they happened and who's at fault. If you're victimized, all you want is for the problem to go away. This brings us to security guarantees, which are now fairly standard in the credit card world through zero-liability policies that eliminate the risk of having to pay for fraudulent transactions. In the online brokerage world, security guarantees are slowly starting to catch on. Among the firms that offer them are TD Waterhouse, the country's largest online broker, RBC Direct Investing, E-Trade Canada and Qtrade Investor. Note: these guarantees are not bulletproof. They may require you to notify your broker within a few days of an account intrusion and to co-operate fully in providing information to your broker. Also, they may not cover you if you failed to take reasonable precautions to keep your account safe. Still, having a security guarantee at least suggests a level of commitment to protecting clients against fraud. Without one, customers can't be sure of where they stand if they've been victimized. Consider the case of the woman whose account was hacked - she said she was told initially that TradeFreedom would not restore her account to the way it was before the intrusion. Then, the firm decided to step up. "Generally, our policy is if a customer has unknowingly or unwittingly been victimized, we help the customer out," said Bruce Seago, TradeFreedom's president. People in the investment industry say online fraud isn't a major problem in Canada, but the situation in the United States suggests it could easily get worse. E-Trade Financial's annual report says the company's fraud losses tripled to $31.2-million (U.S.) last year. Your first line of defence as an investor is to take all possible precautions. Then, on the off chance a hacker nails you, consider using a broker with a security guarantee. Take it from a woman who has lived through the experience of being a victimized investor: "There's enough risk out there without this sort of thing happening." PROTECT YOURSELF Here are some suggestions for protecting the username and password required to log into your online brokerage account. This personal data can be captured by hackers who use it for frauds that involve unauthorized trading in your account. * Don't share your username or password with anyone. * Avoid accessing your account using wireless Internet access in a public place. * Use anti-virus and anti-spyware programs on your computer, and keep it updated. * Steer clear of "phishing" e-mails, which direct you to phony websites where you're asked to provide your username and password. * Be cautious in clicking on attachments in e-mails. * Clear the cache on your Web browser after logging out. * Review your account statements to ensure all transactions were authorized by you. Source: TradeFreedom Securities ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Tue Aug 14 2007 - 23:24:08 PDT