Preventing fraud in online brokerage accounts
Who do you trust with your money?
Unauthorized access to accounts in the online trading industry should never be taken lightly and definitely leads to malicious or criminal activity, which not only concerns personal user data, but also financial transactions and the safekeeping clients’ money.
Real Money = Real Risk
The concept of online trading is simple: It’s the act of buying and selling financial products through an online platform. These platforms are normally provided by internet-based brokers and are available to any person who would like to attempt to money from the markets. Although online trading itself is risky, there is another risk associated with online brokerages --user security. In the last few years, there have been too many incidents where online trading firms have been hacked, personal user data, including credentials, compromised, and financial damage ensued.
For example, Scottrade suffered a breach in 2015, affecting 4.6 million customers, with hackers walking away with client credentials and contact information. In 2016, hackers cracked a Hong-Kong-based brokerage firm, causing $20 million in financial damage.
While these scenarios are different in many ways, like how long it took the hack to occur, technique, time to breach discovery, and damages, they have one key similarity. In both cases, it’s noted that if accounts were protected by two-factor authentication, the attacks may have been thwarted, or accounts could have been protected from further damage. Yet many brokerage accounts can still be accessed by simply entering a username and password, gaining access to sensitive data and initiating fraudulent withdrawals.
Passwords aren’t enough
Passwords are vulnerable to eavesdroppers on cafe and airplane WiFi networks, data breaches, and to phishing attacks. Regardless of the trading platform, it’s important to acknowledge the vulnerability; based on the trend, any brokerage firm could easily be next. When it comes to financial damage, there is no universal policy as to whether a client is indemnified after a cyber-attack drains an account. And if there is indemnification, who knows when the money comes back, or whether potential market gains are included. Whether the company decides to reimburse a client who loses money is a decision that a firm makes (information regarding policies around breaches should be available on every broker’s website.)
Better be safe than sorry
In order to keep bad guys away in the first place, implement two-factor authentication. Today, it is offered by most brokerage firms, and in fact, in Singapore, it is already made mandatory for all online trading platforms.
Then it’s up to the users. 2FA provides an extra layer of account protection. Rather than simply authenticating while singing into an account, 2FA requires additional verification if certain actions are taken, like a change in contact information, fund transfers, or withdrawals.
It may also send an alert if the account password, email address, or phone number is changed, so users can react if they didn’t update the information.
Turning on 2FA is clearly worth the extra security for brokerage accounts. 2FA is generally available in the account profile, security settings, or through calling customer service. If the online brokerage firm does not offer two-factor authentication, it’s time to suggest it, as it may save everyone quite a bit of money and time.