There is a thread over at Bogleheads about a man who lost his $52,000 IRA to someone who could pass all the 'security information' checks, along with transfer documents notarized in LA and a bank account opened in the southeast in his name.
With all the focus on securing your credit after the Equifax hack I hadn't considered the impact on retirement accounts even though its potentially far worse. While some institutions guarantee your investments with them against fraud if you complete certain steps to qualify there is nothing required by law meaning many don't offer any protection at all beyond cases of their own negligence. There's probably more authority interest due to the notary and bank account involvement but that won't be too helpful if your institution has no guarantee and the thief spends all himself down to $0 before being caught.
With that in mind its probably worth changing security questions that are linked to personal information to a different question or at least to something nonsensical. "Where were you born?" "Business card"
Looks like my institution offers 2FA for computers and voice recognition* for calls so I'm going to enroll in those and take a look at the security questions we have setup.
*The fall back if the voice isn't recognized is still security questions but its an additional level of deterrent and warning.
With all the focus on securing your credit after the Equifax hack I hadn't considered the impact on retirement accounts even though its potentially far worse. While some institutions guarantee your investments with them against fraud if you complete certain steps to qualify there is nothing required by law meaning many don't offer any protection at all beyond cases of their own negligence. There's probably more authority interest due to the notary and bank account involvement but that won't be too helpful if your institution has no guarantee and the thief spends all himself down to $0 before being caught.
With that in mind its probably worth changing security questions that are linked to personal information to a different question or at least to something nonsensical. "Where were you born?" "Business card"
Looks like my institution offers 2FA for computers and voice recognition* for calls so I'm going to enroll in those and take a look at the security questions we have setup.
*The fall back if the voice isn't recognized is still security questions but its an additional level of deterrent and warning.
Facebook
Twitter