Robbery on the Electronic Highway ONLINE BROKERAGE FIRMS: THE NEWEST TARGET

The age of electronic information, for all of its upside, does have a downside – it takes something extremely valuable and turns it into something incredibly portable. This makes electronic information not only the best thing to happen to business since the telephone, it also makes it the perfect target for thieves. Information theft, particularly identity theft, is a fast-growing problem that affects millions of people around the world. It takes many forms, from “phishing” schemes targeting individuals with online shopping accounts, to mass information theft from large databases where sensitive consumer information is stored. But there’s a new game in town for information thieves – a sophisticated fraud scheme that has been targeting some of the world’s largest online brokerage firms.
In recent months, overseas hackers broke into customer accounts at major U.S. online brokerages and made trades worth millions of dollars. Ameritrade Holding/TD Ameritrade, the third largest online broker, reported that this new form of online fraud cost them $4 million in Q3 2006. E*Trade Financial Corp, the fourth largest online broker, reported that fraud losses increased by $18 million in that same quarter. Both companies reimbursed customers for losses despite the fact that brokerage accounts are not protected by the Federal Deposit Insurance Corporation (FDIC) and other rules that protect banking customers. The Federal Bureau of Investigation (FBI), National Association of Securities Dealers (NASD) and the U.S. Securities and Exchange Commission (SEC) are working to determine the cause of the fraud, which is being classified as a “pump and dump” scheme – one of the several increasingly popular information theft scams, often initiated from locations like Eastern Europe and Thailand.
In a pump and dump scheme, information thieves steal passwords for victims’ online brokerage accounts, then use this information to purchase stocks using the hijacked accounts. In recent cases, thieves purchased a large number of shares of small-cap low-volume stocks using an existing brokerage account, then liquidated the assets of the hijacked account and used the proceeds to purchase the same small-cap stocks. This drove up the price of the original shares so that the thieves made a profit when they sold the previously purchased stock. Not only was this very profitable for the thieves, it was a clean theft since the stock market essentially laundered the proceeds. In addition, pump and dump schemes may go unnoticed at the brokerage firms because funds are not withdrawn; they’re used to purchase stocks.
Regulators say they’ve seen an increase in pump and dump schemes over the last few months, along with another type of brokerage scam where thieves fraudulently obtain a customer’s log-in credentials, liquidate the account and wire the proceeds to offshore banks.
The experts believe that in recent cases, the passwords were acquired by installing keystroke-logging software on public-access computers, located at Internet cafés or hotels, or by tricking users into installing keystroke-logging software on their own computers. Once the software was installed, the thieves waited until the user typed their user name and password. The software then sent the information to the thieves via the Internet.
Thieves are also obtaining passwords and other sensitive personal information by using “screen-scraping” software. This technology captures whatever is on the screen and sends it to the perpetrator. “Phishing” is another popular method for obtaining account information. It uses e-mails that appear to be from trusted institutions to get users to visit bogus Web sites, where they are encouraged to log in, thus revealing sensitive information. Thieves will also use phishing scams to encourage people to unknowingly download keystroke-logging software.
With the number of incidents rising over the last year, it’s clear that this problem is only getting worse. At an industry conference in Phoenix on October 5, John Walsh, chief counsel in the SEC’s office of compliance inspections and examinations, publicly recognized this growing trend and acknowledged that hackers’ attacks have grown in sophistication.
While brokerage firms are responsible for protecting the sensitive information in their care, some of the responsibility for keeping personal account information safe lies with consumers. According to John Gannon, vice president of investor education for the NASD, consumers should be monitoring their accounts for any unauthorized trades. It’s likely that consumers will start feeling some of the heat generated by these fast-growing crimes as the industry may be looking to consumers to share the burden of protecting their sensitive information.
There are several things consumers can do to help keep thieves out of their online accounts. The SEC has published a guide called Online Brokerage Accounts: What you Can Do to Safeguard Your Money and Your Personal Information. You can find it online at www.sec.gov/investor/ pubs/ onlinebrokerage.htm. This guide provides helpful information on scams and how to avoid them, and includes tips on how to protect yourself online and how to know if your identity has been stolen.
But while consumers are the first line of defense, they are not the only factor in preventing online fraud. Although the online brokerage firms have demonstrated exemplary behavior towards their customers over the last few months – reimbursing them for the losses they incurred – it’s obvious from the attacks that the fraud monitoring systems that these firms have in place can be circumvented.
Fortunately, there are a host of security technologies, including new data activity monitoring and behavioral analysis solutions, that can be added to the lines of defense already in place at many firms to identify suspicious activity. It’s safe to say that reputable online brokerage firms will do everything in their power to avoid future mishaps. Breaches such as these are very expensive. Beyond the obvious losses they incur when they reimburse millions of dollars to customers affected by fraud, this is also a customer-retention and a brand equity issue.
Ultimately, the solution to brokerage fraud lies in consumers and institutions working together to address the problem. Consumers must stay informed and take the necessary precautions to protect account information and passwords, as well as closely monitor the activity in their accounts. Institutions must make sure that the layers of technology are in place to know what’s really going on with the valuable assets in their care. There will always be bad guys to be dealt with where valuables are concerned, but despite malicious hackers and information thieves, the upside of the electronic information age still far outweighs the downside.

—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life.