Don’t worry the CEO is well-paid now.
Going through unshredded garbage?
That Bogleheads thread is frightening. I didn’t realize that Vanguard will approve a $900,000 asset transfer to another firm without giving me a heads up.
Yes. In the past I seem to remember needing to go to my bank and getting a signature guarantee on a Vanguard form to move an account from another firm. Has that safeguard been eliminated?
I don’t put any account information in the garbage. And the virus check I did on the one computer I use to access financial accounts came up clean. I don’t use my smartphone for any financial transactions. The Vanguard fraud guy I talked to said that someone may have put a virus on my computer that captures what you type on the keyboard. But there is never a situation where I need to type a Vanguard account number to make a transaction – it’s just point and click. I don’t believe I’ve made a transaction in the account that was pilfered since it was opened 11 years ago. It was all long-term buy & hold mutual fund accounts. Strange.
intercst
8 Likes
An alarmingly relevant, sickmaking, terrifying, signifying thread.
Thank you all.
d fb
6 Likes
From what I can tell, Vanguard does not have a similar MTL (Money Transfer Lockdown) feature.
It’s not Money Transfer Lockdown that I’m worried about. It’s broker to broker asset transfers like when you move your whole IRA from say Vanguard to Fidelity or Schwab. If they are not routinely notifying me when something like that is happening, there needs to be a way to shut that whole function/feature down.
intercst
6 Likes
I hope roboticowl’s analysis is correct. The bogleheads thread is a must read.
1 Like
Yes. I saw that.
{{ Re: Vanguard Security Issue? No verification required to transfer securities
Post by RoboticOwl » Sat Dec 25, 2021 3:24 pm
The carrying firm is always primarily liable to its customer if it complies with an ACATS request without confirming it with the customer. 6 Fed. Reg. 207 note 4.
{{ In other words, Vanguard is responsible to me for any loss if they comply with an ACATS request without confirming it with me. It’s astonishing to me that Vanguard would risk a $900,000 loss without sending a confirmation e-mail before moving the funds. But I guess that’s how the new guys roll.}}
The receiving firm is liable to the carrying firm for submitting an unauthorized ACATS request. The TIF Immobilization Program Agreement, which all ACATS participants enter into, includes a comprehensive, bulletproof indemnification and hold harmless provision.
So short answer: you, the customer, don’t have to worry. The carrying firm, the receiving firm, and their E&O insurers very much do have to worry, but they will sort it out. }}
intercst
6 Likes
Tax prep software breach perhaps? That would give the bad guys everything they need.
We have multiple accounts at multiple brokerages. More accidental than planning and I’d thought of consolidating some. I’m rethinking that.
7 Likes
intercst, thanks for posting this ! I read the Boglehead link posted downthread as well. After reading this, I activated the MTL on my fido account, after talking to service rep. The rep told me it is not a problem at all to deactivate the lock in order to do a once a month xfer, he did advice waiting 1 business day before reactivating lock, so that xfer does indeed take place.
With all of the data breeches involving ss#'s, the odds are pretty high that my # is out there either now in the hands of crooks, or will soon be in the hands of crooks. I had received notification from my CU a couple of months ago, that the firm that compiles the monthly report all customers get had been hacked ( the CU had not been hacked, just the firm that formulates the report. But since ss#'s and other info is part of the data that the form compiler has access to, it is a near certainty that my ss# security has been compromised ).
Are hackers able to pirate text messages that are sent to your phone number, as part of 2FA ? I have not heard of this being an issue ( yet ,lol ), but just wondering if anybody has heard of that happening.
2 Likes
You should be sure to file an official complaint with that firm if you have not done so. They are required to substantiate you through at least 2 forms of ID. It is unlikely they verified that ID. It is unfortunately not uncommon for someone to use a fake ID with fake data (not your real DL#) and the firm will not verify that it is real.
Might also consider a complaint with the SEC and FINRA.
6 Likes
To recap, just so I am feeling this right:
-
These easy brokerage swaps have no legal mechanisms to prevent them
-
Most brokerages/mutual fund companies have an authentication protocol to intercept them e.g. emailing the customer immediately when account activity occurs. In this case, VANGUARD DOES NOT (Because there is no one forcing them to)
-
In the end the customer will not lose the money because there are laws assigning responsibility for these things.
I can still see how this can be circumvented but it would be more complex and require the perp to have almost all your vitals. Not impossible.
1 Like
Re: How they get account info
In the good old days when they mailed account statements the info was reasonably safe from poachers. But now papers are emailed. Are they encrypted?
Same problem with checks. Magnetic ink made copies easy to detect. But photo deposit removes this safeguard.
Maybe the old paper way is safer. Fraudsters are clever at learning new methods.
2 Likes
Speak for yourself pilgrim.
hmmm 
Steve
Does anybody have a list of brokers that do notify their customers? I may switch my Vanguard account if I find a safer alternative.
2 Likes
Ahh, so they opened an account at Denver in your name and your SS number? I really need to be on the lookout for that.
When it comes to brokerage accounts, this can’t be correct. Because during the time you lose access (to money, shares, trading, etc), you can’t make trades you may want to make. And they don’t reimburse you for trades you couldn’t make.
2 Likes
That’s a possibility. I use TurboTax and download my Vanguard data into the program. That would have all the account numbers.
intercst
3 Likes
Where in Turbotax do they put “all the account numbers” from brokerage accounts?
Ahhh, I see it in the 1099-B worksheet! Why would they do that??? Stupid.
Well, at least in this case. It was an account I never trade, so as long as Vanguard restores the same number of mutual fund shares to the account , I’m fine.
But yea, if you’re a trader, it’s different.
intercst
Because many brokerage reports cover multiple accounts: IRAs, Roth IRAs, 529 plans, etc. Account numbers do make clear which one you are looking at. Or of course you could give them nicknames. But does that resolve the issue?