Big Problem with Vanguard

After reading alpha wolf’s post, I just went into “settings” at vanguard and pushed the “text me” command for all account activity. As a retired attorney, I am not sure how I missed that all these years.

6 Likes

Wasn’t me but I’ve been reading this thread with great interest.

I use Fidelity and froze my accounts a while back. We have checks we can use on one of our after-tax accounts, but we’ve never used the check writing feature. After reading this thread, I’m thinking of getting rid of the “check” feature just to be more secure. After all, I already have a checking account at my bank.

2 Likes

I asked the Vanguard fraud guy about filing a complaint with the SEC and FINRA. He said he wouldn’t dissuade me from doing so, but nobody looks at a physical Driver’s License anymore. Everything is done online with an emphasis of making it convenient and easy to open an account. They’ll check your name and address against a database of known fraudsters, but that’s about it.

intercst

3 Likes

This doesn’t sound kosher. Know Your Customer laws say you have to verify ID. Maybe there are work arounds for it.

1 Like

Yes. Apparently the work around is checking the new customer’s name against a database. The “Know Your Customer” rule is being optimized for maximum Executive Compensation.

The police agents in this arena are the Errors & Omissions insurers. The brokerage firms just needs whatever identify verification process the insurer will accept to write coverage.

intercst

5 Likes

emphasized text [quote=“intercst, post:43, topic:108398”]
He said he wouldn’t dissuade me from doing so, but nobody looks at a physical Driver’s License anymore.
[/quote]

====

This doesn’t sound kosher. Know Your Customer laws say you have to verify ID. Maybe there are work arounds for it.

+++++++++++

THE REAL Answer

The REAL ID-compliant driver’s license or identification card will be required to board domestic airline flights starting May 7, 2025

. This is the new deadline set by the Department of Homeland Security after multiple extensions, with the most recent extension moving the date from May 3, 2023 to May 7, 2025

That’s great if you’re standing in a TSA line at the airport waiting to board an aircraft. How does it work if you’re opening a brokerage account online?-- which is how most accounts are opened today.

intercst

5 Likes

America has a long history of NOT having secure ID.

Partly this is just traditional USAian leave me alone and do not track me — mostly incompatible with the modern world but not idiotic.

Mostly, this is the result of decades of employers wanting to keep IDs weak and useless so as to excuse their illegal recruitment of ineligible workers.

d fb
(I am becoming repetitive, but this is a glaringly obvious, totally boring (IDs are not associated with travel and adventures but with DMV offices), crucially important issue,)

8 Likes

Much changed with IDs in the US after 911. The attackers were able to get drivers licenses in NJ.

The ID required to get on an airplane is much more thoroughly checked today. In Missouri new drivers license requires a stack of documents including a utility bill with your name on it. A problem for some spouses.

1 last comment from me: fido rep had told me that when I want to make an xfer, go in and unlock mtl, then make xfer, then wait a business day and then go back in and do a mtl-lockdown.

I made an xfer, and then approximately 1 hour later went in and did the mtl-lock. Just verified that the xfer that I did went thru, the funds have shown up in the account ( which is with another institution ).

So leaving mtl off for 1 full day may not be necessary.

6 Likes

I locked at Fido too, following your post.
I also had it out with that D–n Chatbot/then person at Vgd.
He will further my “suggestion”.
I will not hold my breath.

1 Like

The devil is in the details. KYC requires “verification” but verification does not appear to be well defined. “Verification” appears to be no more than a requirement that the customer provide it, not that it is actually confirmed as valid.

6 Likes

It’s that “due diligence” thing they talk about. We asked him to spell his name and we asked him his phone number. They matched.

I do this every month. Probably takes 3 to 4 minutes to unlock, make the transfer and then relock the account. I’ve never had a problem with a transfer not processing.

1 Like

The closest I came to be looted by fraudsters was from a smallish old California bank, now long ago subsumed into Wells Fargo.

The fraudster did not “seem right” to the bank teller, despite presenting DMV ID that matched me, and of my same age size hair and skin color. She called a senior teller over, one who knew me fairly well, who immediately DID press to acutally verify by asking “Were you at D&W or Topanga last Thursday?” Trick question, as she knew I only surfed “dawn patrol” at El Segundo, shunning my childhood beach and other popular breaks on work days, so as to be able to get to work on time.

The guy ran off. I changed my financial security methodologies. Now I am an old codger sighing about “the good old days when tellers knew their customers”.

Sigh.

d fb

7 Likes

Working in the financial industry, where I live the following is industry standard, most if not all mandated through regulations:

  • KYC (know your client) - including identification/ obtaining proof that you really are who you claim you are, especially when you open an account
  • Identification of who passes orders on your account
  • Systematic fraud monitoring/ detection, especially for suspicious transactions that don’t fit into past patterns
3 Likes

Well, I just went over the salient points of this thread with my brokerage and they said (no it’s not E.F. Hutton) if the same thing happened there I wouldn’t get any indication, not even an email, unless, like intercst, I just happened to check my account at a fortuitous moment. And the guy I talked to actually went to check on it to make sure, then came back sounding incredulous.

7 Likes

Well, I just went over the salient points of this thread with my brokerage and they said (no it’s not E.F. Hutton) if the same thing happened there I wouldn’t get any indication, not even an email, unless, like intercst, I just happened to check my account at a fortuitous moment.

So the takeaways from this thread appear to be these…

From the brokerages’ perspective, they seem to have concluded:

  • this doesn’t happen very often
  • the brokerage will be on the hook to unwind a fraudulent transfer in 99% of the cases
  • the time and money required to unwind a fraudulent transfer is orders of magnitude less than the time and money required to re-design our validation and execution of transfer requests
  • the fact the customer can’t USE their money while we recover it isn’t our problem
  • ergo we’re not going to fix this problem

For individual consumers, we’ve learned the following:

  • some banks and brokerages DO have mechanisms for completely blocking all transfers (at least outgoing…)
  • some banks and brokerages DO have alert mechanisms that can send you a text to a contact cellphone and/or email any time an incoming or outgoing transfer is requested (it’s an ALERT though, not a verification that can STOP it)

These factors would appear to suggest a few possible strategies for different types of customers.

If you are not a day trader dependent on having your assets IN your account available for trading 24x7 and you aren’t particularly nervous, maybe this isn’t a problem. You leave your money where it’s at and assume your institution WILL make you whole if the worst happens.

If you are less confident in a financial institution’s eagerness to correct its error or don’t like the idea of your money being in limbo while your institution attempts to unwind a fraudulent transfer, you have a few alternatives. You can split up your assets and spread them across multiple institutions, hopefully moving some of that money to institutions with better controls and alert mechanisms. You can also CLOSE your account at any institution that provides neither controls or alerts and move those assets to one that does.

This entire thread has been quite the education, in the worst sense. The fact that account transfers out of brokerages don’t REQUIRE two-factor authentication, maybe even 2FA between the owner and system and a third factor verfication by the institution CALLING the customer and requiring human verficiation is INSANE, especially when every one of these institutions should already support 2FA for logins to their portal. It should be a one week development effort to add 2FA to a specific transaction. The fact these firms can’t be bothered to do that is pathetic.

WTH

19 Likes

I think that eventually everyone will use a secure digital ID like the CA DMV pilot program.
You will get some form of request to verify your ID, then you’ll go into the Driver’s license app and share only the required info, or just verify it is you.

The app has several safeguards to make sure it is you when you install it and they disallow multiple installs.
IIRC the safeguards include taking photos of your DMV Real ID front and back and then doing a 3D video scan of your face plus some other questions.

See more here:

One of the main uses is to verify your age (buying alcohol or getting into a over 21 club, etc.) but doing it such that all the viewer gets is a photo and an over 21, yes or no, but can’t see your birthday or address or other personal info.
(When you launch the app it IIRC it runs its own face ID or fingerprint scan)

Mike

4 Likes

Vanguard restored the fraudulently transferred mutual fund shares to my account this evening. That’s 2 weeks after the fraud occurred.

intercst

10 Likes