Feed aggregator

We’re upgrading Dynamic Search Ads to AI MaxWe’re upgrading Dynamic Search Ads to AI MaxDirector of Product Management, Google Ads

GoogleBlog - 4 hours 55 min ago

AI Max is moving out of beta, with improved performance quality across targeting and creative capabilities along with more enhanced controls.AI Max is moving out of beta, with improved performance quality across targeting and creative capabilities along with more enhanced controls.

Categories: Technology

Brokerage Fraud, Two-Factor Authentication, & Security “Guarantees”

MyMoneyBlog.com - 10 hours 20 min ago

Fraud attempts seem to be coming at us 24/7, and this story of a couple losing $180,000 from their brokerage account was very sad. However, what really caught my eye is that not only could they not track down the funds (where was it withdrawn to? shouldn’t they only let you withdraw to a linked bank account?), Tastytrade only agreed to reimburse half of the $180,000 stolen from their account. Their reasoning was that the customer did not sign up for two-factor authentication (2FA), even though it was available.

In an email exchange, Tastytrade confirmed that the “intrusion” took place, but said it wasn’t the company’s fault, because the couple failed to sign up for an optional two-factor authentication protection.

“We rolled out this additional security feature to mitigate the risk of this occurring to our customers,” the email from a fraud manager read.

“I know that this was an option, but it was never made mandatory,” Erez said.

I hadn’t heard of this as an excuse before, but it is definitely something worth nothing. While I feel like 2FA with text codes are sort of the minimum level of security most people should maintain, I also feel that a broker needs to provide clear notice if it absolves them of liability. Either that or simply require it.

I found another example of a $37,000 Tastytrade hack, this time from a customer who claims they did enable 2FA. This time Tastytrade denied all liability.

We see that your username and password was obtained by the nefarious party outside of the control of our Firm. Because of this, we will unfortunately be unable to extend any relief or concessions.

Many of the major brokerages offer security guarantees (although I could not find one for Tastytrade!), for example the Fidelity Customer Protection Guarantee and Vanguard security promise. I looked and Fidelity and Vanguard do not explicitly require you to use 2FA, but I’m also not sure if 2FA is already required of everyone. I would note that none of these “guarantees” or “promises” will apply (as far as I’ve seen across the major brokerages) if you got tricked into giving out your password:

Fidelity will reimburse you for losses from unauthorized activity in your Covered Accounts occurring through no fault of your own.

What are examples of when I won’t be covered?
If you grant access or authority to, or share your Fidelity account access credentials or information with, any persons or entities, their activity will be considered authorized by you and not covered by the Customer Protection Guarantee.

The problem is, how do they know how the hackers got the password? What if it was obtained from an inside job from a brokerage employee, or an undiscovered hack?

Photo by Dan Nelson on Unsplash

Categories: Finance