You have to forgive the modern consumer these days if they’re a bit skittish when handing over their personal information. Security is a top concern right now, in the wake of the Equifax data breach.
The massive hack exposed as many as 145.5 million people to identity theft and has put the financial world on its heels. And so a guarded approach is warranted.
Of course, we’re still swiping away with our credit cards and performing billions of financial transactions online. But the recent events have brought some burning questions to the forefront: Namely, how safe is my personal info and the money I’ve worked so hard to save? And exactly what safeguards against future data breaches are in place at our various financial institutions?
Is your money safe from hackers in banks and brokerage houses?
If you’ve read the fine print on any bank’s literature (or seen some commercials), you’ve familiar with the words “Member FDIC.” Virtually all banking institutions in the United States are members of the Federal Deposit Insurance Corporation, or FDIC.
The agency insures many of the accounts we use every day, such as our checking and savings accounts, money market deposit accounts, certificates of deposits (CDs) and money orders and cashier’s checks.
What is the FDIC and how does it work?
When a person’s identity is stolen or if their account is hacked, does the FDIC cover them? Not directly.
The FDIC’s role is to stop bank failures, an immeasurably important duty that is necessary to maintain public confidence in the U.S. financial system.
The FDIC’s website has a plethora of information about cybersecurity and how to safeguard your personal info, but the agency offers no reimbursement guarantees. Instead, it directs consumers to “contact their state, local, or federal consumer protection agency” if they suspect any suspicious activity.
Now, if a bank gets dangerously close to insolvency and is in danger of failing, the FDIC will buoy that institution, indirectly benefiting consumers who have their money tied up with that bank.
Do the major banks offer identity theft guarantees?
Speaking of banks, they all virtually have some protections in place for consumers, but you may be surprised at how some of the major institutions talk about data breaches.
Wells Fargo Bank says this on its website: “We guarantee that you will be covered for 100% of funds removed from your Wells Fargo accounts in the unlikely event that someone you haven’t authorized removes those funds through our Online Services. To qualify for this guarantee, you must follow Your Responsibilities.”
Those “Responsibilities” include taking reasonable steps on security no later than 60 days after the bank sends you a statement which has a discrepancy on it.
Citigroup says it will cover its financial customers “for the full amount of the loss for which you’d be responsible for under Federal Banking Regulations.” The bank will also cover the loss of any interest, overdraft charges and returned check fees.
Bank of America says if you’re a victim of identity theft, “we’ll cancel your card and issue a replacement immediately. You won’t be liable for any fraudulent activity.”
JP Morgan Chase has plenty of information available to customers about identity theft, including an “Identity Theft Tool Kit,” but the bank reserves the right to decide how it handles individual instances on a case-by-case basis.
What are brokerage houses and are they data-breach safe?
In addition to banks, many people have their money invested with brokerage houses. Brokerage houses are financial institutions that help you buy and sell securities.
Brokerage products are generally not insured by the FDIC, but instead by the Securities Investor Protection Corporation (SIPC), which helps protect account holders if a brokerage firm gets into financial trouble – but there are limits.
I reached out to the SIPC and asked them if they covered customers hit by data breaches. “SIPC’s role and responsibilities are as defined under the Securities Investor Protection Act (SIPA),” the agency said. “Under that law, SIPC only becomes involved when a SIPC member brokerage firm is eligible for liquidation under the Securities Investor Protection Act. If you discover that your account has been hacked or your securities or cash have been stolen, you should contact your brokerage firm, the SEC, FINRA, your state securities regulator, and/or law enforcement authorities.”
Here are the protections in place, as stated by the major brokerage houses:
TD Ameritrade says on its website: “If you lose cash or securities from your account due to unauthorized activity, we’ll reimburse you for the cash or shares of securities you lost.” Ameritrade says that it will stand by its policy “if you work with us,” including doing all you can to reasonably secure your information and cooperate with any investigations they launch.
Vanguard says this on its site: “Our commitment regarding online security is simple. If assets are taken from your account in an unauthorized online transaction on Vanguard.com®—and you’ve followed the steps described in the Your responsibilities section below—we will reimburse the assets taken from your account in the unauthorized transaction.”
Those “responsibilities” include reviewing your account regularly, protecting your computer and not engaging with suspicious emails. They also ask that you cooperate with them and safeguard your username, password and other associated info on Vanguard.com.
Similarly, E*Trade Financial says that it “will restore to your account cash and/or shares of securities equal to the amount of cash and/or shares of securities in your account at the time of any unauthorized activity.” The company guarantees “$0 liability for unauthorized use” relating to all trades and funds transfers.
Fidelity says that for its policy to stand, customers must actively review their accounts and report any suspicious activity no later than 30 days after it is discovered. Customers also “must adopt Fidelity’s recommended security practices” at Online Security at Fidelity. Safeguards there include having a strong firewall, encryption activated and secure email.
Charles Schwab, another leading brokerage firm, covers all of its customers’ losses in the event of a “unauthorized activity,” including a hack. “Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity,” the company says on its website.