piesang

Saturday, September 16, 2006

Ameritrade account compromised

OK, so I'm pretty crap at this blogging thing.
Where do people find the time? Something happened to me a while ago, that I feel duty-bound to share with others. It's taken me ages to post this, the events described below, happened around September 2006. Better late than never...

This is a personal horror story, almost resulting in the theft of my life-savings.
I have an account with a US online broker called TDAmeritrade. Originally opened the account with Datek, who was later bought by Ameritrade, who subsequently merged with TDWaterhouse to become TDAmeritrade.

Around September last year I receive an email from Ameritrade stating that the email address on my account has been changed. I did not submit this instruction, so I call their helpdesk immediately, the person I speak to verifies my identity with a few security questions and changes it back to the correct address. I follow up with an email asking for a full investigation into how the address was changed. Turns out they received a faxed letter purporting to be from me requesting the change with my signature on it. Ameritrade suggest in their emailed correspondence that I add additional security to my account by setting a verbal password.
I leave it at that and don't get around to writing them with my verbal password.
Verbal password, pffft. Gimme encryption!

A week later I start receiving e-mail confirmations of trades against my account. Within a few minutes half my portfolio has been liquadated. These trades were cunningly timed to fall outside my office hours in South Africa. Fortunately I was working late and picked up on it. I immediately call the Ameritrade callcentre, the person I speak to asks for the verbal password, I state that I haven't set one, they insist that I have and that they can't do anything for me unless I provide it. Shock horror, I ask to speak to a manager, after a bit of bickering I get put through to one. I explain the situation to the manager, he says that he is in a quandry, his compliance people aren't in and he has no way of knowing that I am who I say I am, since I can't speak the verbal password. Just in case I speak the truth, he agrees to put a freeze on my account so no funds can leave and asks me to call back when the people from their compliance-desk will be in.

I compile a letter with all my personal detail, previous addresses, names of my pets, details of my education etc. and fax it to Ameritrade. I follow up with a call to their compliance people, who give me the indication that I'm not the first individual this has happened to. Over the next few days in dialog with msrs. Jerry Stowers and Jeff Plummer, I:
1) Confirm that my account was compromised. (After reading of the lost tapes debacle, I ask if this is related and am told, probably yes.)
2) Find out that there was a pending wire transfer to an account held at the Bank of China, which was thwarted by the freeze.
3) Get Ameritrade to reverse all the trades on my account that I hadn't instructed.
Have them open a new account in my name and change all my security details.

I have read a number of posts about people being spammed on e-mail addresses they only gave to Ameritrade. This one spells it out pretty clearly.
My case proves that the lost-data problem probably extends to more than just email addresses. The folk that attempted to steal my money, had all my detail and were able to forge my signature on faxed correspondence with Ameritrade.
I don't know if I was targeted because I don't live in the US and as such am probably not protected by the same laws as most other Ameritrade account holders.
Ever tried reporting an attempted cybercrime in South Africa?

This scared the crap out of me. I considered closing my account with Ameritrade and moving it to another broker, but decided not to, since I did not want to go through the schlep inherent in opening an account with a US broker as a foreign national again.

I hope that other souls out there who have had a similar experience stumple on this post. I hope this contributes in some small way to getting Ameritrade to clear up their act.
Sincerely,
Piesang

Labels: