Hackers Defraud Online Brokerages of Millions of Dollars

Government officials have launched investigations into fraud cases that are costing electronic brokerages millions of dollars.

Two of the largest e-brokerages are reporting computer hacking incidents in which criminals apparently manipulated client accounts at TD Ameritrade and E-Trade Financial.

TD Ameritrade estimates its third quarter losses at US$4 million. E-Trade revealed last week that the company lost about $18 million to fraudsters between July and September. The largest brokerage, Charles Schwab (Nasdaq: SCHW), said its losses were not significant enough to disclose on its financial reports.

The Root of the Problem

Ameritrade and E-Trade could not immediately be reached for comment, but the firms have said publicly that their internal computer systems have not been hacked.

Ameritrade also reported that much of the fraud occurred overseas while clients were using public computers infected with spyware or wireless connections. User IDs and passwords were stolen.

Fraud committed against E-Trade customers appeared to be concentrated in Thailand and eastern Europe, Chief Executive Mitchell Caplan told analysts during a conference call last week.

Illustrating a Negative Trend

TD Ameritrade and E-Trade reimbursed customers for their losses in what appears to be an industrywide plague. The trend coincides with data that security software maker Symantec (Nasdaq: SYMC) released last month: hackers are increasingly turning their attention to financial services firms.

In fact, according to Symantec's latest Internet Security Threat Report covering new and ongoing security threats from Jan. 1, 2006 through June 30, 2006, financial services businesses were most heavily targeted by phishing attacks, with those firms' sites sites accounting for 84 percent of all phishing-targeted sites Symantec tracked.

The Federal Bureau of Investigations and the Securities Exchange Commission are investigating the brokerage fraud cases, but neither organization was immediately available for comment.

A Deeper Issue

Identity theft is still the chief concern among consumers contacting the Federal Trade Commission. However, the greater risk to falling victim to identity thieves occurs offline.

Indeed, headlines may talk of phishing e-mails, keylogging software and database breaches, but more than 90 percent of identity fraud starts offline in the form of misplaced passwords, stolen bank statements and other paper documents, according to Javelin Strategy & Research.

A 2005 Javelin survey reveals that for half of the victims of identity-based fraud who knew where their information had been obtained, the most common source was a "lost or stolen wallet, checkbook or credit card."

The Big Picture

"Clearly, people still need to be careful in all of their dealings, but the largest area of risk is still paper-based risk and it's friends and family and people you know," Anne Wallace, executive director of the Identity Theft Assistance Center, told the E-Commerce Times.

"The key message for consumers is really to think about your personal information as money because it is in a sense," she continued. "Identity thieves access to your assets comes through personal information."

In the grand scheme of risk management, Wallace is concerned that consumers may not be focusing on where the real risks are, which could cause identity theft rates to continue rising. With Javelin reporting that victims of identity theft lost a collective $56.5 billion last year, that's not good news for consumers, financial service firms, or the agencies who insure them.