ID Thefts Slam Online Brokers
Customer accounts accessed in fraud scheme; losses total $22M at two firms
Computerworld - Two of the top online stock brokerages in the U.S. disclosed that overseas hackers broke into some of their customer accounts during the past three months, resulting in combined losses of at least $22 million and leading both firms to take steps to bolster their security measures.
Jerry Bartlett, CIO at TD Ameritrade Holding Corp., said in an interview last week that the attacks were launched by identity thieves in Eastern Europe and Asia who used keylogging software delivered via Trojan horses or other malware to steal the account information of users logging onto public computers or their own infected PCs.
Jerry Bartlett, CIO at TD Ameritrade Holding Corp
Bartlett said no data was stolen from TD Ameritrade’s own databases, nor were its servers breached during the attacks. But he acknowledged that the company’s antifraud efforts, which include a security team that uses special software to monitor for anomalous activity such as users logging in from unusual IP addresses, failed to detect the stock scams quickly enough.
As a result, TD Ameritrade has installed new technology and reconfigured its existing tools to monitor for pump-and-dump activity, Bartlett said. “We could identify it [before], but certainly not to the sophistication of what we can do now,” he added. He declined to discuss the new capabilities in detail or disclose which security tools his firm uses to guard against online fraud.
ETrade has also beefed up its online security in response to the recent attacks, CEO Mitchell Caplan said during an Oct. 18 conference call on the company’s third-quarter financial results. Caplan said ETrade had cut the amount of fraudulent activity to “almost zero” over the previous three weeks as a result of the security changes.
The inability of ETrade and TD Ameritrade to promptly detect the hackers is hitting them in their pocketbooks. Although the money in brokerage accounts isn’t insured, both firms guarantee customers against losses caused by fraud.
ETrade officials said during the earnings call that the company had spent $18 million to compensate customers for losses from the attacks. Last week, TD Ameritrade disclosed during a conference call on its fourth-quarter results that it had reimbursed a total of $4 million to its customers.
To help it monitor accounts for unusual behavior, ETrade uses antifraud software developed by Cyota Inc., which is now a part of EMC Corp.’s RSA Security Inc. division.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts