cb474 wrote:tadamsmar wrote:In my view, you should give priority to doing
all the things that you need to do to keep your fraud reimbursement protection in force:
At a minimum, in order for this protection to apply, you must take the following steps:
Review your accounts regularly:
Check your account frequently. Promptly and completely review all information we send you.
Report any errors or discrepancies in your account and any suspected unauthorized transactions or account changes to Vanguard immediately.
Protect your Vanguard.com user name, password, and other account-related information:
Make sure your user name, password, and answers to your security questions are unique and strong.
Never share your user name, password, or other account-related information with anyone.
Never store your user name, password, or answers to security questions in your browser.
Clear any temporarily stored copies of online information by closing your browser after signing off. Do not leave your computer unattended while logged on to Vanguard.com.
Protect your computer:
Make certain that any computer you use to access Vanguard.com has up-to-date security and anti-spyware, antivirus, and firewall software.
Do not reply to e-mail requests for personal or financial information.
Do not respond to, open an attachment in, or click on a link within an e-mail if you suspect the message is fraudulent. Vanguard will not ask for personal information such as your Social Security number, account numbers, or passwords in an e-mail.
Cooperate with us and stay informed:
Cooperate fully with Vanguard in investigating and prosecuting any unauthorized activity in your account, and follow our recommendations about how to protect your account. We may require you to file a police report, complete a notarized affidavit, or permit access to your computer.
https://personal.vanguard.com/us/help/S ... ontent.jsp
When I see that fairly long list of all the these you need to do, what I see is a list of potential excuses that Vanguard can use to try to weasel out of reimbursing people in the case of fraud.
I am very security conscious, I am the sort of person who does read the fine print, and I had never seen that list before people in this forum starting pointing it out. I do all those things anyway, but how many Vanguard customers are really aware of that list or carefully practice every single thing on the list? I supect it's a percentage in the single digits. Obviously if people are handing out their username and password on street corners, Vanguard can't be liable for lost funds. But when I see that list, it just seems like fine print to help Vanguard weasel out when the responsibility of the client is not so obvious.
People need to be educated about how to pratice better security. This does not work by hiding the information in the fine print that no one ever sees. Letting people choose bad password and dumb answers to security questions is just encouraging people to continue bad pratices. People, as a whole, will not change until the system requires better practices. Vanguard stands in a position to make people have no other option than to engage in better practices. When Vanguard chooses to do otherwise for the convenience of customers, this is just because Vanguard wants their business and doesn't want to annoy them with even moderately more effort on security. But fraud is a cost we all pay for in the long run. I want people to be required to do it right. I don't accept a let the buyer beware solution. In a domain like this it will never work to change most people's behavior.
I did a poll here on some of the items in the list:
http://www.bogleheads.org/forum/viewtop ... e#p1525102
This lowest compliance on a single item was 8% (spouse sharing password with you), so the overall compliance measured by that poll would indeed be in single digits.
All the mutual funds companies that I have checked have some stipulations (fine print as you call it) for reimbursement. The others tend to be a less extensive list than Vanguard's, but all I have check preclude sharing your password with your spouse on personal accounts, which was the most ignored requirement on my poll.
I suppose we are all hoping for lax enforcement of the letter of the requirements unless our lax compliance proves to not be the cause of the breach.
Concerning Vanguard trying to weasel out of reimbursement, there is nothing to weasel out of because there is no law or regulation that requires reimbursement if your login credentials are stolen and Vanguard was not at fault or you wait too long to report unauthorized responsibilites. Same for all brokerages. Heck, the actual TSP uses have not been reimbursed in these cases. As far as I know TreasuryDirect will not reimburse in these situations. TSP and TreasuryDirect make on promises to cover you from losses due to breaches on the computers you use regardless of the safeguards you took. Even your bank and credit card will not reimburse if you wait to long to report the unauthorized activity. Everyone seems to thinK we live in a nanny state, but it seems that most of us are in need a nanny even better than the one the state is providing!
By the way, that was not actually the small print. The small print is below it. Among other things, the small print says that you could be SOL if you manage investments on your work computer and your login credentials are stolen by a third party. There is a third party issue. As far as I can see all the brokerages have third party stipulations that complicate reimbursement.
Also, I don't think the companies are trying to weasel out of anything. If they make it too easy, then they could easily be scammed by their own clients. Heck, if you reported a loss, I think it would be a certainty that the brokerage firm would have to make sure you are not scamming them before making you whole.