Page 1 of 1 and Vanguard Online Fraud Policy

Posted: Sat Apr 14, 2012 2:27 pm
by James Cody
I’ve been researching a lot of past threads about Vanguard’s Online Fraud Policy, and it seems that a somewhat unsettled issue in this forum (and elsewhere) is whether using or another aggregator of financial information violates the Online Fraud Policy (because you’ve given your username and password to another person) and thus causes you to lose protection of the policy. So I emailed Vanguard and asked them. The response is copied and pasted below.

It seems to me that using should not lose the protection of the policy because Vanguard and have an agreement pursuant to which Vanguard allows to aggregate financial information from Vanguard. But Vanguard appears to have decided otherwise. The way I read the response below, if your account is hacked because you gave your username and password to, Vanguard may choose not to reimburse you. I was going to email for clarification on that issue – if I give my username and password to, but my account is hacked not because of that, but because of spyware or pharming or whatever, is the policy effective? But then I figured, what’s the point. I don’t know enough about online security to know if you can even determine how the account was hacked (something you did, a screw up on Vanguard’s end, a screw up on’s end, or some other way?). And regardless, it just seems like it’s too easy of a basis for Vanguard to avoid liability, so it’s not worth the risk.

It’s too bad – I think was a really convenient service, and in fact it helps me fight fraud because it takes me 30 seconds every morning to review transactions for all my accounts to see if anything inappropriate has happened. But I think the safest thing is to delete all my accounts from (including credit cards and checking accounts – I already use different passwords for financial accounts, email accounts, work accounts, and all other accounts, and I don’t write any of it down, so it’s too much for me to remember different passwords for all my different type of financial accounts), delete my account, and then change all my financial account passwords.

I still am following up with a reply email to recommend (1) that Vanguard rewrite their Online Fraud Policy to make it more clear with respect to services, and (2) that Vanguard provide their accountholders the opportunity to use a security token authenticator, which seems to be a mostly foolproof way of preventing anyone from accessing your account online. I’ll keep you updated on their response.
Thank you for taking the time to contact us.

Vanguard takes the security of your account very seriously, and we apply
strict security measures before releasing information about a specific
account or processing a transaction.

Our online policy does not protect against unauthorized transactions that
may occur from sharing your username and password with a third-party
service. We will review all cases of possible fraud on a case by case
basis; however, we can make no guarantees that you will be reimbursed. Our
policy only protects online accounts handled through Vanguard. Outside
aggregators may open you up to possible fraud which we cannot protect

Re: and Vanguard Online Fraud Policy

Posted: Sat Apr 14, 2012 2:34 pm
by James Cody
Below is my reply with my two suggestions:
Thank you very much for your response. If I may, I would like to make two recommendations. First, I suggest that Vanguard revise its Online Fraud Policy to make it clear that sharing your username and password with or similar services can result in being unprotected by the policy. I've done quite a bit of research and read many articles and searched many forums, and it seems like no one is clear whether using violates the policy, particularly because Vanguard does have an agreement with allowing to read financial information at Vanguard. I think it would be very useful to people to clearly know that they shouldn't use if they want to ensure that the policy to be effective. Second, I would highly recommend that Vanguard start letting accountholders buy from Vanguard and use security token authenticators with their accounts. Etrade, for example, allows this service, and the authenticators are a pretty foolproof way to ensure that no one can hack your online account. I think it would put many accountholders at ease to have such a service.

Re: and Vanguard Online Fraud Policy

Posted: Sat Apr 14, 2012 4:16 pm
by prudent
They need to implement a type of restricted login that could view your account but not initiate transactions.

Re: and Vanguard Online Fraud Policy

Posted: Sat Apr 14, 2012 4:24 pm
by tfb
prudent wrote:They need to implement a type of restricted login that could view your account but not initiate transactions.
To make people not come to as often and get everything from mint? How would Vanguard convey the Vanguarding message then? Not sure why Vanguard would want to spend money on doing that.