I would appreciate it if any posted replies did not speculate on the actual likelihood of theft at Treasury Direct; or whether I myself “worry too much” about losing money there; or whether I Bonds themselves are a worthwhile investment. That’s not the point of my post. I do buy securities through Treasury Direct. But it also somewhat creeps me out, because it seems uncomfortably “virtual,” i.e., it’s the only financial entity I’ve ever dealt with that never self–initiates any communication with me, for the record, about activity in the account, or even about the existence of my holdings.
I began this correspondence, which would eventually spread over many months, by sending an e-mail to Treasury Direct itself. I quoted a statement previously made on this forum by Mel Lindauer, a Bogleheads book author, forum moderator, and probably the forum’s main popularizer of, and educator about, I Bonds:
And I asked Treasury Direct: “Is this true?” I said I was referring specifically to a situation in which a loss occurred in a customer account due to some breach or hacking or other shortcoming in Treasury Direct’s own systems but which the customer did absolutely nothing to permit or enable through any compromise of his/her log-in credentials, i.e., there was no way in which the customer could be viewed as at-fault in the loss. I also noted that, because Treasury Direct itself does not issue any direct account communications to the customer (no purchase or redemption confirmations, no periodic statements, no year–end tax forms)(i.e., the burden is on the customer to print all of these from the website), a Treasury Direct customer wouldn’t even have a way, other than compulsive online account-checking, of knowing, in real time, when any strange activity on the account was even occurring.Mel Lindauer wrote:with paper Savings Bonds, if they're lost [or] stolen . . . Treasury will make you whole, but if someone cleans out your TD account, you're simply out of luck and have no recourse.
I received a form reply stating that the customer was responsible for the use made of his log-in credentials and for safeguarding them.
I e-mailed again and said this was not responsive to the question asked; that I had never doubted the customer’s obligation to do everything possible to protect his credentials; that I'd already made clear that I was asking about a situation in which the customer bore no fault or responsibility; and that I was asking about Treasury Direct’s liability for losses caused, or not prevented, by Treasury Direct itself. I repeated the Lindauer quote above and again asked “Is this true?” I then rephrased it in the opposite way and asked if there were any circumstances under which Treasury Direct would make a customer whole for losses which were in no way the customer’s fault––and, if so, what were those circumstances?
I received another form e-mail assuring me that customer security was of the utmost importance to Treasury, and that the institution regularly looked for ways to make its site even more secure.
Well, that wasn’t responsive to the specific question, either.
I decided to “go to the top.” I sent a postal letter to the Secretary of the Treasury. I noted the previous e-mail correspondence, then repeated the Lindauer quote and my own would-Treasury-ever-make-a-customer-whole follow-up question, and I emphasized that These are yes-or-no questions. Please answer “yes” or “no.”
Months passed, during which, following a change of administrations, I also sent that letter to more than one Treasury Secretary.
Finally I received a form postal letter from Treasury Securities Services in Minneapolis. It said: “The Government Loss in Shipment Act (GLSA) covers the loss/theft of United States Savings Bonds, whether in paper form or electronic form. If a Treasury Direct owner has his/her savings bonds stolen out of his/her account (and the claim is examined, validated, and approved for relief) the Treasury Department will compensate him/her for the loss. Please let us know if we can be of further service.”
I'd never heard of that law. As its name suggests, its language pertains to securities and other valuables lost or stolen while being shipped.
http://uscode.house.gov/view.xhtml?path ... ion=prelim
So, while Treasury Direct assures users that this law applies, which is good to know, it still seems a bizarre outcome, since statement-less electronic Savings Bonds are the very opposite of physical items being "shipped." And while it’s only reasonable to expect a government agency, or any business, to pay only those loss claims which are legitimate, the requirement that a claim concerning almost–virtual electronic Savings Bonds must be “examined, validated, and approved for relief,” by the Treasury, seems to provide a very large amount of wiggle room.
So, there you have it. Knowing that Treasury Direct procedures and security issues have been the subjects of other threads on this forum, I just offer the results of my own correspondence for anyone else interested.