Page 3 of 8

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 6:40 am
by csm
OP, thanks so much for posting this frightening story so we are all aware of what can happen.

One other step you may wish to take going forward is to set up a CreditKarma account for your father, using your own email address, and monitor it frequently.

When my mother passed away a few years ago, this was one of the pieces of advice for how we could identify all of her accounts, credit cards and/or loans and also keep an eye out to be sure her information was not used for identity theft.

Best of luck in getting this sorted out for your father.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:10 am
by MikeG62
learning_head wrote:
Thu Oct 05, 2017 8:49 pm
...I would suggest contacting all current financial institutions with your dad's accounts and explaining the situation and seeing what they can do to flag his account requiring extra steps for any money withdraws. Make sure to take down employee name and identifying information and let them know you are recording this for your records, in case funds start disappearing from their institution.
This is good advice.

If someone has your Dad’s personal information they may well use it elsewhere. Close down all those exposures asap.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:19 am
by Mr.BB
Just to reiterate what somebody said before do not call the number that the company of the IRA gave you or use their link if it was an email
go directly to the company's website and access the IRA account through your own computer link to verify this. This could be a scam.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:21 am
by Call_Me_Op
This is very disturbing. I wonder how often something like this happens. Seems like a good reason to diversify custodians even though Vanguard's security seems solid.

Brak, please keep us informed.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:34 am
by ResearchMed
Call_Me_Op wrote:
Fri Oct 06, 2017 8:21 am
This is very disturbing. I wonder how often something like this happens. Seems like a good reason to diversify custodians.
Bingo.

We use Fidelity, Vanguard, and TIAA for 403b accounts; Vanguard and Schwab for IRA's.
Local bank and credit union for everyday "cash" accounts.

But we figured it would "help" in case one of their computer systems had a long outage or their system got hacked, until they could recover.
Sure, we were aware of a possible problem like OP described, but it seemed "unlikely". Ha!

RM

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 9:29 am
by Exterous
OP - I hope things work out well for your father and thanks for posting this thread. Its certainly an unfortunate situation but there is a lot of good information in here to help keep others safe.

On a side note I can't help but think this is a potential benefit to a local AUM adviser. My mom continues to use the same one my father and her used for decades and there is no way he would have gone through with this. As a Fidelity customer I have no such luxury (but also have no plans on changing). Would probably make for good marketing material

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 10:13 am
by ji.isaacs
csm wrote:
Fri Oct 06, 2017 6:40 am
OP, thanks so much for posting this frightening story so we are all aware of what can happen.

One other step you may wish to take going forward is to set up a CreditKarma account for your father, using your own email address, and monitor it frequently.

When my mother passed away a few years ago, this was one of the pieces of advice for how we could identify all of her accounts, credit cards and/or loans and also keep an eye out to be sure her information was not used for identity theft.

Best of luck in getting this sorted out for your father.
When my spouse passed I was advised to send a certified copy of the death certificate to one of the credit bureaus (who would automatically notify the other two). I received written confirmation and a notation of death on the credit report to prevent identity theft. I also notified Credit Karma for the same purpose and they closed access to the account.

My reason for wanting to have the death notice officially noted was due to a letter I received from the hospital a month or so after telling me my spouses information was exposed due to unauthorized access to the electronic record.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 11:14 am
by TravelGeek
So "Know your customer" failed in the case of the bank account opened with false information?

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 11:28 am
by prudent
TravelGeek wrote:
Fri Oct 06, 2017 11:14 am
So "Know your customer" failed in the case of the bank account opened with false information?
It would certainly seem that way, but maybe the bank employee can avoid problems by saying something as simple as "they had a driver's license, it looked genuine to me."

I also echo the above comment(s) that these account hijackings makes one think that there is real value in working with a local outfit. Perhaps a way to set up an account such that funds cannot be transferred without providing some info that could not be gleaned from stolen credit files. There have been times my bank wouldn't give me info I wanted unless I told them the amount of my last deposit and how the deposit was made (in branch, mobile, ATM, direct deposit).

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 11:47 am
by JamesSFO
So sad to read about this, hopefully given the $ amounts involved, law enforcement will take strong action to help in recovering the monies. :(

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 11:59 am
by letsgobobby
A 78 year old with a million dollar IRA will have an RMD of $50,000.

I'm sure many Bogleheads will be in this situation.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 1:33 pm
by SimonJester
prudent wrote:
Fri Oct 06, 2017 11:28 am
...these account hijackings makes one think that there is real value in working with a local outfit.
Yes instead of an unknown criminal stealing your money from your retirement account, the local "financial adviser" legally steals your money with high ERs funds, frequent trading, and various insurance scams...

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 2:36 pm
by Sandi_k
Because of this thread, I called and instituted two-factor authentication and voice print security protocol with my retirement firm.

Thanks for this thread, Brak - it's chilling. My best wishes for a good resolution for your dad on this issue...

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 2:51 pm
by brak
Thanks again for all the support and good advice. Today was spent talking to other financial institutions that house my parents' money. All I can say is that Ally, Vanguard and Fidelity have security measures in place that are significantly more sophisticated than those of the custodian of the account, Trans America. Now whether that adds up to negligence on Trans America's part is another matter and I don't yet know the answer. Coming up next : on Monday we meet with police to give further info and ask them how aggressively they plan to pursue this, also decide whether or not to bring in the US attorney's office. Will also put on fraud alerts and use chexsystem. There's only so much of this I can take in a day. Thanks again and stay tuned (maybe I can turn this into a Netflix series!).

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 2:53 pm
by prudent
SimonJester wrote:
Fri Oct 06, 2017 1:33 pm
prudent wrote:
Fri Oct 06, 2017 11:28 am
...these account hijackings makes one think that there is real value in working with a local outfit.
Yes instead of an unknown criminal stealing your money from your retirement account, the local "financial adviser" legally steals your money with high ERs funds, frequent trading, and various insurance scams...
Certainly dIdn't mean to imply they should manage the funds, just be the custodian.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 4:22 pm
by Rupert
brak wrote:
Fri Oct 06, 2017 2:51 pm
Thanks again for all the support and good advice. Today was spent talking to other financial institutions that house my parents' money. All I can say is that Ally, Vanguard and Fidelity have security measures in place that are significantly more sophisticated than those of the custodian of the account, Trans America. Now whether that adds up to negligence on Trans America's part is another matter and I don't yet know the answer. Coming up next : on Monday we meet with police to give further info and ask them how aggressively they plan to pursue this, also decide whether or not to bring in the US attorney's office. Will also put on fraud alerts and use chexsystem. There's only so much of this I can take in a day. Thanks again and stay tuned (maybe I can turn this into a Netflix series!).
You're doing all the right things. When you next meet with the police, specifically ask them if it would be better to refer it out to the US Attorney due to the interstate nature of the crime. Local police/prosecutors are often happy to offload such cases (they usually don't have the resources to investigate them properly), and they do it all the time. There's a formal process in place for such referrals.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 4:39 pm
by WillRetire
In answer to this part of the original post: "what steps should he undertake to protect investments he has at other institutions..."

Help your father register for online access to ALL investment and bank accounts, also Social Security, Medicare, and all health plans. This way, he'll at least have online access thus preventing someone else from taking that step. Of course, someone (he or you) should monitor all accounts periodically, and check email at the email address connected to them.

During the process of registering for online access to all accounts, he & you will find out if someone else has already registered, indicating more potential foul play in progress.

Also, select security questions that require information that cannot be gleaned from credit history. Good ones: favorite food, first manager's name, first concert, that sort of thing.

Good luck.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 4:46 pm
by truenorth418
OP - Thank you for coming here to Bogleheads for advice and thus sharing your experience with others. I wish you all the best in resolving this and recovering the funds. This thread has inspired me to add 2 factor authentication to my accounts immediately (I had been putting it off). I had already frozen my credit at the Big 3 but there are other steps such as Chexsystems and the 4th credit agency discussed here that I had not considered.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 6:08 pm
by CaliJim
Two more things:

1) Document everything: take notes on every phone call, save every email, keep keep a copy of every letter sent or received

2) See a lawyer. You may have rights and claims for compensation from the involved institutions, regardless of the outcome of the investigation and recovery of the funds. A letter from your lawyer to TransAmerica may be all that is required to get the money back. I wouldn't think you need to be too involved or worried about the investigation and prosecution of the case. IMHO: the failure was the custodians. "Call from out of state", "Transfer to out of state bank" - too many red flags were ignored.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 6:21 pm
by NotWhoYouThink
prudent wrote:
Fri Oct 06, 2017 2:53 pm
SimonJester wrote:
Fri Oct 06, 2017 1:33 pm
prudent wrote:
Fri Oct 06, 2017 11:28 am
...these account hijackings makes one think that there is real value in working with a local outfit.
Yes instead of an unknown criminal stealing your money from your retirement account, the local "financial adviser" legally steals your money with high ERs funds, frequent trading, and various insurance scams...
Certainly dIdn't mean to imply they should manage the funds, just be the custodian.
Still no. I think the chances of being defrauded by a dishonest local broker are greater than the chances of something like this. I read about cases of that every week. The local FAs I know use someone like Schwab or Fidelity as custodians.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 6:41 pm
by tadamsmar
Call_Me_Op wrote:
Fri Oct 06, 2017 8:21 am
This is very disturbing. I wonder how often something like this happens. Seems like a good reason to diversify custodians even though Vanguard's security seems solid.

Brak, please keep us informed.
Maybe, but it's important to know that all custodians are not equal. So you could diversify into a riskier custodian.

Also, this is not just about Vanguards's security, this it about the client's personal online security. This about a crook stealing your login credentials from you when Vanguard is not at fault in the matter.

This is not just about Vanguard's security. It's about their reimbursement commitment:
Our commitment regarding online security is simple. If assets are taken from your account in an unauthorized online transaction on Vanguard.com®—and you've followed the steps described in the Your responsibilities section below—we will reimburse the assets taken from your account in the unauthorized transaction.
https://personal.vanguard.com/us/help/S ... ontent.jsp

The OP's father's custodian was Transamerica, here is their "commitment":
We are not responsible for damages or losses resulting from any breach of security caused by your failure to maintain the confidentiality of your Access Codes or any other security or authentication technique we utilize, unless otherwise required by law.
https://www.transamerica.com/individual ... neservices

Note that nothing is required by federal law. All you have is the custodian's reimbursement commitment (if there is one).

See the difference? Do you really want to diversify into Transamerica?

Note that Schwab and Fidelity have reimbursement guarantees as good or better than Vanguard.

Be careful where you diversify to.

And, note that you have responsibilities under all these reimbursement commitments, they are two-way contracts. Live up to your responsibilities.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 7:31 pm
by Lynette
deleted - fraud from overseas - not relevant for this thread.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 7:33 pm
by Wakefield1
I doubt that the victim even had any kind of logon credentials on his account,the "logon credentials" were added by the crooks.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 7:47 pm
by CAsage
In California, when you get a document notarized, the notary checks your ID, writes down the Drivers License # and takes a thumbprint. Might want to track down that notary!

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 7:53 pm
by tadamsmar
Wakefield1 wrote:
Fri Oct 06, 2017 7:33 pm
I doubt that the victim even had any kind of logon credentials on his account,the "logon credentials" were added by the crooks.
According his son's posts here, victim had security questions specified:
So here is what I know so far. The custodian of my father's IRA states that in early September they received a phone call from a man posing as my father, who passed all the security questions
Therefore, I think it is beyond doubt that the victim had logon credentials.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:03 pm
by littlebird
tadamsmar wrote:
Fri Oct 06, 2017 7:53 pm
Wakefield1 wrote:
Fri Oct 06, 2017 7:33 pm
I doubt that the victim even had any kind of logon credentials on his account,the "logon credentials" were added by the crooks.
According his son's posts here, victim had security questions specified:
So here is what I know so far. The custodian of my father's IRA states that in early September they received a phone call from a man posing as my father, who passed all the security questions
Therefore, I think it is beyond doubt that the victim had logon credentials.
Institutions can, and usually do, ask security questions when you contact them by phone - either those you've set up in advance, or those they glean from your info or your account activities - without any necessity for having an online account.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:03 pm
by brak
Clarification: the security questions were, date of birth, address, SS#, and mother's maiden name. When I called Trans America they said that there is now an option for a more personal security question, but my father's account did not have one.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:13 pm
by tadamsmar
brak wrote:
Fri Oct 06, 2017 8:03 pm
Clarification: the security questions were, date of birth, address, SS#, and mother's maiden name. When I called Trans America they said that there is now an option for a more personal security question, but my father's account did not have one.
Perhaps your father has a good case for reimbursement, since he apparently did nothing wrong. He also reported it in a timely fashion according to your posts.

If Transamerica refused to reimburse, then I would probably get a lawyer and threaten to go to the media and drag Transamerica's name through the mud. Hopefully they will reimburse to get your father's signature on a nondisclosure agreement.

There are cases like this in the past where the custodian reimbursed after they started getting bad press. The claimed that the had recovered the money. Perhaps they did, but the timing made it look like they were reacting to the bad press. In that case the client's case was less defensible than yours. He was in China and not monitoring his account. This was a long time ago when perhaps it was not easy to follow online accounts while in China.

Come to think of it, a lawyer would probably tell you to stop talking about this online or to the public because that makes the threat to publicize it more potent. I personally would not openly discuss it, if I were you, unless Transamerica refuses to pony up.

On the other hand, maybe Transamerica's clients are more businesses (401Ks) than the general public, so maybe they are not that scared of bad press, not sure.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:17 pm
by NotWhoYouThink
In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:18 pm
by Wakefield1
I believe pre-computer era accounts did sometimes have security questions on them. Such as having to answer a question when calling by phone to ask what your balance in checking was before the bank representative would give you the balance. I don't think that is a "logon".
Of course a simple answer such as date of birth does not give much protection as compared to a pre arranged code question with a pre arranged nonsense response.
Does anyone remember the old Vanguard tele account? I think that could have had some such question set up (before they had Vanguard.com),to call them now they want something like that but I don't think they have tele-account anymore.

(edit) looks like they still offer it but maybe not to new brokerage account holders

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:22 pm
by Wakefield1
brak wrote:
Fri Oct 06, 2017 8:03 pm
Clarification: the security questions were, date of birth, address, SS#, and mother's maiden name. When I called Trans America they said that there is now an option for a more personal security question, but my father's account did not have one.
Not very good security questions at all.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:34 pm
by 2b2
My suggestion may meet with some resistance but here's something I do.
Check accounts every day. If you see a notation "pending transaction" on a holding, and you didn't request a transaction....well.....

2b2

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:34 pm
by ResearchMed
NotWhoYouThink wrote:
Fri Oct 06, 2017 8:17 pm
In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.
Never seen a request for any fingerprints for a notary.

And what would that help or prove?

Isn't the point of using a notary is to "prove" (in quotes, as it's not really *proof*!) that the person signing is indeed the person who is supposed to be signing?
All a fingerprint would do (until there is an Easily Accessible Fingerprint Registry (TM) so the notary could confirm identity!) is to provide a history that could later be used to confirm - or not - the identity of the person signing.
A bit too late in many cases...

RM

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:49 pm
by letsgobobby
2b2 wrote:
Fri Oct 06, 2017 8:34 pm
My suggestion may meet with some resistance but here's something I do.
Check accounts every day. If you see a notation "pending transaction" on a holding, and you didn't request a transaction....well.....

2b2
Until we figure out how to navigate the post-Equifax world, I am taking your approach. Regrettably, as it takes considerable time.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:51 pm
by tadamsmar
brak wrote:
Thu Oct 05, 2017 6:18 pm
Celia - the custodian did not realize the funds were stolen until we contacted them, which occurred after we received a transaction confirmation in the mail showing that the account had $52,000 withdrawn. We received the confirmation letter approximately twelve days after the withdrawal actually occurred.
I have read that one should use a certified letter to inform a custodian of a breach. But that was in a context where there was a federal law with reporting deadlines like for personal bank accounts or credit cards. Timely reporting still may be a consideration here to make it more likely that you get reimbursed.

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 8:54 pm
by Wakefield1
I would still like to see this end like a good detective story-the perps traced down and (some?) of the money tracked down-and perhaps there are some other victims of the same perp or perps who might not even realize yet that their money is missing-and perhaps potential future victims would be spared some of this
meanwhile day to day security gets more and more involved,more hoops to jump through

Re: Retirement Account Stolen by Identity theft

Posted: Fri Oct 06, 2017 9:06 pm
by investorpeter
Rupert wrote:
Fri Oct 06, 2017 4:22 pm
brak wrote:
Fri Oct 06, 2017 2:51 pm
Thanks again for all the support and good advice. Today was spent talking to other financial institutions that house my parents' money. All I can say is that Ally, Vanguard and Fidelity have security measures in place that are significantly more sophisticated than those of the custodian of the account, Trans America. Now whether that adds up to negligence on Trans America's part is another matter and I don't yet know the answer. Coming up next : on Monday we meet with police to give further info and ask them how aggressively they plan to pursue this, also decide whether or not to bring in the US attorney's office. Will also put on fraud alerts and use chexsystem. There's only so much of this I can take in a day. Thanks again and stay tuned (maybe I can turn this into a Netflix series!).
You're doing all the right things. When you next meet with the police, specifically ask them if it would be better to refer it out to the US Attorney due to the interstate nature of the crime. Local police/prosecutors are often happy to offload such cases (they usually don't have the resources to investigate them properly), and they do it all the time. There's a formal process in place for such referrals.
Law enforcement is not going to pursue this with the same vigor as you would. $52,000 is a lot of money for one person to lose, but for the US attorney or FBI, it may not generate much more activity than a report that gets filed somewhere. They will likely tell you this happens all the time. They may initially assume it was a bank error or family dispute. Meanwhile evidence could be lost like video from Region's bank or from the notary office. If you do leave it up entirely to law enforcement, your best bet is to present as much evidence as possible that this was clearly fraud. And push them to pursue the many leads you already have. Personally, I would want to pursue this on my own to the point of making it abundantly clear it was fraud such as by having a copy of the notarized document with a fake notarization (a true notary's name will be registered and easily confirmed) or the wire transfer showing the money was transferred from Regions to some foreign bank.

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 6:18 am
by Call_Me_Op
NotWhoYouThink wrote:
Fri Oct 06, 2017 8:17 pm
In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.
And Missouri is the "Show Me State."

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 7:18 am
by Exterous
Sandi_k wrote:
Fri Oct 06, 2017 2:36 pm
Because of this thread, I called and instituted two-factor authentication and voice print security protocol with my retirement firm.
So I just looked into my voice print options and read the FAQ. If the voice print validation isn't accepted the fall back is to be asked "security questions". I tried to enroll this morning but looks like they are closed till Monday so I couldn't get more information about what those questions are but its something to keep in mind

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 7:41 am
by aristotelian
Wakefield1 wrote:
Fri Oct 06, 2017 8:54 pm
I would still like to see this end like a good detective story-the perps traced down and (some?) of the money tracked down-and perhaps there are some other victims of the same perp or perps who might not even realize yet that their money is missing-and perhaps potential future victims would be spared some of this
meanwhile day to day security gets more and more involved,more hoops to jump through
Me too. This is a sophisticated operation undoubtedly with more victims, in the past and in the future. I would start with the person in OP's dad's office. Who has access to those numbers? Identify that person, then you get the accomplice.

Re: Identity theft

Posted: Sat Oct 07, 2017 7:49 am
by TheTimeLord
brak wrote:
Tue Oct 03, 2017 12:27 pm
So here is what I know so far. The custodian of my father's IRA states that in early September they received a phone call from a man posing as my father, who passed all the security questions and requested a change in email address and that forms for withdrawal of funds be sent to that email. Around two weeks later the custodian received all the paperwork authorizing the withdrawal of funds from the account, and the electronic transfer of said funds into a bank account under my father's name at a bank he had never heard of and certainly did not use for banking (Regions Bank). The custodian states that the paperwork had my father's (alleged) signature notarized, and also included a copy of a check from the bank account into which the funds were to be deposited. At that point, the custodian effected the requested transfer of $52,000. That is where things stand. The custodian (Transamerica) is initiating an investigation, we will be filing a police report. I have no idea how this could have happened, and more importantly what safety precautions we need to take at this point. We are freezing my fathers accounts with Transition, Experian and Equifax but I don't know what else to do. And obviously the question of who is on the hook for the money lingers out there. Any and all input would be most welcomed.
Maybe someone has pointed this out but on every account I have I immediately get a notification at my old email address that it has been changes along with a message to contact them if this is an unauthorized change. Does TransAmerica not do this?

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 8:25 am
by david99
Thanks for posting this. I've increased the security on my accounts.
I would get a lawyer involved in this situation. I think that a letter from your lawyer will put more pressure on Trans America. In the event that Trans America does not return your money, I would let them know that you plan to go to the news media with this story. I don't think that a big company like Trans America wants this kind of bad publicity all over the Internet. This would be especially true if this has happened to several accounts at Trans America and multiple stories of theft at their company start to hit the Internet.

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 9:01 am
by TravelGeek
NotWhoYouThink wrote:
Fri Oct 06, 2017 8:17 pm
In Missouri I've never had a notary ask for more than a Driver's license. No thumbprint.
I have had stuff notarized in CA and Oregon, and in both cases ID and thumb print were recorded in the notary's book. And I believe the OP mentioned that the notary in this case was allegedly (if real) in CA.

How does the recipient of a notarized document verify that it wasn't a fake notary? Is there a registery to verify notaries?

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 9:15 am
by TravelGeek
tadamsmar wrote:
Fri Oct 06, 2017 6:41 pm
This is not just about Vanguard's security. It's about their reimbursement commitment:
Our commitment regarding online security is simple. If assets are taken from your account in an unauthorized online transaction on Vanguard.com®—and you've followed the steps described in the Your responsibilities section below—we will reimburse the assets taken from your account in the unauthorized transaction.
https://personal.vanguard.com/us/help/S ... ontent.jsp

[...]

And, note that you have responsibilities under all these reimbursement commitments, they are two-way contracts. Live up to your responsibilities.
Right, live up to your responsibilities. Among them, as documented on the page you linked to:

"Never share your user name, password, or other account-related information with anyone."

Don't share your passwords with anyone includes your spouse or children (if elderly); you can give them access rights through their own login account, so Vanguard can track who is actually transacting or accessing data. I only learned that through a BH thread a couple years ago (thanks!); until then I was managing my wife's account by logging in as her.

And further, while I am not a lawyer, that "anyone" to me also means aggregation services like Mint. Vanguard certainly can determine based on server access logs whether login requests for your account come from Intuit's servers. Whether they would actually use that in case of a loss of money in your account to get out of reimbursement promises I don't know, of course.

Also speaking of Vanguard's security practices and security questions, as mentioned in another thread a while ago, Vanguard has representatives that think nothing about placing unsolicited calls to your number, introducing themselves as Vanguard reps who want to talk about your account and then proceed to ask you the security questions. Indistinguishable from phishing.

Re: Identity theft

Posted: Sat Oct 07, 2017 9:20 am
by fposte
TheTimeLord wrote:
Sat Oct 07, 2017 7:49 am

Maybe someone has pointed this out but on every account I have I immediately get a notification at my old email address that it has been changes along with a message to contact them if this is an unauthorized change. Does TransAmerica not do this?
I believe Brak has said his father had no email address.

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 9:22 am
by letsgobobby
TravelGeek wrote:
Sat Oct 07, 2017 9:15 am
tadamsmar wrote:
Fri Oct 06, 2017 6:41 pm
This is not just about Vanguard's security. It's about their reimbursement commitment:
Our commitment regarding online security is simple. If assets are taken from your account in an unauthorized online transaction on Vanguard.com®—and you've followed the steps described in the Your responsibilities section below—we will reimburse the assets taken from your account in the unauthorized transaction.
https://personal.vanguard.com/us/help/S ... ontent.jsp

[...]

And, note that you have responsibilities under all these reimbursement commitments, they are two-way contracts. Live up to your responsibilities.
Right, live up to your responsibilities. Among them, as documented on the page you linked to:

"Never share your user name, password, or other account-related information with anyone."

Don't share your passwords with anyone includes your spouse or children (if elderly); you can give them access rights through their own login account, so Vanguard can track who is actually transacting or accessing data. I only learned that through a BH thread a couple years ago (thanks!); until then I was managing my wife's account by logging in as her.
I know this is true, but has Vanguard's policy ever been tested in the event of a loss? My spouse has never - repeat, never - logged into her Vanguard account in our 20 years together. She only has Vanguard accounts to the extent I have funded them for her (I helped her complete her 403b paperwork at work, I fund the IRAs, etc). Would she really not be offered protection by Vanguard in the event of a loss?
And further, while I am not a lawyer, that "anyone" to me also means aggregation services like Mint. Vanguard certainly can determine based on server access logs whether login requests for your account come from Intuit's servers. Whether they would actually use that in case of a loss of money in your account to get out of reimbursement promises I don't know, of course.
Given the modern reality, using an aggregation service seems like asking for trouble.
Also speaking of Vanguard's security practices and security questions, as mentioned in another thread a while ago, Vanguard has representatives that think nothing about placing unsolicited calls to your number, introducing themselves as Vanguard reps who want to talk about your account and then proceed to ask you the security questions. Indistinguishable from phishing.
One benefit of Vanguard flagship has been the assigned rep, whose voice I know well. If anyone else called asking security questions I would not have answered. With the recent transition of Flagship from "individual rep" to "team" approach, I don't know how this will work going forward.

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 9:25 am
by Bliss
TravelGeek wrote:
Sat Oct 07, 2017 9:01 am
How does the recipient of a notarized document verify that it wasn't a fake notary? Is there a registery to verify notaries?
Each state has a department, usually the Treasury, that maintains a registry of all notaries and can provide a document to confirm that the notary's commission was valid and verify the stamp/signature. I've had to get these documents in international transactions that require an Apostille.

However, this process requires payment and takes a few weeks and there is no instant access to verify a notary. So, this wouldn't have helped in the situation the OP described.

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 9:28 am
by Wakefield1
david99 wrote:
Sat Oct 07, 2017 8:25 am
Thanks for posting this. I've increased the security on my accounts.
I would get a lawyer involved in this situation. I think that a letter from your lawyer will put more pressure on Trans America. In the event that Trans America does not return your money, I would let them know that you plan to go to the news media with this story. I don't think that a big company like Trans America wants this kind of bad publicity all over the Internet. This would be especially true if this has happened to several accounts at Trans America and multiple stories of theft at their company start to hit the Internet.
As long as Trans America seems to be cooperating and investigating the theft avidly I would be reluctant to take such a threatening or adversarial measure against them.

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 9:37 am
by TravelGeek
letsgobobby wrote:
Sat Oct 07, 2017 9:22 am
One benefit of Vanguard flagship has been the assigned rep, whose voice I know well. If anyone else called asking security questions I would not have answered. With the recent transition of Flagship from "individual rep" to "team" approach, I don't know how this will work going forward.
The guy who called me was my flagship agent. I have been a Vanguard customer (owner?) for 20+ years and had never talked to him or one of his predecessors (just never had the need). I did recognize his name from my statements, but that isn't exactly sufficient authentication (and my wife wouldn't have recognized his name since she doesn't read the statements).

Anyway, I don't want to sidetrack this thread from the OP's topic; just a general warning to be careful out there and don't expect the custodians (whether Vanguard or otherwise) to be 100% bullet proof. This thread includes a lot of action items for me and others, it seems :)
My spouse has never - repeat, never - logged into her Vanguard account in our 20 years together. She only has Vanguard accounts to the extent I have funded them for her (I helped her complete her 403b paperwork at work, I fund the IRAs, etc). Would she really not be offered protection by Vanguard in the event of a loss?
If you were the one using her account credentials to defraud her, I could see Vanguard invoking that rule. But if someone else somehow hacked into Vanguard and accessed her account, I don't think they could even determine that it was you who all these years managed her account (shared computer, so access to your and her account from same IP is legitimate). They could perhaps ask her if she ever shared her credentials with anyone.

Re: Retirement Account Stolen by Identity theft

Posted: Sat Oct 07, 2017 9:38 am
by ResearchMed
Bliss wrote:
Sat Oct 07, 2017 9:25 am
TravelGeek wrote:
Sat Oct 07, 2017 9:01 am
How does the recipient of a notarized document verify that it wasn't a fake notary? Is there a registery to verify notaries?
Each state has a department, usually the Treasury, that maintains a registry of all notaries and can provide a document to confirm that the notary's commission was valid and verify the stamp/signature. I've had to get these documents in international transactions that require an Apostille.

However, this process requires payment and takes a few weeks and there is no instant access to verify a notary. So, this wouldn't have helped in the situation the OP described.
And the use of a finger print (per a previous post)?

How does that get "verified" or otherwise become useful, *especially* pro-actively, to help determine whether the "account holder" is the *real* account holder?
(Sure, it might be helpful after the fact to "prove" that the fingerprint did not belong to the account holder, but ... the horses are already out of the barn at that point.)

Even if the local notary took a fingerprint, at what point would that be used to validate the request to remove funds, in a timely fashion or not?

And then there is the complication if there is a need for someone with a Durable PoA to handle the transaction...
This already can be extremely difficult.

But this entire scenario - and trying to prevent it - is only going to become more and more tricky, and never foolproof.

RM