Saturday, March 15, 2008
What Online Brokers Are Doing To Keep Their Customers' Accounts Safe
HORROR STORIES ABOUND ABOUT ON-LINE BROKERAGE ACCOUNTS hacked by mysterious bad guys, and then emptied. The methods vary from simple—logging in and transferring cash to a thief’s account—to complex; say, rigging an investor’s computer to buy penny stocks being sold by a crook at hugely inflated values.
Online investors say that security is an increasingly important factor in selecting a broker, so we surveyed nearly two-dozen firms to see what they’re doing to keep their customers’ money safe.
As a quick and easy starting point, always be sure you see the letter “s,” as in “https,” preceding the Web address of a site at which you’re entering personal or sensitive information. The “s” is a standard indication that the site is secure. Another is the padlock icon in the lower right-hand corner of the browser window. Even so, these indicators can be duplicated by some very clever fraudsters.
ONE METHOD THAT BROKERS use to thwart troublemakers is a token that generates a series of numbers that change every minute or two. Clients use these momentary passwords to log in to their accounts. The password’s life span is too short for a hacker to steal it. This, however, requires customers to carry the token around with them, usually on a key ring or in a wallet.
James Burton, a senior vice president at Fidelity’s retail-brokerage unit, says his firm employs extensive physical, electronic and procedural security controls, regularly modifying them to meet changing technology threats. Fidelity’s encryption standards turn the data you send across your Internet connection into gobbledygook, unless the computer receiving the information can decode it. Fidelity.com, like many brokerage sites, will automatically log you off after a short period of inactivity, which is designed to prevent unauthorized access or keystrokes by either a co-worker or a mischievous household pet that wanders onto your keyboard.
Another ploy that crooks use is changing your account’s address so that future checks come to them, or rerouting online money transfers to their coffers. Most brokers now require added security for these kinds of changes. OptionsXpress, for instance, sends out a notice to both existing and new addresses when a customer requests a change.
TD Ameritrade is rolling out a two-factor authentication system that “remembers” the computer from which a client logs into its system. If the next log-in attempt comes from a different computer, the investor will need to provide more information. CEO Joe Moglia says, “Clients have free access to security software via our online security center (http://www.tdameritrade.com/security/securityTools/securityTools.html), which enables them to detect and remove threats like computer Trojans and to monitor for suspicious behavior.” (Trojans are viruslike programs that travel via the Internet.)
TradeKing employs an intriguing system to thwart keystroke loggers—who keep track of every keystroke you make. These thieves can use your keystrokes to divine your password and personal information. To prevent that, TradeKing has you enter your password on an on-screen keyboard, using your mouse to select the appropriate characters. If you don’t type your password, a keystroke logger can’t pick it up. TradeKing also asks you a series of challenge questions if your online behavior is deemed unusual.
Software-based brokers such as Terra Nova don’t transmit information via a Web browser; they employ other methods of security. Terra Nova utilizes Captcha technology, which prompts the customer to type in the letters displayed in a small picture, to eliminate spammers and counter other electronic contact attempts. It also maintains an intrusion-detection system on its Website and database servers, to identify any attempted contact that is suspect.
AT ANOTHER SOFTWARE-BASED BROKER, MB Trading, President David Lipsett says, “We use proprietary algorithms to prevent unauthorized trading within an account as well as databasing user-connection information to spot trading that does not fit into the client’s normal patterns.”
Just how many challenges are out there? Consider Siebert CEO Muriel Siebert’s response to our queries: “The layered security consists of firewalls, encryption, intrusion-detection sensing, network segmentation, translation, monitoring, antivirus, antispam, antispyware, internal software and hardware lockdowns, premise-level security, employee screening and other security methods.”
Thursday, March 06, 2008
Bacon's (now Cision) Media Guide is Garbage: A Rant
Bacon’s Media Guide, how do I hate thee? Let me count the ways.
(Bacon’s is now the Cision Media Guide.)
1. Even after repeated requests over a number of years (dating back to at least 2001), my location is listed as New York. That means my business line, which (like my business) is located in my house, starts ringing around 6AM. I do not appreciate this. For those of you who subscribe to Bacon’s, please note: I am on the West coast. That’s Pacific time. Please don’t bug me before 8:30 or so Pacific time unless we have made specific arrangements otherwise.
2. Even after repeated requests over a number of years (dating back to at least 2001), Bacon’s lists my title as “Technology Editor, Barron’s.” I am NOT the technology editor. I write the Electronic Investor column for Barron’s every other week, and also author the annual review of online brokers. I contribute to a number of other publications, if their budget can accommodate my outrageous requests, and my focus is—and has been since 1991—financial technology. A recent update has me listed as “Business Columnist.” That is so broad that I get at least a dozen erroneous pitches DAILY.
I do not cover employment trends. I do not write about toys during the holidays. I avoid reviewing computers, printers ... hardware in general. But the title Bacon’s has bestowed upon me nets me all kinds of stuff that is way outside my bailiwick.
3. Companies send me books, gadgets, press releases, and countless emails based on the bad listing in Bacon’s. This is a huge waste of resources all the way around. I try to be polite to the PR people who have paid a bazillion dollars for their subscription to this faulty resource—it’s not their fault that Bacon’s has me listed wrong and refuses to correct it. But it gets very difficult when I’m on deadline and a PR rep for a cell phone ring-tone creation software company, or the rep for the next version of Guitar Hero, calls me. I don’t cover that stuff! Much of it ends up in the Barron’s office in New York, which generates even MORE resource waste when a kindly person there boxes it all up and ships it to me in California.
4. My listing apparently leads some people to believe that I not only work in NY, but that I am a full-time employee of Barron’s. I am a freelancer, which means I send stuff to Barron’s when it’s assigned, but other than that I have no contact with the gang in New York. If you contact me about the latest and greatest gameware, or about a management change at some tech firm, not only will I not write about it, but I don’t know who would. Don’t ask me. I don’t know.
Hey, why don’t you look through that copy of Bacon’s and figure it out? What? It’s out of date and isn’t helpful? WHY are you PAYING for it then??
5. I have begged, pleaded, threatened, cajoled, and generally harassed anyone I can find at Bacon’s to fix this thing. I made my first request to fix my listing IN PERSON at a trade show. I found the highest-ranking mucky-muck I could and asked her to make this correction. Whenever they send me an “Update your listing” email, I update it ... and then my listing never changes. The last time I talked with someone at Bacon’s, I asked them to just delete my listing completely and pretend I don’t exist. Instead, they edited it and I still get piles of misdirected pitches.
6. Lots of my writer pals have said that their listing in Bacon’s is wrong, and they can’t get it fixed either. I’m not taking their incompetence personally (though it’s tempting when the phone rings at 6AM). Bacon’s is the journalistic equivalent of the Roach Motel ... we can get in, but we can’t get OUT. Or corrected.
7. I have yet to get a contact that was generated by my Bacon’s listing that resulted in an article. What the hell is wrong with these people??!? Are they making more money by misrepresenting me?
PR people, please ... if you’re using Bacon’s as a resource to guide you to media folks, do some homework. There’s this cool thing on the Internet called a “search engine.” You may have heard of Google or Yahoo. Type in the name of the journalist you’re considering contacting and read a few recent articles.
Does it appear that your product falls within this person’s general range? If not, save yourself some time, and save the journalist a 6AM phone call.
To great fanfare, Bacon’s put out a press release a couple of years ago saying that they’re now “monitoring blogs” and are including that sort of information in their database as well. Fabulous. Maybe they’ll pick up my rant and fix my damn listing!
Posted by twcarey
on 03/06 at 06:17 PM
Saturday, March 01, 2008
Online Brokers Prep for Big Game
SPRING TRAINING IS UNDERWAY FOR ONLINE BROKERS—and every firm can still dream about victory as Barron’s annual review approaches in a few weeks. Here are some of the most intriguing lineup changes.
AT THINKORSWIM (http://www.thinkorswim.com), the focus is on enhancing customer experience, according to president Tom Sosnoff. The firm added CNBC Plus live, an online version of the TV broadcast—streaming and commercial-free—delivered to its software trading platform with market news and analysis at no additional charge. ThinkScript, a language customers can use to code and back-test their own proprietary indicators, was also added to the platform, along with forex trading in 123 currency pairs.
For investors on the go, thinkorswim has a new wireless trading platform for BlackBerrys and other mobile devices called thinkMicro. (Do you detect a pattern in the firm’s product names?) A set of trading gadgets called thinkPod can be linked to Websites such as those for news, and allows you to place trades without having to be logged into the thinkorswim software or Web application. Sosnoff and his firm have launched a quarterly magazine, thinkMoney, “which mixes advanced trading articles with our feeble attempts at satire.”
OPTIONSXPRESS (http://www.optionsxpress.com) is coming off an important year in which its founder, David Kalt, moved on. CEO David Fisher, who took the reins last October, says the firm’s “culture of persistent innovation” continues. OptionsXpress was among the first retail brokerages and the only Web-based online broker to offer portfolio margining, which bases margin requirements on the sum of an investor’s positions, including options, rather than individual holdings. Other firms offering portfolio margining ("New Options for Traders,” Oct. 30, 2006) are software-based and focus on very frequent traders.
“To ensure that we would be first to market with portfolio margin and that the integration would be seamless, we built all of the functionality in-house,” says Fisher.
Another goal achieved: integration of XpressTrade’s futures platform. ("Out of the Pit: Futures Go Online”, Jan. 14) “Our customers can now trade futures side-by-side with securities on a state-of-the-art platform,” Fisher says.
E*TRADE (http://www.etrade.com) added some muscle to its Web-based trading platform as well as to E*Trade Pro, its software-based platform for frequent traders. A big change was the addition of E*Trade’s Global Trading Platform, which provides U.S.-based retail investors the ability to trade stocks online in six foreign markets in local currencies. The new Global Trading Platform also features free real-time international quotes for the six markets (Canada, France, Germany, Hong Kong, Japan and the U.K.), and a redesigned customizable “Global Markets” page with free company-specific research from Reuters for the relevant markets.
E*Trade also expanded its roster of research tools, such as a redesigned online research center, with new features and links including intraday commentary and blogs from Seeking Alpha; enhanced market and news pages; daily trading ideas from MarketHistory.com and E*Trade’s “Most Popular” (a daily list of the 10 most frequently viewed symbols by E*Trade customers); and other news. Still more new goodies include MarketEdge, Second Opinion reports, an integrated and extremely spiffy stock screener, and a redesigned mutual-fund and ETF research center.
Customers of E*Trade Pro can now see every market maker involved in a given stock with free access to TotalView and OpenView data through the Market Depth window. A graph and a momentum bar provide traders with visuals of what they used to have to conceptualize themselves with Level 2 data. Also included: a suite of powerful new tools for options re- search—streaming Greek options chains, expanded market data and customizable inputs for calculations. For the last of these, a user can access the new Options Model Setup window to customize how analytics are calculated by choosing a pricing model (Black-Scholes or Binomial), statistical volatility, interest rate and more.
ROOKIE OPTIONSHOUSE (http://www.options-house.com), which launched in January 2007, introduced Virtual Trading, giving customers the opportunity to practice trading with all the site’s tools and capabilities—without risking their own money. On deck for this year are advanced order types, tax optimization and reporting tools from Maxit, and a new stock-screening tool.
We’ll just have to wait and see who the winners are.
Published in Barron’s, March 3, 2007.