Retirement Planning Gives Bigger Role to Theft Prevention as Risks Lurk Online
(snip)
Record-keepers typically have policies that promise reimbursement as a result of unauthorized activity in 401(k) accounts. But such coverage might be contingent on account owners having taken certain steps. Vanguard Group Inc., for example, says if theres evidence you neglected to reasonably safeguard your account, further investigation may be necessary to determine whether we can issue a reimbursement.
Recent court cases highlight the risks for account owners. In one such case, filed last April, Heide Bartnett alleges that Abbott Laboratories, where she worked in sales from 2002 to 2012, and its 401(k) plan record-keeper, Alight Solutions LLC, violated Erisa by allowing money to be stolen from her account. Ms. Bartnett, 60 years old, said she was shocked to receive letters from Abbott on Jan. 14, 2019, notifying her that her 401(k) account password had been changed and a $245,000 distribution made to a bank account that wasnt hers. With 68% of her $362,000 balance gone, I thought, This cannot be happening, said the Darien, Ill., resident. She has since recovered about $108,000.
According to the lawsuit, the perpetrator changed Ms. Bartnetts 401(k) account password by using the forgot password option and a one-time code sent to her email addressan email Ms. Bartnett said she has no record of receiving. The thief also successfully impersonated her in calls to the plans call center.
(snip)
On Feb. 8, U.S. District Judge Thomas Durkin in the Northern District of Illinois dismissed Ms. Bartnetts case against Abbott, but not against Alight. In a statement, Alight declined to comment on the litigation and said: We continually evaluate our security measures to ensure they meet and exceed industry best practices.
Here are steps 401(k) record-keepers and others recommend taking to safeguard your retirement accounts:
Have an online account. Mr. Taylor recommends setting up online access to your account even if you prefer paper statements, because unclaimed online accounts are easier for impersonators to take control of.
Check in regularly. Check your 401(k) account, including your email and street addresses, at least monthly. Sign up for text alerts that notify you of changes or transactions and use multifactor authentication, which verifies your identity by sending codes to multiple devices.
Practice good internet hygiene. Avoid public Wi-Fi and never click on emails or texts seeking personal information, including passwords. Promptly install software updates.
Create good passwords.Choose a unique password you keep confidential. Providing passwords to third-party services that aggregate passwords or financial-account data could be grounds for denying reimbursement if our investigation determines that a fraud event is traceable to that service, Alight said.
https://www.wsj.com/articles/retirement-planning-gives-bigger-role-to-theft-prevention-as-risks-lurk-online-11613125801 (subscription)
progree
(11,463 posts)and they got hacked, then one would be screwed?
I check my accounts every week, just comparing the number of shares of each holding to what I had written down before.
Pobeka
(4,999 posts)I would never, ever, ever give such passwords to another entity. Despite all the re-assuring words, and legalise, passwords given to another entity are out of your control, and those single site based databases become a *HUGE* target to be hacked.
The only way to keep secret, is never to share the secret...
progree
(11,463 posts)and just leave people high and dry. I suppose then it's just a matter of doing the "Forgot My Password" reset thing, but still.
I've thought of using a password manager for the many many many accounts (non-financial) that aren't all that important, but still use the old-fashioned way for the really important accounts.
But even for an account that isn't important, well, still if someone got into it and therefore into my profile, they'd have my email address, and maybe, on some accounts, the answer to security questions like the name of my first pet and so on. That would be awful.
Pobeka
(4,999 posts)I am a programmer -- and review the source code, compile it myself (on linux).
I totally get the convenience of passwword managers.
The one I use is keepass (https://keepass.info)
It's open source, free and there are versions for linux, windows, android. I keep a copy of the database on my phone, so if the house burns down (God forbid!!) I have access to all my sites, usernames and passwords.
It's pretty much guaranteed this wll always be around.
bucolic_frolic
(46,973 posts)it's on my spring calendar to revisit some of these issues, because companies have not been cooperative. Makes me want to focus on 2 or 3 accounts only, and go local with the best of them.
There are people who say debit cards aren't safe either. Once they're empty, your out of luck. I have no idea what would happen if I cancel my debit card. You can't even visit a bank anymore for customer service, it's all done at the drive through. The lack of a debit card leaves you without cash, or credit card cash advances which I think there is a fee for that.
Then there's paypal. I'd like to close that too. It of course is hooked up to bank and credit accounts. Access opens your credit line.
My bank was not helpful with all this. There answer was to access your account each day. Great, each account each day, like there went 30 minutes.