Enhanced Security for Your Sand Hill Accounts

Tony Craun

Much has been written in recent months about the Equifax breach and at Sand Hill we have spent a great deal of effort educating our clients on how best to protect themselves in light of this disclosure. With a bevy of your Personal Identifiable Information (PII) now widely available, criminals are moving past fraudulent transactions, including boldly attempting to fully impersonate you with your service providers. Standalone financial fraud is now morphing into a pairing of financial and identity fraud, a much more imposing threat. In response, Sand Hill has further evolved our policies and procedures to protect clients, their assets, and their PII. While some of the changes are deliberately not visible, one important and noticeable change we are making is to our money movement policies.

Historically, fraudsters who lacked access to client PII attempted to execute “third party” theft, in which requests were made to wire client funds to someone other than the named account owners. Most often, spoofed or hacked client e-mails sent to Sand Hill were used to make the request. Policies requiring signed client requests and confirming phone calls were adopted, which served to hinder these third party wire fraud attempts.

Persistent criminal elements have evolved again, and now possessing stolen or purchased PII, have taken to opening fraudulent bank and escrow accounts directly in a client’s name. With a corresponding account open, a “first party” transaction, where money is wired between the client’s brokerage account to a bank account in their name, is their latest nefarious endeavor. Previously, these first party transactions have been subject to less restriction and paperwork requirements within the industry as money was simply moving from the left to the right pocket of the client. However, with fraudulent first party accounts and transactions now possible due to compromised PII, Sand Hill is adopting the same signature and confirming phone call policies that previously only applied to third party wires. Clients now wishing to wire money to a bank account in their own name will need to sign paperwork and provide verbal confirmation each time. To help alleviate the client burden, these policies on wire transfers can be paired with standing instructions for electronic funds transfers based on individual client needs. 

For their part, our custodians, Fidelity Investments and Charles Schwab, have also enhanced their technology and procedures to further safeguard your assets against fraud. In this era of identity theft, personal information such as birthdates, maiden names, passwords and PINs are routinely compromised and cannot reliably hold up as verification sources. Instead, the custodians are increasingly turning to biometric markers – unique physical features like fingerprints – as the means of authenticating an individual during their direct client interactions. In addition to offering a higher degree of security, biometric verification eliminates the need for remembering passwords, answering random questions or managing multi-factor devices. While the trade-off between security and ease of use has been grudgingly accepted, biometric authentication holds the promise of both protection and convenience. 

Of the biometric tools being used today, fingerprint logins and voice recognition software are the most prevalent. For iPhone and iPad users, both Fidelity and Schwab support Touch ID and you can enable fingerprint access to your brokerage accounts. Enrolling in voice recognition at your custodian is another safeguard to be adopted. Once activated, it will prevent a fraudster from calling to gain access, obtain personal information, or take action on your account. Future biometric enhancements are on the way, beginning with Face ID (facial recognition software) found in the new iPhone X, as financial firms push to lessen their dependence on easily compromised personal data.

Sand Hill and our custodians consider your asset and personal information security to be the highest priority for our collective organizations. In adopting new procedures and providing technology solutions, our aim is to partner with you in deterring fraud. We appreciate your understanding of these efforts and encourage you to contact your Wealth Manager should you wish to learn more about how to further protect your assets and personal information.

The information provided in this article is for informational purposes only and should not be considered investment advice.  There is a risk of loss from investments in securities, including the risk of loss of principal. The information contained herein reflects SHGA’s views as of the date of this presentation. Such views are subject to change at any time without notice due to changes in market or economic conditions and may not necessary come to pass. SHGA does not provide tax or legal advice.  To the extent that any material herein concerns tax or legal matters, such information is not intended to be solely relied upon nor used for the purpose of making tax and/or legal decisions without first seeking independent advice from a tax and/or legal professional.  SHGA has obtained the information provided herein from various third party sources believed to be reliable but such information is not guaranteed. Certain links in this site connect to other Web Sites maintained by third parties over whom SHGA has no control. SHGA makes no representations as to the accuracy or any other aspect of information contained in other Web Sites. Any forward looking statements or forecasts are based on assumptions and actual results are expected to vary from any such statements or forecasts. No reliance should be placed on any such statements or forecasts when making any investment decision. SHGA is not responsible for the consequences of any decisions or actions taken as a result of information provided in this presentation and does not warrant or guarantee the accuracy or completeness of this information. No part of this material may be (i) copied, photocopied, or duplicated in any form, by any means, or (ii) redistributed without the prior written consent of SHGA.