The Strotman Memo: Widespread Fidelity 401K Fraud?
Bad news if you are a Fidelity 401K account holder: Some Fidelity customer service reps are apparently not so good at protecting customers' account information, and in a few cases have emptied the account holdings to con men. That's not all: It's not entirely clear if Fidelity will reimburse people have been cheated out of their 401K money.
The story comes from a San Francisco Chronicle reporter David Lazarus. He was able to get ahold of an internal Fidelity memo written by Tom Strotman, a Fidelity "director in customer support services focusing on risk management." According to the memo cited in the Chronicle article, Fidelity has had to make "many unpleasant calls" to customers who have been victimzed in a scam which apparently involves Fidelity customer service reps not properly authenticating people on the telephone, and then issuing 401K distributions to imposters.
Not surprisingly, Fidelity is in full damage control mode. From the article:
"But while clarifying that Strotman's department has not had to make 'many' calls related to incidents like the one described in the memo, [Fidelity senior vice president Anne] Crowley declined to directly refute the document's claim that at least some customers' retirement accounts are being emptied by con artists. 'I'm not going to get into parsing the memo line by line,' she said. "I am more inclined to believe Strotman, rather than the Fidelity spin doctors. For one, Strotman never intended for this to get out; it was an internal memo intended to educate colleagues to reduce fraud. Therefore, I have to take at face value the statement:
43 percent of "invalid calls" received by Fidelity reps last month were not properly authenticated.Crowley refused to define "invalid call". It's also not clear how many invalid calls Fidelity received in that month. but the Strotman memo said Fidelity investigated 457 cases of potential fraud in 2005, with "over $31 million in customer assets at risk." When the SF Chronicle asked Fidelity's Crowley about this, this was the result:
Of the 457 cases investigated by Fidelity's customer-service risk management team last year, she said only two resulted in a total of $10,750 being compensated to customers.Before you have nightmares of your 401K being emptied by identity thieves, consider this from the SF Chronicle article:
Retirement funds held by a brokerage are not insured in the same way that bank deposits are. But officials and lawyers say the brokerage is responsible under federal law for safeguarding 401(k) accounts.And at this point, I'll add a little more information to this story: So-caled "mumble attacks", which involve con men pretending to be speech impaired to corporate customer service reps in order to gain access to accounts or personal information. Is this what happened in Fidelity's case? Fidelity is not a public company, and perhaps doesn't feel it has to talk about the details.
But regardless of Fidelity's lame response, I must point out that the current system of authentication -- telling customer service reps the last four digits of your social security number, and your birthday -- is a pretty flimsy system to protect $10 thousand, $100 thousand, or $1 million dollars in 401K assets.
And it's not just a problem at Fidelity -- other mutual fund companies, banks, etc., use the same processes. I think in five years biometrics will be a common technology, and a better technology for authenticating people. But in the meantime, we are all vulnerable, to a certain degree.
Read this post on PFBlog.com/fidelityobserver -- Reader comments often appear there that won't show up on this page. You can leave comments on either page, I'll read 'em all!
posted by ian @ 12:19 AM
5 comments
links to this post
5 Comments:
Interesting post thanks for the info
Coming from the inside I would have to say that your information is useful to some point, but maybe you should have checked your facts before submitting a blog like this that slanders a reputable company. Authentification is not done that way, there are more secure measures that the company makes to secure your funds. I can not go into further detail but leave you only with this thought. There are several methods of fraud out in the world. How would you safe guard a world of technology?
Anonymous 1 & 2: Thanks for your positive comments.
Anon 2: Thankfully for little people, posting critical information or opinions about a giant corporation does not constitute slander, unless it is known to be false. I have repeated the contents of an internal Fidelity memo, as well as additional reporting by the SF Chronicle. I also added my own interpretation, and opinion. For the record, I did attempt to get a copy of the memo but was unable to do so.
You also say that "authentication is not done that way". We are talking from different viewpoints -- you from the point of view of an insider, me from an ordinary customer's point of view. And from a customer's point of view, phone authentication *is* done that way -- asking name, the last four digits of the social security number, and other personal information. Additional authentication that Fidelity and others do behind the scenes (and which I assume you refer to) is of course out of sight and beyond the scope of my comment.
Invalid calls are primarily those in which customers do not enter their personal identification number after being asked to do so multiple times by the automated phone system - not nearly representative of all the people who call in each day. Just remember that as frustrated as you may get when trying to get through an automated system like that, if you're one who likes to "#", "9" or "0" your way through phone systems because you just don't have the patience to enter a few numbers - it's all there for a reason.
Update - December 2008
I have reason to believe Fidelity is scaming people now. They sell CDs but I don't believe these are valid. At least some or not. Fidelity seems to be jumping through hoops about these to say the CDs are safe but don't believe them.
Post a Comment
Links to this post:
Create a Link
<< Home