Securities Insecurity

But for a chance phone call to Fidelity Investments and a chance conversation with my postal carrier, I would not have discovered a recent attempt to defraud me of my life savings until the money was gone.

Until that call, I was sure that security for investors’ accounts was airtight. So I was baffled when the customer service representative told me I could not make a trade because I had already sold nearly all my mutual funds. For a moment, I wondered if I had perhaps sold the position in a fit of fear as the Dow was gyrating, then forgotten what I had done.

But no. A company representative played back a few seconds of a tape in which “I” called in the sell order.

It was not my voice.

Maybe I shouldn’t have been surprised. Calls to investment companies’ 800 numbers are typically an anonymous event. That and the ability of sophisticated crooks to gain personal information and access to individuals’ investment accounts are making for some very scary cases of what is called identity fraud, in which one person pretends to be another in order to gain access to his or her money.

Not that investment companies will readily concede the point.

Indeed, investor security turns out to be a touchy subject in the investment business, one many companies are reluctant to discuss in any but the most general terms, if they’ll talk about it at all.

A spokesman for Smith Barney Inc. insisted that his company’s investors are secure because their full-service brokers know them. But he also insisted I not publish his name saying so.

“I’ve never really heard of anything going very sour in that regard,” he said. Nor, he said curtly, was he interested in having any company executive “spend an hour talking about this.” Then he hung up.

John Collins, the head spokesman for the Washington-based Investment Company Institute, similarly played down any idea that what happened to me could be an indication of some serious industrywide account security problem. Rather, he likened it to “a forgery, similar to that involving a stolen check or money order.”

Don Botler, the trade group’s vice president, emphasized that the roughly one in three American households that have invested a combined $3.6 trillion in mutual funds are largely secure from fraud.

Indeed, only about $4 million has been defrauded from fund companies over the last several years, according to Natalie Shirley, senior vice president for the separate ICI Mutual Insurance Co., the leading insurer of mutual funds. Of course, that figure doesn’t include every type of case, nor any attempted frauds like the one that disrupted my life.

Shirley also pointed out that most such frauds are committed by “someone known to the shareholder. This may be an estranged spouse, a disgruntled household employee or an angry child” who has obtained access to a client’s account information. But fraud by strangers is the fastest-growing type, she added.

And, as always, there is the worry that the fraud may just be an inside job. Typical is a third-party check scheme last year targeting Goldman, Sachs & Co. A man named Madueke Ekwarka, working with a temporary employee in the Goldman Sachs mail room, was allegedly able to steal $2.8 million from the brokerage.

Ekwarka posed as a Goldman executive, opened bank accounts, desposited checks made out to the brokerage and then wrote checks on the accounts to accomplices, according to news reports. Ekwarka pleaded guilty last fall in New York federal court to conspiracy, fraudulent use of a fictitious name and interstate transportation of stolen property.

To safeguard against a repeat of this, most fund companies no longer accept third-party checks, Shirley said.

There weren’t similar safeguards to prevent the fraud targeting me, however.

I learned about the scheme shortly after being told that my balance in one of my funds was zero. Then I was told that two days earlier, I had closed out nearly all my other equity funds, transferring the money into a cash account from which a check could be written.

The unauthorized transactions were startling enough, but I still didn’t see the full danger. Fidelity would send a check only to my home address, right?

But then I discovered that “I” was going on vacation.

Through a chance conversation with William Enojado, my postal carrier, I learned that I had placed a two-week vacation hold on my mail--the hold period coinciding with the time a check would have been mailed.

As it turns out, it is not particularly difficult to fraudulently place a vacation hold. No identification is required, according to Ken Snavely, customer service manager for Santa Monica’s Colorado Avenue postal station, the one that processes my mail.

Since I rarely use the Colorado Avenue facility, none of the clerks there would be able to match my name to a face. With the check in hand, the thief would then have had a chance to cash it.

Concluded Joseph Digiacomo, postmaster for Santa Monica: “If someone had come in with a forged picture ID, they could have gotten the check. It would have worked.”

Maybe I would have found out about the hold before the check arrived, but maybe not. Digiacomo added that post office investigators don’t have much time for a single incident like mine; they have to focus on larger thefts of entire trucks or mailbags.

In later discussions of my case with Fidelity head detective Haig Soghigian and his colleague Joe Kuhn, I discovered just how easily a thief can gain access to an account.

With information from a monthly statement or a confirmation notice, all anyone needs to get into another person’s account is one more piece of information: the Social Security number.

And, says Social Security Administration spokeswoman Pam Reim, a Social Security number is not hard to come by illicitly. “The fact of the matter is that people give out their Social Security number on credit card applications, or when they rent a house or buy a car, or on job applications, or sometimes even when they rent a video,” she said.

So what can you do?

There is no ironclad guarantee of security, but there are some steps you can take. For instance, some companies allow investors to create a password that’s necessary to do business. An investor could also request that any transaction be confirmed with an immediate call back to the customer’s home number, Kuhn said. Neither a password nor callback system, however, is in place at Fidelity or most other companies.

Explained Botler: “The industry has to strike a balance between providing convenience to their customers and protecting them against potential fraud. It’s not for us to say whether the balance is struck in the right place. Each company has to make its own assessment.”

As it turns out, my case was one of a string of similar such theft attempts involving other Fidelity accounts in the Los Angeles area over a couple of weeks, Soghigian said, so they may have been inside jobs.

For all the fear these situations create, it is unlikely that any investor would actually suffer a permanent loss. The financial companies are insured against theft and are likely to reimburse a victimized investor. Fidelity restored my positions in full and says it would have reimbursed my money even if the theft had been successful.

Even so, there was and remains some unpleasant fallout. I had to undergo polite but long interviews with Fidelity detectives and executives, discussing my financial life and the individuals with whom I do business. And there’s the fact that at least one dishonest person out there knows all the basic information about me, including where I live.

In the end, I kept my account at Fidelity, with additional safety measures. I feel safe--for now.

But my level of trust will never be the same.

(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)

How to Protect Your Accounts

1. Consider using a full-service broker. A broker who knows you personally and recognizes your voice has a chance to prevent problems and notice any odd activity in your account. Of course, that person won’t be a deterrent if the trouble is with checks or a credit card linked to your brokerage account. And using a full-service broker will cost more. On the other hand, the greatest number of fraud complaints to the Securities and Exchange Commission are about brokers misrepresenting their products or churning accounts.

2. Cancel phone privileges. Many brokerages will allow you to specify that withdrawals be done only in writing or even only in person. It’s less convenient, to be sure, but the peace of mind may be worth it.

3. Watch your mailbox. Be careful of what you put in the trash. Statements and other documents are prime sources of information for crooks who want to get at your money. Be concerned if you are missing a statement. Consider buying a paper shredder.

4. Read your financial statements. It sounds obvious, but be aware that if you ignore a problem too long, you may lose some of your rights to recover the funds.

5. Use optional safety features. Take advantage of call backs, passwords or whatever your brokerage offers.

6. Read up on what regulators have to say. Tips from the Securities and Exchange Commission can be obtained by calling (800) SEC-0330, or on the Internet at https://www.sec.gov. Information on avoiding fraud, suggestions for choosing brokers, and links to tips and warnings from several government agency sites can be found on the Internet at https://www.investorprotection.org. The site is sponsored by the Investor Protection Trust, a nonprofit group set up as part of a 1993 settlement of charges of misconduct by the Salomon Bros. brokerage.

7. If you discover any problems, take immediate action.

* Call the major credit-reporting bureaus. They will send you a copy of your credit report and place a fraud alert on your account. Their names and numbers are Equifax, (800) 685-1111; TransUnion, (800) 680-7289; and Experian (formerly TRW), (800) 301-7195.

* If a check or statement is lost in the mail or if you have received no mail for several days, you may want to call the Postal Service at (800) ASK-USPS.

* If it appears that a thief has your Social Security number, contact the Social Security Administration at (800) 772-1213 for information.