Heard this rather alarming story from a friend yesterday:
She has a retirement account at Fidelity. Yesterday she got a call from Fidelity informing her that someone called with a request to liquidate her retirement account and wire the proceeds to a bank account. The caller was able to provide my friend’s SSN, address and birth date to Fidelity, and apparently the only reason Fidelity suspected fraud was because the individual was a male, whereas my friend is female.
My friend was naturally quite alarmed. She obtained the account number that the fraudster provided and tracked it to a bank. It turned out that the bank account was under a different individual’s name with a different SSN, and not hers, and yet aside from the gender mis-match, it appears that Fidelity was quite ready to wire the proceeds to any account number that the fraudster provided.
Subsequently my friend filed a police report, put a 90-day credit watch through Equifax, and requested Fidelity put a restriction on her account such that any redemption request must be made in person through a Fidelity branch.
I have a retirement account at Fidelity so I decided to call Fidelity and find out what verifications they perform for redemption requests. It turns out that other than SSN, address and birth date information, Fidelity really doesn’t do any other verification, which is more than a little disconcerting to me. So if a fraudster has someone’s SSN, address and birth date, he/she could conceivable just call up Fidelity and ask that an account be liquidated.
In this day and age where identify theft is rampant, it seems to me that Fidelity should at least have another layer of verification, such as a set of security questions. Vanguard for example has a set of security questions as an additional layer of verification, which is required for both web and phone access.
Your thoughts?
She has a retirement account at Fidelity. Yesterday she got a call from Fidelity informing her that someone called with a request to liquidate her retirement account and wire the proceeds to a bank account. The caller was able to provide my friend’s SSN, address and birth date to Fidelity, and apparently the only reason Fidelity suspected fraud was because the individual was a male, whereas my friend is female.
My friend was naturally quite alarmed. She obtained the account number that the fraudster provided and tracked it to a bank. It turned out that the bank account was under a different individual’s name with a different SSN, and not hers, and yet aside from the gender mis-match, it appears that Fidelity was quite ready to wire the proceeds to any account number that the fraudster provided.
Subsequently my friend filed a police report, put a 90-day credit watch through Equifax, and requested Fidelity put a restriction on her account such that any redemption request must be made in person through a Fidelity branch.
I have a retirement account at Fidelity so I decided to call Fidelity and find out what verifications they perform for redemption requests. It turns out that other than SSN, address and birth date information, Fidelity really doesn’t do any other verification, which is more than a little disconcerting to me. So if a fraudster has someone’s SSN, address and birth date, he/she could conceivable just call up Fidelity and ask that an account be liquidated.
In this day and age where identify theft is rampant, it seems to me that Fidelity should at least have another layer of verification, such as a set of security questions. Vanguard for example has a set of security questions as an additional layer of verification, which is required for both web and phone access.
Your thoughts?