Block Fraudulent ACAT Transfer Brokerage Scams — My Money Blog


For the average person, the most valuable information may be knowing how to identify and avoid the most current financial scams. Nearly everyone I know has either been targeted or has become a victim of one of these scams, and I am betting many people who lost money are too embarrassed to admit it publicly. (Literally in the middle of writing this post, I received another scam call.)

One scam that you may not have heard of is the ACAT Transfer scam. A thief will obtain enough of your personal information to open a new E*Trade brokerage account, and then they will request an ACAT transfer of the entire contents of your existing brokerage account (ex. Fidelity) to that new fake E*Trade account which they control. At this point, they can quickly liquidate the account and send the money elsewhere. The key here is that they just need to be able to open an empty, new brokerage account in your name plus find your Fidelity account numbers from a statement. They don’t need your Fidelity username and password (or pass two-factor authentication).

Even more importantly, you won’t notice unless you log into your account. Opening a new E*Trade or other brokerage account will not trigger a credit alert or most identity protection services. Many brokers (see below) will process an outgoing ACAT transfer without confirming with you or even notifying you in any way. If you don’t look at your statements closely, it may be months or longer before you notice.

You can read about the experiences of multiple victims in this Reddit thread. Here’s a partial quote in case the thread is deleted.

Lost around 150k worth of stock from my fidelity brokerage account to an online scam (ACATS Transfer)

My husband has a fidelity brokerage account and last month all his shares were transferred out of his account. Upon calling the customer care, we were told that his stocks were transferred by him to an account with eTrade.

We communicated that we don’t have any e-trade account and the transfer was not initiated by us. We were shocked that no notification/intimation was sent to us before completing the transfer and no authorization was required!!

It looks like a fake account was created in his name with eTrade which initiated an account transfer. He did not receive any request/emails/text from Fidelity that the stocks are being moved. The etrade account has been frozen but the stocks are already sold and proceeds are transferred to another account.

The good news is that the original poster was eventually able to get back their funds, although it must have been a very stressful two months. It is not clear if Fidelity reimbursed them out of their own pockets or were able to reverse the transactions.

We were able to recover the stocks after waiting and following up for 2 months. Fidelity reps were able able to help us.

The discussion pointed out the potential usefulness of a relatively unique Fidelity feature called Money Transfer Lockdown (Fidelity login required). Here is a summary of the features and how to activate it per Fidelity:

Money Transfer Lockdown, an additional security measure Fidelity provides to its customers, may affect or disallow certain types of transactions. In order to transfer between two of your Fidelity accounts (In your example brokerage and CMA) when Money Transfer Lockdown is enabled, you will need to temporarily disable the feature prior to making the transaction. Once you have successfully made the transfer, you can enable the lockdown again by logging in into your Fidelity.com account anytime and visit “Security Center” from your “Profile” page.

Protected Transactions:

  • Outbound money transfers
  • Transfers between Fidelity accounts
  • Transfer of shares and assets to other institutions
  • Individual withdrawals (previously scheduled EFT transfers from an account might still be processed)

Unaffected Transactions:

  • Deposits or transfers into a Fidelity account
  • Checkwriting and direct debits
  • Debit/ATM transactions
  • Trading
  • Scheduled Required Minimum Distribution (RMD) or Personal Automatic Withdrawal plan
  • BillPay

A member of the Bogleheads forum helpfully tested out this service by attempting various transfers out of their “locked” Fidelity account. The Money Transfer Lockdown service did successfully block a legitimate ACAT transfer request from another brokerage. However, ACH pulls went through for those accounts that have routing and account numbers like a traditional bank account. Here are their brief conclusions:

Fidelity’s account lockdown blocks fraudulent ACATS pulls. It is an excellent, differential feature that Schwab and Vanguard don’t have. However, it has some limitations and vulnerabilities. It provides no extra security against fraudulent push of assets and doesn’t block fraudulent ACH pulls. To deal with ACH limitations, using CMA as an intermediary account from brokerage to the external world may be prudent.

As a result, I have taken to using the Money Transfer Lockdown service on all available account types (doesn’t work on 401k accounts, for example). It’s a little extra hassle, but definitely worth the added peace of mind. I hope that Vanguard and other brokers will add a similar feature to make it harder to perform an ACAT transfer without notice. I also believe that Fidelity would do a much better job of working to restore my assets than any other broker, especially the smaller brokers.

Now, if someone gains full access to your Fidelity account (username + password + 2FA), they can simply turn off the Lockdown feature. However, every time I do that I get both a text and an e-mail, so hopefully that will provide early enough notice to block any fraudulent transfers, or at least make the clawback faster. In addition, I feel that most people need to make sure they have a difficult PIN number on their phone, as login security is quickly coming down to having your phone as a type of physical “key”.

The quiet nature of ACAT transfer is what makes this scam possible! They are taking advantage of standard industry practice that is a weak point in financial security. The scammers all know this. We need to change this process to increase security. First, I’ve never had a brokerage account opening trigger any credit alert or identity theft monitoring service. Second, I recently transferred a significant amount of assets to Fidelity from Public using ACAT, and Public did not send me a single email, text, or phone call. My Public account was simply zero one day. I did legitimately request this transfer, but what if I didn’t?!?



Source link