22 October 2017

NASD issues online security warnings to investors and brokers

29 July 2005  |  1243 views  |  0 Source: NASD

Wireless technologies are making it easier both for investors and for brokers to conduct investment business online, especially from remote locations.

But those same technologies are posing new risks that confidential customer information will get into the wrong hands. Today, NASD issued two formal communications - one aimed at investors, the other at brokerage firms - offering guidance for protecting sensitive information from the hazards that changing technology presents.

NASD's Investor Alert, Protect Your Online Brokerage Account, highlights the risks involved when transacting investment business online and outlines steps investors can take to prevent unauthorized access to their account information. NASD's Notice to Members 05-49, Safeguarding Confidential Customer Information, reminds the more than 5,000 NASD-registered firms that their systems, policies and procedures must adequately address the risks posed by current technologies.

"The Internet makes life a lot easier for investors on the go, but it also presents them with new and serious security concerns," said NASD Chairman and CEO Robert R. Glauber. "Investors have the responsibility to be vigilant when doing business on-line. But firms also have the responsibility to have the right policies and procedures in place to protect investor records and information. NASD's job is to make sure those policies and procedures are in place and operating properly."

NASD's Investor Alert includes tips to help investors keep their information safe, including: thinking twice about using the "remember my username and password" feature when accessing brokerage accounts, especially on a public or shared computer; terminating each online session when finished by logging out, and creating passwords that are unpredictable and counterintuitive.

The Alert also addresses security issues surrounding the use of computers in wireless fidelity (Wi-Fi) hotspots, which provide free Internet connections and virtual private network access in places like airports, Internet cafés, or libraries. These hotspots are becoming more common and pose significant security threats, such as sniffing and evil-twinning. Sniffing uses a program that intercepts data to find specific information like passwords and credit card numbers. Evil twinning (also called WiPhishing) uses an attack computer that mirrors the setting of a Wi-Fi hotspot, but usually offers a stronger signal. The unsuspecting customer taps into this "rogue" entry point, which then allows the hijacker to use sniffing technology to read data that the victim might be sending, including login IDs and online account information.

Completely securing a computer against unauthorized Wi-Fi access is beyond the scope of the Alert, but it does recommend ways investors can protect themselves, such as shutting off wireless connectivity or removing the wireless network card if they leave the computer unattended; installing a firewall and anti-virus software on any laptop with wireless connectivity, and avoiding conducting confidential business in a Wi-Fi hotspot. For additional information, see the Wi-Fi Alliance's Wi-Fi Security page and NASD's January 2005 Investor Alert, "Phishing" and Other Online Identity Theft Scams: Don't Take the Bait.

NASD's Notice to Members 05-49 reminds registered firms that their systems, policies, and procedures must adequately reflect the latest changes in technology. NASD advises that while there can be no "one-size-fits-all" policy or procedure, each firm should, at a minimum, consider whether its existing policies and procedures adequately address technology currently in use; whether the firm has taken appropriate technological precautions to protect customer information; whether it is providing adequate training to employees regarding the use of available technology and the steps employees should take to ensure that customer records and information are kept confidential; and, whether the firm is or should be conducting periodic audits, to detect potential system vulnerabilities and to ensure that its systems are, in fact, protecting customer records and information from unauthorized access.

Comments: (0)

Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
visit www.innotribe.comvisit www.fivedegrees.nlvisit www.vasco.com

Top topics

Most viewed Most shared
Mastercard to roll out blockchain APIMastercard to roll out blockchain API
12521 views comments | 17 tweets | 27 linkedin
HSBC partners Bud for open banking trialHSBC partners Bud for open banking trial
11888 views comments | 22 tweets | 28 linkedin
satelliteGates Foundation backs Ripple collaboratio...
9441 views comments | 13 tweets | 10 linkedin
Sibos 2017: API or the highwaySibos 2017: API or the highway
8811 views comments | 11 tweets | 22 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
8475 views comments | 9 tweets | 18 linkedin

Featured job

Competitive base, commission, benefits
London, UK

Find your next job