NEW YORK - The ugly reality of identify theft is seeping into the brokerage business.
Securities regulators clearly are concerned. Last Thursday, the Securities and Exchange Commission issued a guide to investors about steps they could take to protect online brokerage accounts from intruders, and in July NASD of Washington sent a notice to its broker-dealer members reminding them of their obligation to protect customer information.
"Over the past few months, the SEC has become aware of numerous situations in which unauthorized individuals have gained access to other people's online brokerage accounts," the SEC said in a statement.
"Some of these fraudsters have stolen money from investors by transferring funds from the online brokerage accounts to outside accounts."
Incidents are on the rise.
Near the end of September, RBC Dain Rauscher Corp. of Minneapolis said that about 100 clients had received an anonymous letter that said personal information had been stolen from the firm.
The letter claimed to be from a former employee of RBC Dain Rauscher Corp., a Minneapolis-based full-service broker-dealer with 1,750 registered representatives.
"No one is immune to it," said Paul McCabe, a Minneapolis-based special agent with the FBI. He said no arrests have been made in the RBC Dain Rauscher case, and he does not know of any money being stolen.
Meanwhile, thieves have also been cracking into online brokerage accounts, using personal information such as passwords and user names. Clients at E*TRADE FINANCIAL Corp. of New York and Ameritrade Holding Corp. of Omaha, Neb., had money stolen from brokerage accounts over this summer, according to published reports.
Identity theft, a scourge to consumers, is most commonly associated with credit card customers. Consumers reported $547 million in fraud and identity theft last year, according to the Federal Trade Commission. While the threat to broker-dealers from identity theft, Internet fraud or a combination of the two appears small right now, there is clearly potential for damage, analysts and observers said.
"Making the client whole is easy enough, but recovering from the lost revenue opportunity is huge," said Matt Bienfang, a senior analyst with TowerGroup Inc., a Needham, Mass., research firm.
He estimated that fewer than 5,000 cases of Internet fraud committed this year against financial services institutions and client accounts will turn into actual financial losses. About 10% will affect broker-dealers.
"The real damage is the brand damage this represents," he said, with public relations becoming a "disaster."
Identity theft crimes at broker-dealers "have not blossomed yet like in banking or credit cards," Mr. Bienfang said. "But as broker-dealers evolve and become more service oriented, it creates more opportunities for potential points of identity theft."
The fear of identity theft could result in clients' making more transactions over the phone to a call center with an agent, at $24 per trade, instead of online, which could cost only $7 per transaction, Mr. Bienfang said.
Broker-dealers are at risk, he said. "You can't name a brokerage firm that doesn't have a web portal," Mr. Bienfang said.
"Online identity attacks are coming on fast and furious" through a number of routes, said Chris Voice, a vice president of technology for Entrust Inc., a technology and software firm based in Addison, Texas. As a result, consumer confidence has been eroded in some online services, he said, with 14% of consumers either stopping or lessening their use of online banking.
Such a trend could be damaging to companies that have embraced the Internet, Mr. Voice noted. "If you get people stampeding back to the phone, that's going to blow up your cost model," he said.
Industry groups such as the Investment Company Institute and the Securities Industry Association, both based in Washington, support a recent federal proposal, which calls for security standards regarding breaches of information that could lead to identity theft. The SIA is also based in New York.
And states are rapidly passing laws that require businesses to tell customers in the event of a security breach that may put non-public personal information at risk.
The FBI has doubled the size of its team focused on online financial crimes, with 20 people in Pittsburgh and more set to join, said Dan Larkin, unit chief for the Internet Crime Complaint Center. Internet crime is the FBI's number one criminal priority, he said.