Securities Regulator Issues Tips to Protect Financial Information
FINRA (the Financial Industry Regulatory Authority) has published, “Keeping
Your Account Secure: Tips for Protecting Your Financial Information.”
According to FINRA, identity theft has advanced well beyond “dumpster diving”
to recover discarded account statements or other records that have not been shredded,
though this old-fashioned method still is a threat. In addition, some identity thieves “use
keystroke-logging software to capture usernames and passwords, disseminating these
programs through instant messages, emails, or freeware.” Likewise, “others ‘phish’ for
sensitive information by sending phony emails that purport to come from a legitimate
financial institution but which ask for information your firm would never request through
email – such as confirmation of an account number, password, credit card number, or
Social Security number.”
The FINRA publication discusses a dozen steps that investors can take to secure
their brokerage accounts as well as other personal financial information. Let’s examine
First, protect your passwords and PINs. The regulator advises not to share these
with anyone, and not to store them on your computer. Also, you should change your
passwords and PINs regularly, use a different password and PIN for each of your
accounts, and use passwords or PINs that contain both numbers and letters or symbols.
Second, maintain your computer security. FINRA encourages personal firewalls
and security software packages (with anti-virus, anti-spam and spyware detection
features) for anyone doing online financial transactions. Also ensure that the software is
up-to-date and is configured for automatic updates. For laptops, the regulator
recommends encryption software.
Third, use your own computer. FINRA discourages using public computers to
access your brokerage account because they may contain software that captures
passwords and PINs. Likewise, occasionally check your own computer to determine if
anyone has added programs or attached any device to it without your knowledge.
Fourth, log out completely. The regulator advises you always to click the “log
out” button on your brokerage firm’s website. Otherwise, the connection still may be
Fifth, use wireless connections prudently. FINRA cautions that wireless networks
may not provide as much security as wired connections, especially with wireless
networks in public areas like airports, hotels, internet cafes and restaurants. If you use
your own wireless network, make sure it has wireless encryption.
Page 1 of 2
Sixth, ensure that a website is “secure”. The regulator observes that secure
websites start with “https” not just “http”. On Microsoft Internet Explorer 7, the address
bar turns green.
Seventh, be careful what you download. FINRA warns not to download or install
programs or software from unknown sites/sources. Do not click on links in pop-up
windows. Do install anti-spyware software.
Eighth, don’t respond to emails requesting personal information. The regulator
advises that legitimate companies will not request this information through email.
Ninth, read all of your statements from banks, brokerage firms and credit card
companies. FINRA recommends a thorough and immediate examination when they
arrive in the mail to check for unauthorized activity or inaccurate transactions. Make
sure you report your concerns immediately, and in writing where necessary.
Tenth, secure your confidential documents. The regulator recommends keeping
all financial documents in a secure place, and shredding documents that have confidential
financial or identification information before throwing them away.
Eleventh, safeguard your (and your dependents’) Social Security number. FINRA
cautions against using your Social Security number as your username, password or PIN.
Likewise, avoid placing it on checks. Finally, keep your Social Security card in a safe
place and avoid carrying it with you.
Twelfth, periodically perform an “Identity Theft” Check. The regulator suggests
obtaining a free credit report every 12 months from three different credit bureaus through
www.annualcreditreport.com. Be aware that this is the only authorized source for free
credit reports and that you will have to provide your Social Security number.
In conclusion, FINRA’s guidance is comprehensive and increasingly relevant to
protect investors as identity thieves devise ways to steal confidential information.
About the Author: James J. Eccleston leads the Securities group at the Chicago law firm of Shaheen,
Novoselsky, Staat, Filipowski & Eccleston, P.C., where he represents investors in recovering investment
losses and financial services professionals in disciplinary, employment, and compliance matters. He has
held numerous securities licenses and Chicago Bar Association leadership positions and serves as an
arbitrator and mediator. He is a recipient of Martindale-Hubbell’s highest rating (AV) for legal ability
and ethics and is named to the Illinois Super Lawyer and Leading Lawyer lists.
JEccleston@snsfe-law.com, 312.621.4400, www.snsfe-law.com, www.financialcounsel.com
Page 2 of 2