NEW YORK - Customer accounts at online brokers including E*Trade Financial and TD Ameritrade have been infiltrated by computer hackers in Eastern Europe and Asia in one of the biggest cases of identity theft to strike the US securities industry.
The FBI, the Securities and Exchange Commission and the National Association of Securities Dealers are trying to unravel the fraud, which has cost New York-based E*Trade at least US$18 million ($27 million) and caused losses at TD Ameritrade of Omaha, Nebraska.
In one "pump-and-dump" scheme the SEC uncovered, thieves used customers' money to drive up the prices of little-traded stocks and then sold shares they bought earlier at a profit.
"The perpetrators were more organised, and it was a bigger issue this quarter than it had been before," E*Trade chief operating officer Jarrett Lilien said.
Online brokers are a growing target for criminals who ply the internet from countries beyond the reach of American law.
"Identity thieves appear to be directing increased attention to the securities business, and their attacks are growing in sophistication," said John Walsh, chief counsel in the SEC's office of compliance inspections and examinations, at an industry conference in Phoenix on October 5.
E*Trade disclosed last week that it spent US$18 million in the third quarter to compensate customers affected by trading fraud.
TD Ameritrade, the third-largest online broker, also suffered losses because of bogus trading by unauthorised users who pried their way into customer accounts, said spokeswoman Katrina Becker.
She would not say how much the company lost. Charles Schwab Corp, the biggest online broker, didn't experience "anything unusual enough to warrant a financial disclosure," said spokesman Glen Mathison.
A spokesman for closely held Fidelity Investments of Boston, the second-largest discount broker, declined to comment.
E*Trade chief executive officer Mitchell Caplan told investors that investigators traced the illicit trading to Eastern Europe and Thailand.
TD Ameritrade said it also was targeted by cyber-criminals in Eastern Europe and Asia.
"Internet crimes that result in the theft of personal and financial data from consumers continue to be a significant and global problem," FBI spokesman Paul Bresson said.
Some of the losses were straight theft.
In his presentation at Phoenix, Walsh explained how criminals used personal information such as American social security numbers to break into accounts and loot them, selling securities and wiring the proceeds far from the US.
The online version of the "pump-and-dump" fraud sets off few security alerts at brokerage firms because no money is withdrawn from the compromised accounts, Walsh explained.
"If you are looking for a single 'hot topic' in the world of identity theft, this is it," he said.
In "alias fraud", a thief opens an account in an individual's name, then uses it for illegal trading or money- laundering. Because the victim's name is on the account, he or she appears responsible for the crimes.
Walsh said the SEC had started a "sweep examination" of brokerage firms to determine if they had adequate technology and staff training to prevent and detect online fraud.
Said E*Trade's Caplan: "This thing is so widespread and has such a significant impact that you're going to end up seeing structural changes in the industry."
Caplan told investors E*Trade reduced the fraud to "almost zero" in the past three weeks after beefing up security for electronic trading.
The Federal Deposit Insurance Corporation gives US bank accounts cover worth up to US$100,000 against fraud or insolvency but brokerages get no such protection.
In an effort to allay concerns about internet trading and keeping cash in online bank accounts E*Trade promised in January to reimburse customers for any fraud-related losses. TD Ameritrade and Schwab gave similar guarantees in February and Fidelity followed in May.
- BLOOMBERG
Cyber-crims grab millions
AdvertisementAdvertise with NZME.