Are IB, datek e-mail confirmations secure?

Discussion in 'Retail Brokers' started by ajax_g, Nov 4, 2001.

  1. ajax_g

    ajax_g

    Many of you trade with IB and Datek. Both of them use your e-mail address to send trade confirmations, while IB sends monthly statements too.

    The big question is: Are those e-mails safe?

    In my opinion any e-mail-server can be intercepted.

    Web-based mail servers such as Hotmail.com, yahoo.com are very vulnerable.

    Traditional e-mail-boxes, such those kept at your ISP are much safer but the e-mails can be read by the ISP administrator.

    I was wondering if the following solution brings more confidence among the clients:

    Trading firms such as IB/datek etc can create their own mail servers for their clients.

    All trade confirmations/monthly statements will be stored in those servers in PDF format. The clients would be able to download those files once they are logged into their accounts.

    Of course the whole process would be encrypted the same way their trading websites are today.

    Our current email address(web based or not) could be used for notification purposes only, i.e. the trading firm could send a short e-mail to our regular e-mail address indicating that a Message has been deposited in our mail-box in their servers but nothing else. No details about the trade, balances, a/c #s etc should appear.

    Datek has a system like this. They send you a notification that you have messages (monthly statement or trade confirmation), then you have to log into your trading account to read the messages. But they send trade confirmations to the regular e-mail-address too and they contain too much info. I don't understand why.

    What's your opinion?
     
  2. fleance

    fleance

    Every night IB sends a daily account statement, and at the end of the month they send a monthly account statement. These emails are not secure, and they contain your name, address, and account number. Here is an example of the text at the top of each of these emails:

    Customer: JOINT Clark Kent and Lana Kent
    Address: 723 Winding Lane, Smallvile KS 23453 United States
    Email: superman@yahoo.com
    Acct ID: S999999 User Name: kryptonite Type: STKNOPT
    Base Currency: USD

    IB has a secure website were you can view your daily and monthly account statements as an ASCII report or download as QUICKEN or MS Money export. This website is very easy to use.

    I would appreciate it if IB gave customers an option to receive a notification that their daily account statement was available rather than the statement itself.

    I have setup up electronic billing with my phone companies Pacbell and QWest and both of them just send you a notification that your bill is available online. Most banks, credit card, and other companies which conducting business over the internet, do something similar. Sending someone's name, address, and account number via unencypted email every night is a no-no..

    Fleance
     
  3. ajax_g

    ajax_g

    I believe people are worried about unencrypted e-mail confirmations/statements.

    I wonder why nobody has asked trading companies to use encryption or find a way to protect customers sensitive data on the web.

    The best would be to keep all confirmations/statements in their secure servers and send an e-mail to our regular e-mail address(unencrypted) when a new message is deposited in our account-mail-box.

    This short message should have no personal data whatsoever just a notification: "you have messages"

    Do you believe it is time to ask IB to be more careful with our personal data on the web?
     
  4. I agree. The way IB sends you trade confirmations is just crazy.
     
  5. aldrums

    aldrums Guest

    I e-mailed IB about this problem months ago, and they said they were working on it. A lot of the solutions that been offered on this thread would work very well to solve this issue. But IB could at least start by taking the account numbers and addresses off the e-mails...this is not rocket science.
     
  6. This issue is troubling because IB seems to be on top of tech issues. Why would they use a practice that seems to pose an obvious security risk. On the other hand, mailed confirmations are also a problem. They have thesame or even more personal information, and at least in my city, misdeliveries are common.
     
  7. Funny thing about Datek - starting a few months ago, the email notifications (the ones that give details of the order, not the ones that say there's an electronic confirmation in your Inbox) began getting erratic. I now only get them for around 25% of my filled orders. The notifications about electronic trade confirmations get through OK, though, so I don't think it's a problem with my local email setup. Anyone else seen this?
     
  8. ajax_g

    ajax_g

    sends confirmations with all your trade details and this must be stopped.

    I contacted once with this problem and they said it is an automated e-mail and there is nothing to be done about it.

    I believe if we ask them to modify their e-mail confirmations or STOP them altogether there might be a change.

    Personally I don't want to receive any e-mail confirmations at all.

    IB is much worse. Their e-mail confirmations have all your personal on them. In fact almost all. They forgot to print your Social Security Number. Probably they will add it in the next upgrade.

    But let's get serious.

    Judging from your responses people are not so much worried about unencrypted e-mail confirmations by both Datek and IB. Probably you are worried but you think even if you complain nothing will change.

    Well, if all of us ask them to change their e-mail confirmations and be more careful with our personal data online they will have to do something to improve security.

    Please post your opinion.