Hi, This is just an assumption. If someone has access to my IB trading password, can he get the funds out of my account? I understand IB only withdraw funds back into the account from which funds were sent. Does this help the security? Thanks
IB offers a one time password system free for accounts over $100,000. If your account is less than that, I believe you can buy the required hardware for approximately $150.
Apart from that, I believe you can only wire out funds to accounts they were wire in from in the first place. I am not 100% sure about this but I recall something along those lines. Should make it hard for hackers to wire your funds to Latvia or Nigeria.
I have been removing monies from your account without your knowledge for some time. Can you please keep a decent size ballance as I dont work cheaply.
This doesn't directly address your question (because I don't know the answer) but there are indirect ways of leveraging the money/buying power in your account to someone elses benefit if they have the ability to place trades in your account: Someone could use your account to place a large buy order on a thinly traded stock while at the same time they placed a corresponding sell order on that stock in their account (assume they bought the stock earlier at "normal" prices). Another poster previously suggested that doing this with thinly traded options could be an even more efficient way of generating a loss in your account and creating an artificial gain in their acct, in essense transferring money to their own account.
I think they would also need control of your email/computer. IB sends a confirmation email to your email of record that has a number "token" that you must put in, before they approve the transfer. If someone could monitor your email and/or change it (also requires confirmation token sent to current email address), then they could possibly steal money. But they would also need to, AFAIK, create a withdrawl "instruction" to ACH or wire out money. This usually takes a while and, also, requires confirmation if I remember correctly. In short, it would generally be hard IMHO. But if someone had complete control of your system, and you were gone for a week or two (vacation?) then it would be fairly easy. Best solution is the hardware device. It's just a small handheld device you type in the numbers they give you and it creates a "response code". That way, the crook has to have the device and your passwords to steal.
I'm not sure if it's a requirement with IB but I think it can only be wired to an account that has your name on it. So Joe Schmoe cannot go into Joe Blow's account and setup instructions or account that will go to Joe Schmoe's account.
Yeah I think you are right. So it would be a little harder. They'd have to setup an account with the same name, using fake ID. At least, I hope the bank would ask for real ID.