IB : If someone has my IB password, can they get to my funds?

rayl · Apr 25, 2007

Quote from polpolik:

I'm not sure if it's a requirement with IB but I think it can only be wired to an account that has your name on it. So Joe Schmoe cannot go into Joe Blow's account and setup instructions or account that will go to Joe Schmoe's account.
More...

This seems right. IB's protections against withdrawals are reasonable and within market best practices IMHO. (Also the RSA gadget required for > 100k.)

Another risk might be an intruder trading a security at adverse prices with the intruder's other account elsewhere -- I'd imagine this would take a thinly traded security and hidden orders on an ECN somewhere....

When the RSA gadget is extended to cover normal logins, this form of attack would be better protected against.

tyrant · Apr 25, 2007

Quote from GTS:

This doesn't directly address your question (because I don't know the answer) but there are indirect ways of leveraging the money/buying power in your account to someone elses benefit if they have the ability to place trades in your account:

Someone could use your account to place a large buy order on a thinly traded stock while at the same time they placed a corresponding sell order on that stock in their account (assume they bought the stock earlier at "normal" prices).

Another poster previously suggested that doing this with thinly traded options could be an even more efficient way of generating a loss in your account and creating an artificial gain in their acct, in essense transferring money to their own account.
More...

Very good points.

tyrant · Apr 25, 2007

Quote from rayl:

This seems right. IB's protections against withdrawals are reasonable and within market best practices IMHO. (Also the RSA gadget required for > 100k.)

Another risk might be an intruder trading a security at adverse prices with the intruder's other account elsewhere -- I'd imagine this would take a thinly traded security and hidden orders on an ECN somewhere....

When the RSA gadget is extended to cover normal logins, this form of attack would be better protected against.
More...

I don;t understand what you mean by "When the RSA gadget is extended to cover normal logins, this form of attack would be better protected against".

tyrant · Apr 25, 2007

Quote from cstfx:

Read prior threads: it is standard now for all accounts.
More...

Do you mean that all IB accounts now have the special device?

rayl · Apr 25, 2007

The same time-dependent security device being used to authenticated funds transfers over 100k will shortly become an opt in feature for TWS login as I understand it.

GTS · Apr 25, 2007

Quote from tyrant:

Do you mean that all IB accounts now have the special device?
More...

Read: http://www.elitetrader.com/vb/showthread.php?s=&threadid=90894

GTC · Apr 26, 2007

Quote from makloda:
Apart from that, I believe you can only wire out funds to accounts they were wire in from in the first place. I am not 100% sure about this but I recall something along those lines. Should make it hard for hackers to wire your funds to Latvia or Nigeria.
More...

IB also allows funds to wire-out to accounts from which they were not wire-in.