Not to be rude, but why do you guys seem to think anyone gives a shit about your daily statements? Further, IB identifies callers by caller ID, and the name of this thread is untrue and slanderous - it should be killed, IMHO. Paranoia never makes sense to me, especially when someone's paranoid about something no one else cares about. What also doesn't make sense to me is retail customers wanting to get something for nothing; the reason your commissions are so low is because IB is deep discount. If you need someone to pamper you and make you feel secure about your accounts, use Fidelity.
Sanjuro. I'm new on this board and for my first couple of posts, I'm afraid that I got into controversial issues including this one. I don't want to come across as an a..hole or a know-it-all. If I did, I apologize. But I work for a big outfit with a large network that is 24/7 under hackers attacks and attempted breaches. I am sensitive about these problems. One thing that I know for certain is that you cannot do anything worse than being relaxed about network and publicly accessible accounts security. Any system is only as good as its weakest link. I'm glad to hear from other users that IB is working on this. Frankly, I don't see what there is to work on. Any IT person worth his/her salt can spot the security hole here. Just remove the account owner's name, freaking address and login name and it's done. ElvisOnMargin
no time to read all this now. just a quick heads up. due to complaints, the odds are that IB will stop e-mailing statements and send a notification to clients that they should check the web site when they traded.
I'm not particularly paranoid about the Internet, but this sending of confidential data in unsecure Email is pretty lame. It's just a product of lazyness, but hopefully , this rumbling will bring some changes. Interesting tidbit about security. Been using credit cards for 20 years+. Never had a fraudulent usage. I recently get a new card from a very major bank, and within 2 weeks some clown charges stuff on the Internet with it. The kicker is, I NEVER EVEN USED THE CARD, anywhere, other than to register it online with that same banks site. So where did they get the information?
For the thread's title, I agree with you and others that is is most unfortunate. However, when I got that first email, my first reaction was "holy sh&?%!", so can sympathize with the original poster. He probably posted right after realizing the problem and he was ticked off. I may not agree with the title, but I share his concerns. As for the rest of what you wrote, where does that fit in with removing a couple of fields from an email template? Nobody here is complaining about IB's commissions or service. They are great. But how does telling people to take their business somewhere else address a security snafu? This is worse than patronizing. I hope that you're not the guy in charge of customer complaints at IB!
You probably have answered your own question Either from the bank server(s), or on the way to it (if the transmission was unsecure). Could also have happened within the postal system. Since you need to validate the card before you can use it, and the banks nowadays use caller ID and security questions to do so, it would make sense to steal the numbers off the card while in transit, but let it get to you so you can validate it. Before validation of new cards became routine, they would simply steal them off the US postal system. I had problems twice with credit card # stolen off the internet, but I don't know from where. I had to cancel them and get new ones. Wherever the numbers got stolen from, these guys probably thought that they had a secure system LOL!
Elvis, traderRX made that post almost 1 year ago. If you have been around for a while, you'd know that traderRX says whatever is on his mind. If you read his postings, you'll know that he is not an employee of IB. A few comments ..... -- you can't control what people post or how they title a thread. Most people are smart enough to know that the title is BS and that people tend to overreact when making such statements. You can roll with the punches or just ignore a thread. -- IB has been in business for quite a while and as far as I know, there have been no identity thefts or problems with someone logging into or stealing info from someone else's account. -- certain regulators require specific information in the contract note that is sent out to confirm trades. One of these is an account number (before you jump at me saying this is or is not a fact in the US. You've got to remember IB is a global product and must adapt to all regulators requests). However, the e-mail stating to look up your account may be a way around this. regulators don't respond to these questions overnight. In HK for example, we actually needed to wait until a bill was passed in order to be allowed to send out statements via e-mail. -- I've made requests about encryption or other methods in the past and they didn't get anywhere. they were thrown on a queue but other items where always higher up. With the IB discussion board on the ib website, the topic was raised and is receiving attention. The last I heard is that there will be an e-mail notification telling one to log in to see their accounts. finally, regarding thread titles, I for one am more likely to go out of my way for someone who provides constructive criticism in a courteous manner as opposed to the guy who rants and raves.
Thanks for the reply def. Yes, I realize now that this thread is old! And so is the problem I understand about regulations, but surely they don't require the login info. The account # info in the email, that's fine since it's not used for login. Scottrade does email trade confirms and they send only the account owner's name, acc number, and particulars of the transaction. I never felt bad about this. The other broker I'm with now uses the account number as login, but everything is paper confirms with them so no problems either. As for my full account activity info with my full address via email, I'm not comfortable with that at all. That stuff is going to sit unencrypted on multiple servers along the way to my email box, and in many cases on the data backups of these servers for only God knows how long. And not all of these machines are necessarily in the good Ol' US of A's. Internet data can go through some tortuous ways. I hate to throw the baby with the bath water, but on balance I'd rather log in myself and download or prints my statements from the secure IB's web site than get worried each time one of these emails gets through. So I'm glad that IB seems to go that way. In any case, your help is much appreciated. ElvisOnMargin
I like getting my daily statements by e-mail. It's very convenient. At the same time, I do not like how the e-mail message is unencrypted. I would prefer to receive encrypted e-mail messages via Digital IDs, such as those issued by Verisign (see http://www.verisign.com/products/class1/index.html) Def, do you think we can have e-mails from IB signed with Digital IDs? -- ITZ
What conceivable amount of time could this information about our account activity remain on servers along the way to our mailbox? Days, weeks, months, perhaps years?