Wow, I am (was?) an avid IB supporter. I had no idea this was going on, until I just received an email earlier today telling me about this. In a most unbusinesslike fashion, the emial said mandatory, and then on the sign up page it gave an opt out choice. How the hell is a client supposed trust a broker who can't get simple communication straight? I'm most disappointed.
Here's the story: We will REQUIRE an affirmative action of some kind. Either: (1) subscribe to one of our security systems (there will be 3 variants) (2) select opt-out. If the client opts out, the burden and risk of any compromise to your account, including but not limited to unauthorized withdrawals, unauthorized trading, personal information changes, etc, will be the full responsibility of the client. In the event of any loss or damage, IB will investigate and assist the client and/or authorities in any possible way. But we will NOT indemnify any loss or other damage. There has been enough said about security issues in a thousand forums. The SEC and government have published statements on the recent fraud "fad", pump and dump in penny stocks using other people money. Etrade/Ameritrade have reported losses in the tens of millions of dollars due to this activity. One smaller broker almost went out of business. Do you think these losses didn't just get passed to the client population as a whole in the form of higher commissions? It is borderline irresponsible in this day and age to not have the best possible security. It would be like living in a nice apartment in the South Bronx without a lock on your front door. It doesn't take much to have an unhappy experience. But clients are ultimately free to take the risk should they wish. It is a form of self-insurance, one could argue. It is in IB's (and clients') interest to have accounts in the most secure system possible. Accordingly, we have stressed "MANDATORY" so that people get on board as quickly as possible. The fact is: security is inherently inconvenient (entering you house/apartment is easier also for the owner when he doesn't have to find his keys); we dont want our clients to adopt convenience over safety. But if a client wants to opt-out, we will present him with a waiver/disclaimer that will transfer full responsibility to him/her and the account will be configured accordingly. One point that may not be clear: the losses are 99% of the time due to a failure on the client's side regarding protection of his login data. I think most clients BELIEVE they are appropriately cautious, but the reality is seemingly normal everyday use in our mobile computing environment can compromise your personal information including password data. IB wants to offer our clients the lowest possible commissions. In order to do this, we need to keep costs as low as possible which includes losses due to fraud. To date, we have been quite accommodating when clients report a problem (unless their is evidence of negligence on the client's part) because we have not had a full security model in place (i.e. login authentication via a security device). But we do not believe it is correct to spread the losses of one client who values convenience to others who have taken the steps to protect their accounts as best as possible. That was a long winded answer. But I hope it clarifies our reasoning. One last point: therewill be special cases for automated users (using APIs, for example). we have a special solution for these users so don't panic. Anyone who wants more information should write to tac@interactivebrokers.com or, better, use the Inquiry/ticket system inside account management.
Watch your hyperbole. Even after this change, IB in no way has "the best possible security". As you said, security is always a tradeoff against convienence and cost. The "most secure system possible" would be a heck of lot more secure then what is being proposed here. Not saying what IB is doing is bad, just don't overstate the level of security being added.
My bank informed me they will implement the same gizmo from July the 1st to access online banking. Gee just when I thought I have to much stuff to carry in my pockets already That's the future guys, you ''d better adapt and stop whining
Sounds like today IB is bearing the expenses for client damage resulted from unauthorized access? Let acquaint ourselves with operative Customer Agreement: Comments? Please give us a link to these SEC and government statements. To date I was aware of a single case registered by SEC of Estonian citizen who presumably hacked several (4?) brokerage accounts in his pump and dump fraud . Again, could you please provide some links to official reports, not to speculations on trading forums? Why so if Customer Agreement already disclaimed IB's responsibility for losses from unauthorized access? Do you imply that you're accepting this responsibility henceforth?
Please feel free to Google to get the references. You will find the specific announcements by Etrade and Ameritrade (and Fidelity, Merrill, Schwab, Scottrade, etc) by looking for their press releases. The fault is not with the firms, by the way. These firms make the news because they are big, but the compromises comes from client side. You will find the SEC publications by going to their web site or again, using the magic of google, somewhere on the internet. It was carried in many public newspapers/newsfeeds. Try "hacked brokerage accounts" or "pump and dump" to get a long list of instances. Our agreement defines what we (and the client) MUST do. Your citation appropriately defines these obligations. Our actual decision making is based on what we CHOOSE to do within the boundaries of the agreement. Our decision is case-by-case and is not precedent creating. If you have a security device then the likelihood of a problem drops 99+% (there are no reported instances of account intrusions with modern security device on the account so maybe even 99.99999999999%). That is much smarter path to safety than trying to extract/imply a contractual or policy change.
IBj, for example, one of the firms that you mentioned whose accounts were hacked, i.e., E-trade, even after having security device, gives full unauthorized access/fraud protection. IB's plan to all burden and risk of any compromise to the client's account is unfortunate.
Thank you. Looked through Etrade press releases on their web site for period Sep 2006 - May 2007. Nothing found. I said there was single documented case. I was wrong. There are 2 (two) SEC publications concerning two separate price manipulations combined with presumable account hacking: http://sec.gov/news/press/2006/2006-212.htm and http://sec.gov/news/press/2007/2007-33.htm It is good. Will you accept responsibility for unauthorized access by excluding from Customer Agreement cited above disclamer?
I think what I read is that IB will be more accomodating if the security device is in place, but it is still discretionary. So I don't see the cause of the grievance -- if you think it's nonsense... and correctly observe that the minimal requirement in the agreement is no make-whole arrangement... then just opt out. Status quo ante. I've already stated that even with warranties, they are subject to interpretation, dispute arbitration, etc. (time value lost), I would still prefer the security device. But not everyone has to agree with me.