Respectfully, how is this any different than most online brokerages (or most anything online)? No one - that I know of - offers a "no questions asked" protection.Mel Lindauer wrote: ↑Wed Mar 29, 2023 6:08 pm 1. Putting all your eggs in one basket (as with TD), you're taking on risk that can be diversified away by having some paper I Bonds if/when the TD site is down or you're locked out and trying to get back in. And, having both options, if you can't find a bank to redeem the paper ones, you still have TD to fall back on. Nice to have choices.
2. Actually, while you and others here seem to focus on the low odds of TD getting hacked, TD is worried about someone cleaning out your TD account using YOUR login info, so they specifically state that they won't make you whole if that happens. So folks need to focus on protecting that avenue (possibly even more) as much as worrying about TD being hacked since most posts on this topic (like yours) seem to focus on the low odds of TD getting hacked and don't even mention the other way.
Should I withdraw a pile of cash to keep in my house vs. keeping it someplace like Fidelity? Do you split up your investments, keeping some at Vanguard, some at Fidelity, some at Schwab - just to avoid "putting lots of your eggs" in the same basket?
Using Fidelity as an example, looking through their "customer protection guarantee" [below - emphasis mine], I bet you lots of people might not "actually" have the protection they think. Afterall, many people recommend "not regularly looking at" their accounts, don't use unique usernames or passwords, don't report lost/stolen devices to Fidelity, and might even "share" their login details with others. Even if their username and password was stolen by a phishing attack, the attacker could argue that you "shared" your password with them - and how could you prove otherwise. Thus, Fidelity could claim that anyone who doesn't follow every item correctly isn't covered. I've never seen a report or incident where that was the case, but I mean they could right?
By the same view, I've never heard of anyone having an issue with someone hacking into their Treasury Direct account and losing money. That isn't to say it's not possible. Nor to say that Treasury Direct might decide to just say "too bad".
For what its worth, this is why I actively monitor all of my accounts - and use aggregators like Mint to do so - even though one could argue doing so violates the protections since that's arguably "sharing" and/or "authorizing" someone else. The reality is I can regularly check something like Mint and within a few seconds validate no unauthorized transactions happened across all of my monitored accounts. And if there is an issue, I'll see it within days (or hours as if it's a large amount it will set off my alerts) - which should be enough time to reach out and take action. (By contrast - there is no way I'd be able to check my accounts - especially ones like TD with the horrible virtual keyboard - "regularly", meaning I'd actually be "less protected" if I didn't use an aggregator - as I'm less likely to notice suspect/unauthorized activity - and more likely to "miss my window" to report those events.)
Taking that one step further, if someone hacked my TD account, they could sell my existing bonds - and the cash would show up in my linked bank account. They'd have to compromise my bank account in order to get the money anywhere else where they could use it. And when I see those notices, even if its too late for TD to do anything, I can contact my back and report the transaction to move the money elsewhere as unauthorized/fraudulent, much the same as an unauthorized debit charge or ACH pull. And if someone tried to add a new "linked" account - I'd see those notices too... So, they'd have to wait until I'm incapacitated or traveling abroad in an area without internet where I wouldn't see those notices. Again, this isn't a "new" or "unique" situation with TD - that's the reality for pretty much all of our online accounts.
https://www.fidelity.com/security/custo ... -guarantee
To be clear, I get the "benefits" of paper bonds. To me, it's amazing that they'll replace them, for effectively any reason, no questions asked (OK, you gotta fill out the right forms/paperwork). I get that's better than what TD offers, better than what Fidelity offers, better than probably every online brokerage offers. But that doesn't change that I need to use an online brokerage, and if I need/want more than $5k a year in I Bonds I need to use TD.What actions must I take to be eligible?
To be eligible for coverage under the Customer Protection Guarantee, you must frequently check your account information and promptly review correspondence, account statements, confirmations, and alerts as they are made available to you, but no later than 30 days after that information is posted to your account or delivered to you. You must immediately contact and report to Fidelity by calling 800-544-6666 if you suspect any unauthorized account activity, errors, or discrepancies, if you lose the device you normally use to contact us, or if you have not received your account statements. You must also maintain up-to-date contact information with us so that you can receive timely account communications and to ensure that we can contact you in case of suspected unauthorized activity.
What must I do to protect my accounts?
Use a unique username and password when setting up online credentials. Change your password and notify us immediately if you become aware that you are the victim of identity theft. Actively monitor your accounts and never share your account access information, including username, password, and answers to security questions, with anyone, or grant someone else access to your account. You should also never grant remote access to your computer or readback a one-time security password unless you have initiated the service call to a phone number that you have verified to be valid. Fidelity will never contact you to ask for this information or to gain access to your computer. You should visit our security https://www.fidelity.com/security or on NetBenefits to learn more about ways to protect yourself.
What are examples of when I won't be covered?
If you grant access or authority to, or share your Fidelity account access credentials or information with, any persons or entities, their activity will be considered authorized by you and not covered by the Customer Protection Guarantee. Losses of cash, securities, or digital assets transferred to outside accounts that are beneficially owned by you are not covered by the Customer Protection Guarantee. Also not covered is any activity by an employer/plan administrator, financial intermediary, or third-party who is authorized by you to access your data (or who received your data as a result of that access), or with whom you've shared or provided access to your username, password, or account number, or from malware or a breach of security that affects the systems of any of those parties. If you direct us to share account access information about you or your accounts with any third-party, the Customer Protection Guarantee does not cover any losses or activity resulting from the sharing of that information, including any misuse or theft of that information from a third-party.