Scottrade Bank Bank account or service department,
Checking account Deposits and withdrawals California
To whom this may concern, I am writing to the CFPB in attempts to resolve an ongoing dispute between myself and Scottrade Bank. Briefly, my Scottrade Bank was hacked because of poor security and data handling policies and Scottrade Bank has refused to honor their Online Security Guarantee listed here : https : //www.scottrade.com/documents/pdf/osc.pdfI am specifically writing in to better understand Scottrade Bank 's policies on examining fraud that may have been a result of a combined phishing and remote access tool ( " - '' ) hack. For background, at the time of the hack my laptops were security with antivirus and personal information was never shared. I always took security precautions to keep my personal information safe. However, Scottrade Bank did not give me the same courtesy and at one point instructed me to send personal information over an insecure email server.
various emails in my inbox showed that a number of phishing attempts were made and although anti-virus was installed it is very easy to " crypt '' or " encode '' a virus to be fully undetectable. Indeed, at the time of the hacking most anti-virus software was unable to detect a very common and maliciously used version of - which as the FBI had previously announced has been used in numerous financial account hacks. It is clear that the use of a - in combination with the information Scottrade Bank leaked insecure emails and or left insecure via database vulnerabilities resulted in the hacking or at least contributed to the hacking of my Scottrade Bank account. It is worth noting that - Bank did not flag any of the enormously unusual transactions accumulating to over $800000.00 and suspicious even though they were unequivocally out of the accounts normal behavioral patters and not within the limits of the customer consider the - information, such as salary, debt, and profession submitted to - Bank. I am writing to - Bank to better understand how - Bank defends against ubiquitous RAT viruses commonly used in financial account takeovers. In the instance I described above, - Bank even refused to analyze my computer despite there being signs of virus activity. Furthermore, - Bank internally and externally recognizes the existence of RATs and has been warned of the potential of illicit account takeovers via RATs through various financial regulatory briefings and financial cooperation events. Presumably, given the fair and ample warning - Bank received about RATs I am curious as to why - Bank still relies on a " Multi-Factor '' and not " out of band '' authentication techniques that have no way of distinguishing or fail to distinguish between legitimate customer behavior and fraudulent account takeovers. In this case - Bank relies on information given from a - security tool known as " - - Factor Authentication '', this tool provides no ability to distinguish between a RAT and a legitimate customer because it only logs computer information and relies on insecure plain-text " secondary questions '' which are by default remembered within the browser history of a computer, such that a computer infected with a RAT gives a hacker all of the information needed to infiltrate an online account. As a result this is a failed layer of security and it gets worse. - has no " behavioral '' red flags that indicate whether a transaction might be suspicious or not. For example, in the instance above, the account was hacked and multiple $200000.00 ACH transfer were initiated ...
Scottrade Bank customer in California
Nov 03, 2015
* Source: CFPB Complaint Database
Scottrade Bank response to complaint:
Closed
Submit a complaint with the Consumer Financial Protection Bureau today
File ComplaintLoading similar complaints
{{x.COMPANY}} {{x.ISSUE}} {{X.SUB_ISSUE}} {{x.COMPLAINT_WHAT_HAPPENED | preview}}... |