The hottest news about IT security in recent days is probably the online brokerage frauds happened at E*Trade and TD Ameritrade. Customer accounts of these 2 top online brokers had been hacked in Eastern Europe and Asia. US SEC found that the thieves used the customer money in a "pump-and-dump" scheme by pushing up the prices of thin-traded stocks and then sold them for a profit.
E*Trade disclosed that it had spent US$18m to compensate customers suffered from the unauthorized trades, while TD Ameritrade did not disclose the compensation amount.
The above online fraud doesn't result in misappropriation of customer money, but customers would be subject to a high legal risk if their accounts are compromised by unauthorized illegal trading or even money laundering.
Another type of pump-and-dump scams recently highlighted again by NASD involves the recommendation of a company's stock through false and misleading statements (the pump) in an email. Misled investors then buy the stock, creating demand that often causes the stock's price to soar. Eventually the fraudsters sell off their shares at the artificially inflated price (the dump), leaving the investors they duped with a worthless stock.
In HK, unauthorized transactions via computer hacking is less widespread. Usually they are manually arranged by "internal thieves" (i.e. staff working within the brokerage firm). Under the S&F (Insurance) Rules, the risk arising out of loss of client assets is covered. However, there is no protection against the legal risk arising from misuse or abuse of client account information!
No comments:
Post a Comment