Page 1 of 2

Treasury Direct account security discussion at Bogleheads

Posted: Sun Feb 10, 2019 10:20 am
by sophie
A very helpful series of posts from a forum member who took the trouble to send repeated letters to the Treasury Secretary to try to figure out what Treasury Direct would do if your account is hacked:

https://www.bogleheads.org/forum/viewto ... 0&t=225415

Unfortunately the answer is that there is no answer. In theory, if hackers broke into TD's system and stole your password, then used it to drain your account, TD would refuse to make you whole. In practice, I can't imagine that this would be the case, but until a test case happens there is simply no way to know.

The helpful forum member did uncover a way you could protect your account by instituting a Customer Hold and then contacting the Bureau of Fiscal Service to lift it when you want to buy or sell bonds. However that process is none too clear, plus you're only supposed to use the hold if you "believe" that your TD account credentials have been compromised. This isn't too arduous a limitation, since I can believe just about anything given the number of times my various accounts have been compromised in data breaches.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Sun Feb 10, 2019 4:17 pm
by ochotona
This is not good. Not at all. I-Bonds are cool, but I can do without them at the end of the day. I have too many accounts, would be helpful to get rid of one.

Here I am, with Schwab and Fidelity accounts that use reasonably modern continuously rotating six-digit additional security codes, and 2FA, and nice security guarantees, and there's just no excuse for putting up with TreasuryDirect's sub-standard customer service. Even if they have cool little security (::: cry :::).

Re: Treasury Direct account security discussion at Bogleheads

Posted: Mon Feb 11, 2019 10:59 pm
by jhogue
Has anyone actually lost any money from their account at Treasury Direct being hacked?

Re: Treasury Direct account security discussion at Bogleheads

Posted: Tue Feb 12, 2019 8:02 am
by pmward
Nobody has lost anything as of yet, they are just looking at the policies that TD has if it were to get hacked. It's a very poor policy that basically holds them with no accountability for reimbursement if the account was compromised by using the username and password (and usernames and passwords get compromised all the time...). The only way that TD has accountability in their policies is if their servers got hacked directly. And even then, there's some grey area that they would likely try to fight in court.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Tue Feb 12, 2019 9:46 am
by pugchief
I'm not sure why any of this surprises anyone. The government never holds itself to the same standards it imposes on the private sector. You would never see such ridiculous policies from Vanguard, Fidelity, Schwab, or any other bank or broker.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Feb 13, 2019 7:24 am
by jhogue
pug,
I am surprised you would say that after your adventures with the banksters at WaMu and JP Morgan Chase.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Feb 13, 2019 9:57 am
by ochotona
I got robbed by Schwab's yield Plus fund during the GFC, but at least they made me partially whole after the blow-up.

http://articles.latimes.com/2011/jan/12 ... c-20110112

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Feb 13, 2019 10:08 am
by pugchief
jhogue wrote:
Wed Feb 13, 2019 7:24 am
pug,
I am surprised you would say that after your adventures with the banksters at WaMu and JP Morgan Chase.
Two totally different scenarios. Never lost any money from either institution. Wamu went bankrupt in 2008/2009, Chase took over the account without losing a beat. The funds just transfered in full. The only irritation was that Chase promised not to charge certain fees that were free at Wamu, but ended up only grandfathering for a year. Although that was lame, it was not unexpected. I predicted it would happen on the day Chase took over. And they did give 60 days warning before the fees started. I simply moved my business account elsewhere.

How is that on par with not making good on a hacked account at TDA?

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Feb 13, 2019 3:57 pm
by jhogue
As far as I can tell, no one has lost so much as a dime from a hacked Treasury Direct account.

The historical record of the U.S. Treasury is simple and clear: in roughly two hundred years of operation, it has never failed to return principal and interest on its bonds. The secondary market in Treasury bonds is the largest, most liquid, and most global in the world.

The history of banking in this country is also simple and clear: banks (and brokerages too) have repeatedly collapsed during or after market crashes. As Harry Browne noted, the creation of the FDIC curtailed bank runs, but did not stop individual bank failures. In fact, during the last market crash in 2008-2009, the U.S. Treasury bailed out FDIC to the tune of $100 billion. That action alone tells you all you just about all you need to know about who is the real lender of last resort in the global economy.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Feb 13, 2019 4:54 pm
by pugchief
jhogue wrote:
Wed Feb 13, 2019 3:57 pm
As far as I can tell, no one has lost so much as a dime from a hacked Treasury Direct account.
And you know this how? Anecdotal, or do you have a link to something where someone gives testimonial that they were made whole after a hack?
jhogue wrote:
Wed Feb 13, 2019 3:57 pm
The historical record of the U.S. Treasury is simple and clear: in roughly two hundred years of operation, it has never failed to return principal and interest on its bonds. The secondary market in Treasury bonds is the largest, most liquid, and most global in the world.

The history of banking in this country is also simple and clear: banks (and brokerages too) have repeatedly collapsed during or after market crashes. As Harry Browne noted, the creation of the FDIC curtailed bank runs, but did not stop individual bank failures. In fact, during the last market crash in 2008-2009, the U.S. Treasury bailed out FDIC to the tune of $100 billion. That action alone tells you all you just about all you need to know about who is the real lender of last resort in the global economy.
That is all fine and dandy, except it is irrelevant to the concern of an account hack.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Feb 13, 2019 6:23 pm
by ochotona
jhogue wrote:
Wed Feb 13, 2019 3:57 pm
The historical record of the U.S. Treasury is simple and clear: in roughly two hundred years of operation, it has never failed to return principal and interest on its bonds. The secondary market in Treasury bonds is the largest, most liquid, and most global in the world.
I only wish I could transfer my I-Bonds to a brokerage account!

Re: Treasury Direct account security discussion at Bogleheads

Posted: Thu Feb 14, 2019 3:10 pm
by ochotona
If you really want to own a security with a TIPS feature, I think it would be something like iShares 0-5 Year TIPS Bond ETF (STIP), yields 2.42% now.