Information security is a hot topic these days. The internet has given rise to a new world of convenience in shopping, banking and investing. Unfortunately, it has also provided another avenue for criminals to attempt sophisticated new types of fraud. The stakes are high, especially for financial services firms.
To learn more about how Schwab protects client information and assets, we sat down for a discussion with Jim McGuire, Executive Vice President and Chief Information Officer. In his role, Jim oversees Schwab’s technology innovation, development, infrastructure and operations.
Q: Information security is a key priority for a financial services firm like Schwab. How does the company safeguard client data?
Jim McGuire: Frankly, we try to keep the details of our methodology confidential to make it more difficult for would-be criminals to get a foothold. What I can tell you is that we have a strong culture of risk management at Schwab, and we protect client accounts in multiple ways. We maintain a multifaceted security program that combines complementary tools, controls and technologies to protect data. We continuously monitor our systems, and we work collaboratively with government agencies, law enforcement and other financial services firms to address potential threats.
All of the channels through which clients access Schwab are protected. While we have sophisticated procedures in place to protect client security online, it doesn’t end there. When you call us, our representatives ask for several pieces of identifying information before you can conduct transactions. When you visit a branch, we ask you for a photo ID to verify your identity.
Q: Can you describe the role technology plays in protecting client information?
JM: We use advanced encryption technology to secure communications on schwab.com. When clients access their accounts, our sites deploy multilayered protections that go well beyond login name and password. If we suspect unauthorized account activity, we ask for additional authentication before permitting access to an account. We also limit the number of unsuccessful attempts at logging in to an account. Exceeding this limit triggers the need for additional authentication and a password change.
Our website also uses Extended Validation Certificates to help clients verify that they are accessing our authentic site and not a “spoofed” site masquerading as schwab.com. All you have to do is look for the green bar in front of the web address at the top of your browser to confirm that you’re on Schwab’s official, secure site. The “https://” and padlock icon in the address bar also confirm you are on our secure site.
Automated alerts and other actions play a behind-the-scenes role in our authentication and monitoring processes. We use pattern analysis and other advanced analytical systems to detect suspicious account activity and prevent unauthorized access. If we detect an unauthorized login, we lock the account and require either a phone call or a visit to a local branch.
Q: What kinds of operational controls do you have in place?
JM: We limit the number of employees who have access to clients’ personal information, and all employees who handle sensitive information are trained to maintain privacy and security. We also enforce internal authentication measures to protect against the potential for “social engineering.” That’s when a fraudster masquerading as a client or another employee tries to trick a company’s employees into inadvertently breaking normal security procedures and divulging personal information.
When sensitive transactions occur in a client’s account—such as money transfers, securities sales or purchases, or changes to personal information—we send an alert to the client.
Schwab’s fraud teams also monitor activity looking for suspicious behavior. Certain criteria cause various transactions to be reviewed by highly trained specialists. This allows us to spot attempted intrusions and act on them quickly.
Q: Are there steps clients should take to protect themselves?
JM: We believe security is a partnership between us and our clients. We work hard to do our part in keeping client information safe, and we provide the Schwab Security Guarantee to make sure our clients have peace of mind about the security of their information at Schwab. The Schwab Security Guarantee simply states that Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity.
But there are some important steps clients should take, including updating operating systems on all their devices, practicing good password discipline and guarding against attempts to “phish” their personal information.
What you can do next
While Schwab does much of the work to keep account information secure, taking some basic, preventive steps can help. Many involve common sense, like routinely checking your monthly statements to make sure reported account activity is legitimate. You should also:
- Keep your operating systems and security software up to date. Ensure you are using the latest versions of your web browser and operating system. Install anti-virus software and anti-spyware software on all technology platforms.
- Be wary when you aren’t using your own equipment. Take extra care when using public computers, and use only wireless networks you trust or that are protected.
- Be alert to potential “phishing” scams. These are efforts by cybercriminals to gain access to your private information or electronic files by sending you an email that looks like it came from a trusted source, usually by asking you to click on a link embedded in the message. The best way to avoid phishing scams is not to click on links in potentially suspicious emails.
- Verify you’re on a secure website. When you log in to schwab.com, check the address bar for site validity.
- Create a unique password for each financial institution you do business with. And be sure to change it every six months. If you think your password has been compromised, you should change it to a new password from a safe computer and contact us immediately.
- Consider adding a verbal password to your Schwab account. This provides an extra layer of security when you call us. Also, make it a practice to never share your passwords.
- Consider getting a free security token. This can make every login even more secure. To order a token, just call us at 877-566-1823.