January 27, 2020
Banks, Bitcoin, bond funds: Where is your money safe in an era of cyberattacks?
For almost a decade, John Luksic used a Bitcoin exchange to invest money in cryptocurrencies, trying to build a nest egg while caring for his parents in Saginaw, Michigan.
Then just days after Christmas, nearly $90,000 worth of Bitcoin was emptied from the 60-year-old's account by cybercrooks, he says.
"Imagine waking up one day and almost everything you have is gone," says Luksic, who previously worked in sales. "How can I lose everything I own?" He hasn't been made whole and, after talking with investigators, is pessimistic about ever recovering the money.
Luksic says he was a victim of SIM swapping, a cybersecurity attack where criminals steal a person's phone number.
Knowing where your money has guaranteed protection and where it doesn't is complicated in today's digital age, a time when Americans keep savings and investments in many places beyond just banks and pension funds.
If money is stolen from a crypto account, the way Luksic's was, recouping the funds is more difficult than it would be if it were snatched from a traditional bank account, according to Philip Martin, chief information security officer of Coinbase, the Bitcoin exchange where Luksic kept his money.
"Once that money is off our platform, if it goes to an infrastructure that we can work with—we will," Martin says, referring to other cryptocurrency exchanges. But oftentimes, he cautions, "law enforcement ends up being better suited to track criminals and make customers whole."
The FBI is the lead federal agency for investigating cyberattacks that involve significant losses from fraud. The FBI said it "can't confirm or deny" that there's an investigation into Luksic's case.
Luksic says he's spoken with an attorney and is seeking to file a lawsuit.
A Wisconsin woman recently ran into a similar issue when $72,000 was stolen from her 401(k) account by cybercrooks. She eventually got it back, but the mutual fund company that held her money wasn't immediately able to guarantee that she'd ever see it again, a shock to her.
If a checking or savings account is hacked, banks typically cover those losses. Financial institutions can buy insurance to protect against cyberfraud. Still, savers may have to jump through some hoops to get their money back. A bank could claim that a customer failed to take proper precautions, giving out their password or clicking on a phishing email, for example, and they may not be reimbursed.
"If you are victimized through cybertheft by no fault of your own, most large banks will make you whole," says Greg McBride, chief financial analyst at Bankrate.com.
As more cybertheft happens, "we're likely going to see something similar to credit cards, where financial institutions are going to need to have a policy in place that assures customers are protected from fraudulent activity," he says, referring to banking and retirement accounts like the one belonging to the Wisconsin woman.
To prevent theft, cybersecurity professionals urge customers to create strong passwords, exercise caution with unsecured public Wi-Fi, maintain anti-virus software and monitor bank and investment accounts closely.If a third party still gains access to an account, contact the bank and local law enforcement, who have jurisdiction over this type of theft, experts advise.
The FDIC, or the Federal Deposit Insurance Corp., was created during the Great Depression to protect bank accounts. It only insures deposits in banks. It doesn't insure investments. And there's a catch: The FDIC is required to make an account holders' money available only if an insured institution fails.
FDIC insurance covers:
- Checking accounts
- Savings accounts
- Money market deposit accounts
- Certificates of deposit
- Official items issued by a bank (such as cashier's checks or money orders)
- Individual retirement accounts, or IRAs
All of these types of accounts generally are insured by the FDIC up to the legal limit of $250,000. Four categories are insured separately, including individual, joint, self-directed retirement deposit accounts and trusts for beneficiaries.
What's not insured?
The FDIC, however, doesn't insure investments like mutual funds, annuities, stocks, bonds or securities that banks may offer. Financial institutions are supposed to disclose that non-deposit items like investments aren't insured, according to the FDIC.
The FDIC doesn't insure these non-deposit investments:
- Mutual funds
- Government securities
- Municipal securities
- U.S. Treasury securities
- Contents of safe-deposit boxes
The Securities Investor Protection Corporation, or SIPC, protects customers in the event that a brokerage firm financially fails. There's a protection limit of $500,000, which includes a $250,000 limit for cash.
Cryptocurrencies like Bitcoin, Litecoin and Ethereum also aren't insured by the FDIC.
Bitcoin exchanges like Coinbase have insurance that covers loss or theft from a hack on their entire system, but not hacks on individual accounts. Some Coinbase funds that are held as dollars in bank accounts are also insured by the FDIC.
©2020 USA Today
Distributed by Tribune Content Agency, LLC.