The risk of identity theft due from hackers’ attacks is a major problem for retirement plan sponsors and participants. According to a Javelin 2019 survey, 14.4 million participants became victims of identity theft in 2018. Every plan sponsor should take care of this problem beforehand to avoid a serious risk to their plan participants.
In most cases, hackers focus on personal information, but stealing money from participants’ retirement accounts has become more common of late. Interestingly retirement plan providers are not willing to reimburse victims of fraud, and even refuse requests if it proves that the client used insufficient security measures, you still need to look closely at your plan participants’ education, and remember that participant education is your responsibility as a fiduciary of the plan.
401(k) plans are the most targeted area by hackers because they hold much more money than savings or individual retirement accounts. And it’s easier to get away unnoticed after a big plan data is compromised. To avoid potential loss of information, you need to first identify typical reasons why identity theft occurs in retirement plans, in the first place.
Typical Reasons of Identity Theft Occurring in Retirement Plans:
1) Unauthorized request for distribution or loan. All participants’ sensitive data, including social security number, date of birth and address may be stolen. Moreover, hackers may enter a participant’s account and change the address. Which means if they request a check (not a ACH), it will be sent to the fake address for the thieves to get the participant’s money. Hackers, now, are very sophisticated, and will look for every chance to get a quick payout, and in most cases they will be working offshore, where they are hard to locate and identify.
2) Social engineering and phone calls on behalf of a plan participant. In today’s hectic work environment, a busy HR staff member might miss an important detail or fail to check the bank information, for example for an ACH deposit request, due to the lack of time or attention. Today’s thieves are pushing on HR’s, in order to hurry up the process.
3) Lack of protective measures for plan participants’ accounts. Some hackers’ malware can re-route a victim from his investment account login page to the hacker’s fake website to steal the user’s login credentials. In this case 2 or even 3 factor authentication should not be neglected.
These are the main reasons why identity theft occurs in 401(k) plans. However there are still a number of measures a plan sponsor can adopt in order to protect their participants.
Steps to Protect Retirement Plan Participants from Potential Theft:
1) Check security protocols, make sure multi factor authentication (MFA) is in place. This rule is essential and should never be neglected.
2) Avoid paper statements or bring them down to a minimum. Remember that mailed statements can be easily stolen and used for acquiring information about balances and some vendor information.
3) Implement additional security steps, such as additional email notifications or phone calls to the retirement account holder to make sure the request has come from a real person.
4) Address or other personal data change is a red flag. Many thefts start with faking a client’s physical address or changing some personal information. All changes should be verified by the vendor or plan sponsor.
5) Proper Participant Education. All 401(k) plan participants should be informed on a regular basis about all security measures and updates.
Protection from potential identity or financial theft is a hugely important issue, especially for large retirement plans because of a lot of claims that may be processed in a relatively short period of time. Hence, the bigger the plan is, the more attention should be paid to the security measures of the participant’s accounts.
In order to address these issues, all security practices should be closely reviewed and discussed with administrators and plan participants. For fiduciaries and financial advisors working with 401(k) plans, it is essential to check all vulnerabilities of their current retirement plan and provide new suggestions for improving it.
RiXtrema provides services that can help, such as 401kFiduciaryOptimizer, you can check how well your current plan is built and try to optimize it in terms of cost-efficiency and performance. To get some more information, just click on this link and request a demo.