How online fraud is permeating our investment safety nets… with alarming success

by R. Dale Hall, FSA, MAAA, CERA, CFA
Mr. Hall is Managing Director of Research for the Society of Actuaries Research Institute (SOA), managing research projects and experience studies across the SOA’s wide variety of actuarial practice areas and markets and coordinating strategic research partnerships.Cybersecurity threats are on the rise worldwide. According to the 16th Survey of Emerging Risks Key Findings, a report released in January 2023 by The Society of Actuaries (SOA) and the Casualty Actuarial Society (CAS), cyber/network was identified as a top five current and emerging risk. Identity theft and fraud have become prevalent cybersecurity issues, significantly impacting retirement plans and their participants, including retirees. A 2021 FBI Elder Fraud Report cites that the U.S. experienced a 400% increase in internet crime targeted toward senior citizens in the past five years.
What are the different types of internet crimes and how can retirees protect themselves?
Identity Theft as Cybercrime
Identity theft occurs when someone steals personal information to commit fraud. Today, that kind of theft often involves cyber-attacks, such as social engineering, phishing and malware. While each of these tactics continue to evolve, there are steps both retirement plan recordkeepers and retirees can take to prevent identity theft and fraud.
The SOA and LIMRA interviewed key personnel at organizations involved with managing and/or providing retirement plans (i.e., “recordkeepers”). Researchers asked about their cyber-risk experiences, including identity theft and fraud, and detailed their prevention efforts. Results of the study are available in Keeping Retirement Plans Secure in an Insecure World.
The interview responses revealed that the recordkeepers had witnessed a change in the nature of fraud. For instance, as more retirement plan managers offer online services, fraudsters have moved away from contacting call centers to now gaining access to online accounts where they can avoid talking to people and facing scrutiny.
Furthermore, the study found that fraudsters tend to target retirement plans of the more affluent, such as executives. These plans tend to be more valuable, and their personal information is usually publicly available online, making identity theft and subsequent fraud easier. This kind of activity is often called “spearphishing” or “whaling.”
Recordkeepers also see cyber criminals targeting the healthcare sector, particularly doctors. Outside of healthcare, manufacturing, education and retail retirement plans are common targets.
Ever-Evolving Security Measures
Interviews with key personnel reveal that retirement plan managers have implemented efforts to increase security as they create more online services for customer convenience. At the same time, they strive to protect customers without being overly burdensome.
Below are some of the steps recordkeepers have implemented thus far to protect retirement plans:
- Multifactor Authentication: This is a method that requires the user to provide two or more verification factors to gain access – a few examples of this include providing a and then accepting the sign-in through a pin sent to your phone or utilizing a biometric, such as fingerprints.
- Rules for distribution: These transactions elicit the most stringent controls
- Behind-the-scenes monitoring: This can include proactive programming and analytics programs to detect red flags.
- Third-Party vendors: Retirement plans often use companies that offer fraud prevention services, such as validating calls from customers.
Retirement plan managers also consider identity theft prevention to be a team effort. They ask both sponsors and participants to do their part to protect themselves and provide suggestions and education to enable them to do so.
Simple Steps for Retirees to Keep Their Assets Safe
Unfortunately, law enforcement and retirement plan managers have found that older adults continue to be frequent targets of identity theft and fraud. While institutions, such as retirement plan recordkeepers, are constantly monitoring and evolving their safeguards, older adults should also join in the efforts to protect themselves.
Retirement plan managers recommend plan participants, including retirees, to create online accounts for their plans, which includes setting up multi-factor identification, answering security questions and providing contact information.
Recordkeepers also recommend reviewing quarterly statements or signing onto accounts regularly to spot unusual activity.
The SOA Late-in-Life Decisions Guide offers additional asset protection tips. For instance, older adults can enlist the help of friends, family, caregivers and financial professionals to help protect them from identity theft. This support network should be aware of the early signs of fraud, such as unusual levels of spending or giving and an unwillingness or inability to explain large withdrawals.
The Late-in-Life Decisions Guide also shares the following steps suggested by the Consumer Protection Financial Bureau:
- Organize financial documents so they are secure but easy to find
- Share emergency contacts with financial professionals
- Have a durable financial power of attorney
- Speak up if something doesn’t seem right
Concerns for the Future
Experts expect criminal organizations to grow more sophisticated in using personal information for fraudulent activities.
Additionally, as online services proliferate to provide more convenience, cybersecurity measures will have to evolve to make those services safe.
Retirement plan managers and providers recognize the need to remain vigilant as fraudsters’ techniques will probably evolve. If consumers, including retirees, take proactive steps to protect themselves, potential fraudsters can be stopped.