Your estate plan isn’t complete without accounting for all your digital assets: from bank accounts and investments to even your Facebook page. Here are five steps to get you started. Getty Images An estate plan is a cornerstone of any comprehensive financial strategy. On a practical level, it can […]
Using one of the popular personal finance apps intended to help you manage your money requires a step that causes some people to pause: when the app or site asks you for the passwords to your bank accounts and credit cards.
How safe is it really to turn over the password to the Bank of You? Aren’t we all constantly advised to do just the opposite, as in, don’t ever give anyone your password to anything or you will be inviting digital death and destruction?
We live in an era of data breaches, identity theft and online fraud. Heck, we’ve even cautioned against posting something as innocuous as your mother’s maiden name on Facebook because you’d be giving away the answer to a popular bank security question.
But platform developers and managers of these personal finance apps say they need your confidential information in order to help you manage your money. They promise they can find ways to reduce your bills, help you pay off debt, sock more away in savings, and learn how to invest wisely. Plus, they promise to protect your private data with multiple layers of encryption and security best practices.
Online security experts have strong thoughts about the wisdom of giving out your personal security information to third parties. It’s a game of “who do you trust?” they say. And, as with every online platform we use, it’s a matter of balancing the risk you’re taking against the potential reward.
And yes, there is undeniably a risk.
Find the sweet spot.
If a platform is claiming it is unhackable, well, just run, said Stephanie Carruthers, a “white hat” or ethical hacker known as Snow, whose clients include Fortune 100 companies as well as startups. Nothing is unhackable, she said.
While Snow recommends against any money-management platform that asks for your security information, she told HuffPost that “most of these apps have value and can be beneficial.”
The trick is to find the sweet spot, where the benefit justifies the risk. Carruthers suggested reading an app’s terms of service agreement to know how the information you provide will be used and the responsibility of the data collector. In other words, if the information you provide is compromised, what risk is there to you and your money?
Ilian Georgiev is a co-founder of HiCharlie, a relative newcomer to the personal finance management-by-app niche. He compares using his platform to the level of trust we already show when we shop on Amazon or anywhere else online. “Each time you hit the order button and implicitly believe that what you ordered will actually be delivered, you are showing trust,” he said.
For a business like his, Georgiev told HuffPost, a security breach would be the kiss of death ― an end to the company. Financial management platforms use multi-level security protection steps, he said, because to do otherwise would flirt with disaster.
So when you give HiCharlie your bank information, no live person ever actually sees it, he said. The service cannot move your money or transfer it out of your control to another account. The real-world equivalent, he said, is that someone gets into your trash can and finds a bank statement that doesn’t have your name on it. They would see a transaction record, but not know whose it is.
Georgiev said that a user’s bank credentials (e.g., username and password) never go through HiCharlie’s system, which only gets a list of a user’s transactions that is stored using bank-level 256-bit end-to-end encryption, in anonymized encrypted databases, with very strict access controls.
When you enter your bank credentials, you are actually doing so on a form provided by a third-party bank data aggregator called Plaid. It’s a system used by most personal finance apps, like Venmo, Robinhood and Acorns. Plaid, in turn, is trusted by a long list of banks and credit unions. HiCharlie never sees your bank credentials; Plaid does. HiCharlie simply gets bank transaction logs from Plaid, Georgiev said.
But some apps do store user credentials. Acorns, which rounds up your spending transactions to the nearest dollar and banks the difference for you, does get permissions to move money on behalf of the customer.
Still, trust is hard, Georgiev acknowledged. He and his co-founders posted their photos on HiCharlie, as well as the names of the investors who backed them with a list of other ventures those investors previously were associated with.
It’s intentional, Georgiev said. “We want people to trust us. And so we put our faces out there.”
Zouhair Belkoura, founder of the privacy protection suite of apps known as Keepsafe, suggests that before using a personal finance management platform, people should take a hard look at how far the platform is willing to go to stand behind its safety claim.
“Does the service apply the same rigor as a bank to ensure that if fraud or a breach does occur, it will ensure customers are made whole?” Belkoura asked.
The short answer to that last part is probably not. Most don’t. If the platform is hacked and your money misappropriated, the third-party platform will likely not replace it for you. And it’s a point of debate whether your bank will, because the terms of service agreement for your checking account most likely admonishes against giving third-party sites access to your account information. Banks discourage the use of these apps, although some consumer advocates argue that’s because banks just want to be able to market products to you directly and don’t appreciate another business getting between them and their customers.
Banks themselves are protected by the FDIC, which means that if your bank collapses, the federal government insures the money you held in your accounts up to $250,000. Apps and digital platforms, on the other hand, have no such government-backed protection unless it’s an investing app.
Eva Velasquez, president and CEO of the Identity Theft Resource Center, boiled it down to this: “Anytime you share your sensitive PII [or personally identifiable information] with new entities/organizations, you increase your risk surface. The more information you share, and the more organizations you share it with, increase your chances of that information being compromised in some manner.”
Velasquez noted that who you deal with matters. “There are plenty of bogus apps and sites that exist solely to collect your PII and steal your identity, as well as legitimate sites that offer a useful service and have best practices in place,” she said, suggesting that people check third-party reviewers like the Better Business Bureau, organizations such as the National Cyber Security Alliance and her Identity Theft Resource Center for information to help them decide if the risk is worth it.
Know what apps can actually do with your data.
But the internet and e-commerce is filled with risks, isn’t it? Doesn’t this come with the turf?
Catalin Cimpanu, who covers security news for Bleeping Computer, says that as a blanket rule, “giving your password to any third-party is a seriously bad idea.”
“And if I’ve learned anything, it’s that finance management apps are really bad at security,” Cimpanu told HuffPost.
Still, since most banks use multi-factor authentication, your information isn’t stored within the third-party’s interface, and there can be no money transfers without permission, would a data breach really be the end of the world?
By federal law, your maximum liability for credit card fraud is $50. If you report your card lost or stolen, the credit card company generally will close the account pronto and not hold you liable for any fraudulent charges. So you are pretty much safe if someone starts to charge up a storm with your card.
Similarly, money stolen directly from a bank account via a bank transfer is also covered, by Federal Reserve Regulation E, which implements the Electronic Funds Transfer Act. If you indicate that you never authorized a transfer, you will get your money back. Georgiev noted that in practical terms, this type of “hacking” ― stealing money from a bank account ― is a very bad idea.
“Thanks to KYC and AML regulations, there is a detailed paper trail on a global scale. The people responsible will get caught and/or lose access to the funds,” Georgiev said, adding, “That’s why you never really hear of hacks where massive amounts of people lost their bank account funds.”
If funds are stolen from your bank account, would you just have to eat the loss? Chase, Capital One, and Fidelity state on their sites that if you share your information with a third party, you may be on the hook for stolen money. But others disagree. One legal expert told Reuters that the law releasing banks of liability when customers deliberately give power to transfer funds to a third party, such as a family member or business partner, is different from giving credentials to Mint or another money management site that will use it simply to monitor and record the account activity.
Plus, there are laws that limit your liability from theft from your bank account if you report it in a timely fashion. All of which is to say welcome to 2018, where everyone needs to check their bank account every day to protect against fraud.
Physical assets like a house, cash, bank accounts, etc. are no longer the only portfolio to a person’s legacy. Nowadays, it’s digital assets that can significantly contribute to a person’s overall “wealth” and legacy. This “wealth” is a topic that can easily confuse and overwhelm many, as they navigate through new digital platforms, technologies and wealth creation.
If You Own:
- Crytocurrency accounts
- Social media accounts like Facebook, Instagram, Snapchat, etc.
- Personal files, photos or videos on Google Drive, Dropbox, etc.
You will need to provide your heirs access information, so that they will be able to access your digital assets.
Financial Digital Assets
These include monetary wealth acquired from digital currencies e.g. investments or trade in cryptocurrencies like Bitcoin, Ethereum Ripple, Litecoin.
Sentimental Digital Assets
Digital assets include items of sentimental wealth— items that are not worth any money, but contribute to the legacy and life of a person. These items can include email accounts, social media handles on Facebook, Twitter, Instagram, Snapchat, etc., cloud accounts, and even on-device data e.g. smartphones, tablets or computers.
In the Event of Death
Upon death what happens to these digital assets? You may have a substantial amounts in your Bitcoin account or other digital currency, photos and videos on your phone and an active Facebook account which may contain sentimental videos and photos. How will your executors navigate through your “stuff” to distribute it to your beneficiaries?
Actions to Safeguard your Digital Assets
The first step is to get an estate plan in place (regardless of whether you have digital assets or not), but with digital assets, ensure that your estate planning attorney knows how to integrate, document and update the information within your estate plan.
The executor of your estate will need to access your accounts, which means usernames, passwords, 2 –Step Authentication codes and access should be clearly mapped out. The risk in not doing so means zero access to both types of digital assets and any wealth gained in cryptocurrency will simply be lost.
Cryptocurrencies are secured in a way traditional currencies are not. It is important to know how to access cryptocurrency assets once the account holder passes away, since they are monetary assets—much like printed currency. Cryptocurrencies are typically protected by a “key”— read our previous Blog here.
In California, creating an estate plan is crucial for some, in order to avoid probate. However, families may still find themselves in probate court litigating their inheritance and fighting between siblings. With something as intangible as digital assets, the burden of proof can swing judicial decisions. If there is no access to an account or documentation in some shape or form, it will be a tough to assert ownership.
Although we do provide superior estate litigation services, Velasco Law Group focuses more on keeping families out of litigation. Our objective is to preserve and protect your wealth. Digital assets are an important element in our everyday lives; our children have grown up in a digital world. The future is shaped around the internet, the cloud, and the worldwide web. You should protect wealth and understand how to leave behind your digital assets and legacy. Velasco Law Group can help guide you through the estate planning process.
Our law firm is dedicated to keeping up with important trends that affect families and businesses. Velasco Law Group has offices in Long Beach, Downey and Irvine. We have a team of English and Spanish speaking attorneys and paralegals to assist you. Our initial consultations are complimentary. Find out more about how you can protect your digital assets at any one of our office locations. Call 562-432-5541 to schedule an appointment.
Brits loose THOUSANDS of pounds as many fail to tell families about their online savings
Two thirds of adults with online pensions, investments, savings and bank accounts have failed to inform next of kin about their accounts.
That money could easily go missing unless family members know it actually exists and where it can be found.
The research from Lloyds Bank, produced exclusively for the Daily Express, is a wake-up call for millions who are failing to take enough care to document their financial affairs.
As we spend more of our lives online, we all need to prepare for what happens to our digital legacy when we finally die.
LOST IN THE NET
People take far greater care with their paper-based finances than their online accounts.
Many also keep family members out of the loop, with almost four out of 10 failing to talk to loved ones about their personal and financial affairs should they die, Lloyds’ research shows.
Some are more focused on trivial concerns, such as wondering what will happen to their Facebook page in the event of their death.
Lloyds’ director of bereavement, Paul Sheehan, says people need to take more care of their online finances as we shift away from paper: “Digital makes managing your finances easier, but it can make things more difficult for next of kin taking on your financial affairs when you die, as so many are financially unprepared for death.”
He says the first step is to talk to family and friends about your financial position: “This is especially true for online accounts, which would be harder to locate if your loved ones are not aware of them.”
Sheehan suggests preparing a written list of all your online and offline accounts and keeping it in a safe place where others can find it later: “This will provide important information for your family and friends and can help ease stress during what will be a tough time.”
Your digital wealth may include much more than just your financial accounts.
“Check the terms and conditions on any music, books and films you have purchased digitally to see if these can also be passed onto friends and family,” he adds.
You also need to produce details of any debts that will have to be paid out of your estate when you die, so that you do not bequeath a nasty shock for your loved ones.
Another worry for grieving families is meeting immediate expenses and debts after death, but Sheehan says banks and other financial services companies should be able to help with this.
For example, insurers offering over-50s life cover or funeral plans should quickly release funds to grieving families.
He says banks should be supportive in an emergency: “They may help loved ones gain access to the deceased’s credit balance to fund funeral expenses and other costs, such as inheritance tax, probate fees and confirmation fees, before all the legal paperwork is sorted.”
WAY TO A WILL
Writing down your wishes on paper makes them legally blinding, but too many Britons still fail to make a will, including almost eight out of 10 under-45s.
Sheehan urges everyone to write or update their will to avoid legal complications for loved ones: “You can draw up a will yourself, but it makes sense to use a will-writing service or solicitor instead.”
James Antoniou, head of wills at Co-op, says January is peak time for people to amend and update their wills: “Christmas brings people together, but it can also lead to conflicts and family fallouts while for others New Year is a trigger to get their finances in order.
“As a result we tend to see a peak in will amendments coming through in January.”
AUSTIN, Texas —
Imagine being alive and well–and then getting a notification that you’re dead. It happened to one Texas woman, and it took months for her life to get back to normal.
Barbara Kleinschmidt was “killed” electronically. She says she lived for months without access to her bank accounts and credit.
“You’re telling me I can’t get my money, you closed my credit accounts, but I am alive?” recalls Kleinschmidt.
When she called the Social Security office, Kleinschmidt says she was told someone, possibly a coroner or funeral director, faxed in a document listing her as deceased. They would not give her any further information.
She even got a letter from her bank, addressed to “The estate of Barbara Kleinschmidt” that asked her family to accept condolences for their loss.
Kleinschmidt says she got depressed and confused.
“I didn’t want to live, because I just didn’t know where, because it was hard for me to know what was going on,” she remembers.
Kleinschmidt believes someone she knows may be behind her digital death.
When we called the Social Security office, we were told Kleinschmidt was listed as deceased for nearly a year.
A representative wouldn’t tell us how the mistake happened, only that it could be due to something as simple as a typing error by an employee or someone else with access to the Social Security Administration’s Death Master File. Coroners, doctors, even credit unions, have access to it.
“It’s very problematic,” said Shawn McCleskey, a retired Secret Service agent and Director of Organizational Education and Measurement at the University of Texas at Austin Center for Identity.
McCleskey says more needs to be done to determine who’s who.
“How much diligence do they, in fact, do to verify if that person is in fact the person who should be submitting the documents?” wondered McCleskey.
He says many agencies don’t have the time or money to be as thorough as they should be.
While Texas’ system seems pretty secure, so-called “master hacker” Chris Rock tells KEYE TV the system is only as strong as its weakest link.
Rock presented at hacker convention Def Con on the weakness of the electronic death registration system. He was able to get into the electronic death registration system in four states. A Texan could be declared dead in any of them.
According to Rock, people can easily pose as doctors or funeral directors. He calls it a fatal flaw in the system. In some states, all it takes to set up an account is a doctor’s name, address and medical license number. A basic internet search can often yield that information.
And McCleskey says Kleinschmidt’s theory about her “death” being a personal attack might ring true. He’s seen people steal identities not for financial gain, but for public humiliation.
“If you just want to cause someone some real grief, have them declared dead,” said McCleskey. “That would be. Talk about, what this woman is experiencing, a real nightmare.”
Kleinschmidt says her main concern now is making sure her nightmare doesn’t happen to someone else.
“People are looking at me like I’m still dead,” said Kleinschmidt.