Basics of security and privacy in high yield investing

From internet

So far we have covered the risk of being scammed and steps you can take to minimize the risk. We have also covered the risk of bad trading results and how to identify the likelihood of them happening for programs in general. But what about the basics security & privacy? Don't worry, I am not going to bore you with an article about firewalls, anti-virus etc etc, there's plenty of that elsewhere. But I remembered something that happened to me a few months ago.

The program I was looking into was MCAJ, which is now closed to new investors. I had never invested in the program because the returns were, well, really not that good, but I was considering it for diversification purposes. What finally put me off however were not the poor returns, but security issues. I discovered them through trial-and-error.

As it happened to be, I registered utilitizing yet another randomly generated password by my trusty KeePass, 25 characters in length. Somehow the textbox did not have a maximum number of characters, but the system truncated the password to 15 characters. Obviously this meant that I could no longer login, but it was not immediately clear to me why, which is how I ended up contacting customer support.

Customer support was helpful, unfortunately a bit too much. They reset my password and notified me with the new password by e-mail, not the safest practise in the world. So I threw another randomly generated password at it and ended up with the same problem. But this time I spotted the problem. The customer support representative was able to confirm the truncated bit of my password. Does that ring a bell? It should.

Most poorly programmed websites will at least put some effort into securing member information and especially account username & password. One has to wonder though what the point is of putting in a lot of effort into encryption and other security measures at the website, while at the same time confirming the new password by e-mail...in MCAJ, not only did they e-mail you your password, clearly the support representative had access to the password, meaning it was not saved with any encryption at all on the server either. Basically a hacker would only need to hack the database password and once through, he would instantly be able to login to every account and do whatever he liked.

I have a background in web development, so I threw in a few pieces of advise and gave helpful tips on how to improve security and why it was necessary. The once so friendly representative ignored all forms of communication from that point forward. I had simultaneously reached the conclusion that this was just not worth it for me and dropped the program from my list.

What I got from this was a new trick up my sleeve. I now suffer from amnesia the moment I have made the decision to join a program and sign up... I feel it is important not only to test customer support, but also to get an idea on security measures in place. Some programs really don't have a clue on security, which can compromise your personal details and thus your privacy. Not to mention your investments.

Which brings me to another point: the dreaded secret questions. Even the websites you'd consider to be pretty tight in security can't help themselves and offer you the secret question. Twenty years ago, there was just one secret question: "What's your mother's maiden name?" Today, there are more: "What street did you grow up on?" "What's the name of your first pet?" "What's your favorite color?" And so on.

The point of all these questions is the same: a backup password. If you forget your password, the secret question can verify your identity so you can choose another password or have the site e-mail your current password to you. It's a great idea from a customer support perspective -- a user is less likely to forget his first pet's name than some random password -- but terrible for security. The answer to the secret question is much easier to guess than a good password, and the information is much more public. Security goes out the window and we fall back to the illusion of security. Much worse than no security at all.

Here's a few (hopefully) helpful tips:

- You'd hate to pass up a great opportunity, but consider the security measures put in place to protect your personal information and not to mention your account with full access to your investments. Does the website use SSL, a secured connection? If not, this is not immediately a disaster but definitely a starting point for more checking. Does the program e-mail you your password after creating your account and can you have yours e-mailed to you with a click on