Comments on: TreasuryDirect refuses to confirm transactions

by: TreasuryDirect enhances security features: US Savings Bonds

Fri, 11 Aug 2006 16:36:12 +0000

There's a follow-up to this article today at TreasuryDirect enhances security features

by: Wall Street Journal questions TreasuryDirect security: US Savings Bonds

Mon, 10 Jul 2006 18:53:07 +0000

[…] The article refers to our March 18 article TreasuryDirect refuses to confirm transactions., as well as discussions on Morningstar.com forums. […]

by: tom

Fri, 30 Jun 2006 22:40:42 +0000

Has anyone tried changing the bank info to a account that is not yours (like a family member) to see if they will flag it as an error?

Also, if a burglar got your password, he will change your email so you wont get a warning. He'll also change the password so you cant get in.

by: Tom Adams

Wed, 05 Apr 2006 22:58:01 +0000

Followup - After further thought, it seems to me that doing things randomly can be a valid security procedure in that it prevents attackers from knowing what response to expect. Random responses can increase security and lower risk for the Treasury.

However, the Treasury puts all the risk of a password attack on the investor and takes none itself anyhow. From the investor's point of view, password security is increased and risk is reduced by at least having the option to receive notification of any changes to the account.

The people running TreasuryDirect want it to be the best possible system. They're making continuous improvements. Hearing the customer viewpoint is helpful to them.

by: Tom Adams

Tue, 28 Mar 2006 22:05:40 +0000

Followup - as a test, I recently changed my own email address on TreasuryDirect. I did not receive an email confirmation.

The same day I used the Contact Us button within TreasuryDirect to ask whether confirmations are sent for a variety of transactions types. The answer I received was:

To verify that the TreasuryDirect account holder made the changes E-mails are sent for randomly selected accounts that have had information changes.

Security by random selection? That's one I've never heard of before.

by: Tom Adams

Sat, 18 Mar 2006 02:24:45 +0000

NOYB and Dan - I'm really happy to hear that TreasuryDirect has started confirming bank account changes by email. My information was based on prior experience.

However, I did ask the Savings Bonds public relations team about this issue a few days before publishing this information but I guess they didn't know it had already been fixed.

Mario - I don't know about Legacy Treasury Direct but I'll see what I can find out.