NEW YORK ( TheStreet) -- If a hacker steals money out of your brokerage or mutual fund account, the financial industry would like to reassure you that a reimbursement is in the cards.
Fidelity Investments calls it the "Customer Protection Guarantee."
After you get past the warm-and-fuzzy feeling that your broker has your back, read the policy to the end and click on the links that detail what they expect of you. Because, for the most part, firms that offer a "guarantee" of reimbursement only make good on their promise if you've been vigilant about security.
Did you share your password with someone who wound up stealing your money? Your broker will consider that a transaction that you authorized -- a reasonable policy considering that you gave away the keys to your account.
Do you regularly check your account for unauthorized transactions? Fidelity, Scottrade, TD Ameritrade, Ameriprise and Merrill Lynch expect you to review all the information they send in the mail or check your online account frequently for activity that doesn't look familiar.
Are you savvy about spotting phony "phishing" emails that try to dupe you into thinking you're dealing with your broker or fund company? Ameriprise says you can't respond to, open an attachment in, or click on a link within an email "if you suspect the message is fraudulent." Other firms have a similar requirement that you not fall for phishers, so take time to learn how to spot and avoid these scams if you're counting on reimbursement protection.
Many firms also require that you create "safe" and hard-to-guess passwords that you do not use for any other accounts. Figuring out what a company considers "safe" or "strong" can be tricky business, though, and some financial institutions give little guidance as to how they define those terms.
Vanguard's Online Fraud Policy - the only policy I reviewed that didn't use the word "guarantee" in its policy title -- gets more specific than most. It links to a document that says a Vanguard.com password should be different from your passwords on other websites, changed on a regular basis, reasonably complex "and, preferably, at least 8 characters long."
Curiously, Vanguard allows customers to create passwords with as few as six characters "to give the client some flexibility in terms of what password they might choose," said Jeffrey Lampinski, who runs Vanguard's information security team. Customers creating a password, though, are not prompted that a six- or seven-character password could undo the reimbursement policy.
Vanguard maps out clear requirements and asks a lot of its customers, including that they close their browsers after logging out of the site, avoid phishing come-ons, and make sure they have "up-to-date security and anti-spyware, antivirus, and firewall software." At the other end of the spectrum, Schwab and TD Ameritrade ask little. Both make the common demand that customers not share their account access information with anyone and that suspicious activity be reported promptly.
Schwab adds that it doesn't protect the customer who engages in "gross negligence." TD Ameritrade says it gives protection to the victim who lost money "through no fault of your own." Although Schwab's policy links to extensive "additional steps" customers can take to protect their accounts, spokesman Greg Gable said in an email that "there is no requirement they follow those steps for them to be protected" by the guarantee.
Ameritrade spokeswoman Kim Hillyer said in an email that it's "a rare occurrence" that the company declines to reimburse a customer. But when they do, it's usually because the client either had given someone else access to an account or because the client waited "an extreme amount of time" - several months to more than a year - to report the activity as fraudulent.
A standout for having no policy is T. Rowe Price (TROW - Get Report) . Spokesman Brian Lewbart would not comment on why the firm has no formal policy on reimbursement, but did say that it investigates reports of unauthorized disbursement of funds and works with parties including law enforcement agents when appropriate in an attempt to get the money back.
He said the firm evaluates potential responsibility when money can't be recovered, considering such things as errors on the part of T. Rowe Price or whether a third party had gained access to a client's user name and password by using spyware on the client's computer.
For the most part, Wall Street's promises of reimbursement for fraud rely heavily on the customer becoming a student of online safety. The good news in all this: Read all the caveats in your financial firm's guarantee and you'll come away with a very good idea of the work you need to do to keep an account secure. You can't say your firm didn't warn you.