The U.S. Securities and Exchange Commission warned earlier this month that scammers were hijacking online brokerage accounts, using spyware and operating from remote locations.
TD Ameritrade Holding on Tuesday became the latest brokerage to confirm the problem. It said it cost $4 million in the third quarter to make whole customers whose accounts had been hacked.
Harder-hit was rival E*Trade Financial, which last week said its fraud losses ballooned by $18 million in the third quarter from swindlers who stole clients' identities and manipulated their accounts.
Both brokerages guarantee to repay clients who lose money through such frauds. A representative for a third discount brokerage, Charles Schwab, said the company hasn't seen "anything unusual enough to merit a disclosure."
"During the quarter E*Trade, like a number of our competitors, experienced a significant increase in losses resulting from fraud relating to identity theft," said Jarrett Lilien, president and chief operating officer of E*Trade, on last week's conference call.
TD Ameritrade Chief Executive Joseph Moglia said that all those who stole clients' identities did so by using public computers rather than hacking into the Omaha, Nebraska-based company's internal systems.
He called the $4 million hit "not material at all. This gets a lot of attention but it's not affecting the share price," he said.
TD Ameritrade shares fell 79 cents, or 4.8 percent, to close at $15.84, making them the top decliner on the Amex Securities Broker Dealer index. Moglia blamed the share price fall on a cut on its projections for 2007 earnings.
Both E*Trade and TD Ameritrade said they were strengthening their defenses.
"We've seen that level of fraud in the last three weeks or so reduced to almost zero as a result of the changes we're making," E*Trade CEO Mitchell Caplan said in last week's conference call.
But Gwenn Bezard, an analyst with Boston-based consultant Aite Group, said E*Trade had previously made big efforts to bolster security and the $18 million increase was a sign of hackers' resiliency in combating.
"It's a reminder that though you may have stronger authentication, it may not protect you from other types of scams," he said.
Both E*Trade and TD Ameritrade said they are working with investigators at the SEC, the FBI and other agencies to.
About 25 percent of U.S. retail stock trades are made by online investors through roughly 10 million online accounts, according to brokerages regulator NASD.
In many of the schemes outlined recently by SEC officials,to monitor a user's activities and capture vital information, such as account numbers and passwords.
The program then e-mails the stolen information back to the thief, who can use it to open victim accounts.
Once inside, the thief may sell off an account's portfolio and take the proceeds. Or electronically hijacked accounts may be used for "pump-and-dump" schemes to manipulate stock prices for profit, SEC officials have said.