Thursday, August 15, 2019

Why Can't We Stop Pfishing?

During my employee orientation at America Online in 1997, that day-long tradition of assaulting new hires with mundane and mind-numbing facts that are immediately forgotten, I was warned that AOL employees were constantly under threat of phishing attacks, though they weren't called that, and I admit that I didn't really understand the explanation.

By close of business the following day I had developed a full appreciation of the threat because I had unwisely clicked on a link in an Instant Message and unwittingly handed my employee login credentials to a hacker, something I had been told not to do just hours before. IT's "clean-up" process took two days, though I suspect that was a form of punishment, and during that time I wore the scarlet letter of being cut off from the rest of the company that functioned entirely around AOL Mail and Instant Messaging.

What a dunce. Lesson learned.

AOL finally put a huge dent in the phishing attacks by implementing two-factor authentication (2FA) for all employees, as I described in those previous posts, except that in 1997 we used hardware tokens because there were no smartphones.

Having dedicated my last two posts, You're Responsible for Your Own Online Security and How to Secure Your Online Financial Accounts, to securing online financial accounts, I realize my retirement finance blog has taken on a computer-geek air of late. My rationale is that retirement finance is primarily about dealing with risk and cyber security is a huge component of financial risk. describes phishing attacks as follows.
"Phishing is the crime of deceiving people into sharing sensitive information like passwords and credit card numbers. As with real fishing, there's more than one way to reel in a victim, but one phishing tactic is the most common. Victims receive a malicious email (malspam) or a text message that imitates (or “spoofs”) a person or organization they trust, like a coworker, a bank, or a government office. When the victim opens the email or text, they find a scary message meant to overcome their better judgment by filling them with fear. The message demands that the victim go to a website and take immediate action or risk some sort of consequence."
The term "phish" comes from fishing. A hacker dangles some bait in front of you in the form of a disguised hyperlink in an email or text message and hopes you will click on it hook, line and sinker.

Phishing attacks can be implemented with text messages, email, or even phone calls. It is actually a "social engineering" attack because rather than relying on technology to steal your vital information, it relies on you giving away that information in a moment of fear, confusion or just complacency.

Some people provide their sensitive information over the phone in spite of knowing that no bank, brokerage or government office like the Social Security Administration is going to call, text or email you and ask for your login credentials. The IRS does not announce an audit in an email.

Others click on a hyperlink in an email or text message because they believe they know the sender or because the link looks familiar or harmless. It isn't difficult for a hacker to change an email sender's address, using an attack known as "spoofing." You cannot trust an email's source simply by looking at the sender's email address or a phone call's source by checking Caller ID.

A lot of people who should know better get hacked by phishing attacks. It's a highly effective strategy.

Cyber security firm, CSO, lists three infamous phishing attacks.
  • Perhaps one of the most consequential phishing attacks in history happened in 2016 when hackers managed to get Hillary Clinton campaign chair John Podesta to offer up his Gmail password. 
  • The "fappening" attack, in which intimate photos of a number of celebrities were made public, was originally thought to be a result of insecurity on Apple's iCloud servers, but was in fact the product of a number of successful phishing attempts.
  • In 2016, employees at the University of Kansas responded to a phishing email and handed over access to their paycheck deposit information, resulting in them losing pay.
The Clinton Campaign phishing hack may have helped decide a presidential election.

(Note to political parties: Why are you sending unencrypted sensitive information over email systems like GMail when you can create a free, encrypted account at CERN's Proton Mail or spend a few bucks to encrypt your own mail server? More importantly, why are you saying things in an email that you wouldn't want the world to share? Emails never die. Your stupidity will be on the web forever. This is not the way you want to go viral.)

My goal is to help you protect yourself and your wealth from phishing attacks (if political organizations haven't figured out how by now then I have little hope for them in cyberspace).

Because phishing attacks are social engineering attacks that depend on tricking you, your diligence is the best protective measure. Think twice — no, make that three times — before you click on any link in an email or text message.

Check the context. My friend, Lex, send me lots of emails, text messages and messaging app thoughts. I normally click on all of his links but when I recently received an email from him that contained nothing but a hyperlink, I deleted it. It would be very unusual for Lex to send me a link with no explanation.

Needing no further clues, I checked the email's CC list and noticed it was quite long and included no one that I know. Not a confidence-building sign.

If I have any doubt that a link I receive is not legitimate, I will contact the sender and ask if the email or message was really from them but it is critical to contact them through a different channel and not by replying to the message. If the link really is phish, then replying may simply be me asking the hacker if he is legit. He'll probably say yes. If the link arrives in an email, for example, call or text the sender, instead.

When I receive an email or text message regarding the status of a credit card account,  I visit the card's website without clicking on the link.

It's quite easy to make a link look like a legitimate website when it actually points to a hacker's own malicious website. It's also quite easy to make that website look like Chase Bank's website, for example, and encourage you to "login" at the fake website and thereby hand your login credentials to the hacker.

Most email systems and websites allow you to view the actual link by hovering your mouse over the hyperlink. The underlying link will appear. Read the actual link closely to detect small changes that indicate you might not land where you expected.

You may find, for example, that a link that appears to point to (my website) actually points to, which could belong to anyone. Notice the subtle misspelling. Hover your mouse over each of these links and, depending on your browser, the actual destination hyperlink will show up somewhere on your screen.

Some anti-virus and anti-malware software also incorporates anti-phishing features. Check your software's website to know for sure. Still, it won't replace your own diligence in examining hyperlinks sent to you before clicking on them.

Why are phishing attacks still so successful though we've been exposed to them since the late 1990s? They prey on our fear, complacency, and familiarity. It should be really easy to always say, "I'm not 100% sure this is a legitimate link so I'm just not going to click it" or "no legitimate business would ask me to provide sensitive information through an email or a phone call," yet it remains a successful hacking strategy.

One last question you might ask yourself is what would happen if I don't click this link? If it is important, the sender will surely try other ways to reach you, even if it's a friend just making sure that you saw the link she sent to her latest baby pictures.

Phishing attacks aren't the only cyber threat to your wealth but they are one of the most common and they are very effective. The best way to protect yourself is to treat any link sent to you as a potential threat. Never click on them without stopping to think about possible bad outcomes. Err on the side of avoiding the pfisher. If you're not certain, don't click.

Tuesday, August 6, 2019

How to Secure Your Online Financial Accounts

In my previous post, You're Responsible for Your Own Online Security, I noted that online fraud protections from banks, credit unions, investment companies, and other financial services companies are significantly weaker than consumer protections for credit cards, debit cards, ATMs, and EFTs. The "100% online fraud guarantees" advertised by financial services companies can have a lot of fine print and they are backed by the companies, not by consumer protection laws.

You may be thinking, "That's a lot of trouble. In the unlikely event that my account is hacked, the financial services company will reimburse me." I think that's a mistake for a few reasons. First, even if the company covers your losses, recovering from the fraud is unlikely to be a pleasant experience. Second, if you don't meet the company's security requirements spelled out clearly on their websites, you might not be covered by their online fraud guarantee, at all. Do you want to take that risk with your savings?

My goals for this post don't include boring you to tears, though that is certainly a risk when one explains technology to people who just want things to work. The truth is that Internet passwords don't work. We need a very different solution for securing online access but unless and until we get that, we have to work with what's available.

One of my goals is to help you avoid losing your hard-earned wealth to online fraud. A second goal is to help you avoid the long, painful process of recovering from online fraud when recovery is possible — you'll find it much easier to stop fraud before it happens than to tidy up afterward. And, my third goal is to keep you from running afoul of requirements that might preclude those "100% online fraud guarantees" offered by financial services companies. I used to refer to them as "online financial services companies" but now almost all of them are.

I warn you up front that some of these measures can be complicated to implement and that they will complicate your financial life a bit. It won't be as easy for you to access your online financial services but it should be a lot more difficult for a thief to do so.

And finally, before diving into security measures, be aware that many online services offer different levels of security that you can implement depending on how much set-up work you are willing to do  and how much inconvenience you will tolerate to achieve greater security. You can improve security significantly with stronger passwords, for example. With more work and complexity, you can greatly improve on long-password security by adding two-factor authentication. You will need to decide if the extra security is worth the effort.

You might also think, "This is way too difficult. I'm just going to avoid online access to my accounts altogether."

While this might be achievable in some limited way, it will preclude most investment opportunities. I asked Fidelity Investments if it is possible to open an account with no online access. They thought I had lost my mind. And, should you decide to simply not set up the online access, a thief might well do it for you.

Wade Pfau and the gang at are seeking volunteers for a research project called the Retirement Income Style Awareness,™ (RISA™). Please consider following this link to the survey.  Participants will be able to get results from the survey in the fall.

First, if your computer, smartphone, or tablet is compromised, no other security process can be trusted. If someone installs a keylogger on your computer, for example, that person can watch you type in your log-in credentials from half a world away and it won't matter what other security measures you take, they're looking over your shoulder. Run anti-malware software on your computer and only download smartphone apps from your apps store. This step is essential. There are several excellent free anti-malware products for computers. I like Avast for Mac[1]. Windows Defender[2] generally gets high marks, as well.

Next, you probably have a lot of sensitive information on your smartphone. Many services will use your phone to reset your password, for example. A thief doesn't need to learn your password if she can more easily reset it. Actually, a thief doesn't need to physically steal your phone. He may be able to illegally "port-out" your phone number and receive all your phone calls and text messages. Your smartphone is a key to your online security whether or not you intended it to be.

You need to keep that key beyond the grasp of hackers. Bite the bullet and change your lock-screen passcode to at least 8-digits.[3] (Are you still using four digits?) This step is also essential. I'd recommend avoiding lock-screen patterns on Android phones.

For many financial services companies, the use of "third-party aggregators" like, Fidelity Fullview and Vanguard Portfolio Watch will violate your guarantee of fraud protection. Charles Schwab explicitly states next to the button to enable these services that they invalidate your guarantee. Stop using them. This is an essential step. You can go to the aggregator websites and turn off the feature but you can also change the passwords on all your financial services accounts (which you probably should do, anyway) and simply not update them at the aggregator website. If your financial data still shows up at your aggregator site, you know you're not finished. The aggregators will no longer have access to your data and you will no longer be in violation of the terms of your guarantee.

Creating strong passwords is an essential step. Make passwords to all your sensitive online accounts at least 12 random characters long. Use upper and lower case letters, numbers and special characters as allowed by the website. Here's an example: Wt4e-7B13^qS. As the saying goes, the best password is the one you can't remember. It has been estimated that an 8-character password can be cracked in hours, nine characters in months, and 12-character passwords in hundreds of years with a brute force attack. If your password contains recognizable words, a dictionary attack can be even faster.

Don't reuse passwords. This is essential because cracking one of your passwords compromises every other account using that password. Every sensitive account should have its own.

Never share your password with anyone other than a spouse on a joint account. That will almost certainly invalidate your online fraud protection. If you want an advisor or a spouse to have access to your individual accounts, grant that authority explicitly by filing the appropriate paperwork with your financial services companies instead of going through the "back door" of sharing your passwords. Recognize the risk you're taking by doing this and consider sharing "read-only" access and not authority to transact in your account.

If you write them down, store the list of passwords in a secure location and hide a backup in a different physical location. The next step isn't essential but I find it helpful. I use a password manager to both create random passwords and store them. LastPass, Dashlane,  and 1Password are perhaps the best known and you can access passwords from your computer, smartphone, and tablet.

The next level of security (and complexity to implement and use) beyond strong passwords is two-factor authentication. 2FA is perhaps not as essential as strong passwords but many experts would disagree. I consider it mandatory for my accounts but I also recognize that it is complicated for a "non-techie" to understand and implement. I can imagine that most will consider it too complex and that's a shame because it is a huge step up in security.

In essence, 2FA provides a second password that changes every minute and can only be read from an app on your smartphone (or a dedicated hardware token[4]). Unless a thief has access to your smartphone, she can't log in to your account even if she knows your password.

2FA is now offered by most, though not all, financial services websites. I even use 2FA at social media websites and on my email accounts. Two Factor Auth[5] provides a list of websites that support 2FA and[6] explains how to use many of them.

I have found that customer service departments of financial services companies will walk you through implementing 2FA over the phone if you ask and it only takes a few minutes. This is far and away the easiest way to implement 2FA on your account.

There are several ways in which 2FA can be implemented. The passcode can be sent to you in an email, sent to your phone in a text message (SMS), delivered by a voice phone call, or created by an app on your phone. If your financial services company offers a choice, the app approach (or a hardware token) is the safest.[7]

Some websites, like TreasuryDirect®, will email a one-time password (OTP) as a second layer of authentication after you enter the correct password. A lot of people know I can be reached at and that's the first place a hacker might search for my one-time password. It would be harder for a hacker to intercept my OTP if I have it sent to say,, which doesn't identify me.

If any of your accounts use 2FA by sending an email, consider setting up an email account with a random name solely to receive 2FA passcodes. Set up a notification in that email account to alert you anytime you receive an email.

Many websites have a "password recovery" process that will reset your password if you answer security questions like "What was your high school mascot?" It makes no sense to go to all this trouble to secure a password when someone can "recover" your password by answering these security questions after reading your social media posts or by Googling your name.[10]

(I checked my password recovery questions on an email account I use for junk and found that that a hacker would need to either spend hundreds of years guessing my password or simply guess the name of my favorite band to gain access to my account.)

I make up unrelated answers to these questions and store both the questions and the answers with my passwords. For example, I might choose the question "What was your school mascot?" ("Eagles" is a good guess for a hacker.) I might enter "bookbinder" as the answer.

Thieves can sometimes illegally "port-out" your mobile phone number to theiro phone and the only indication you will get that this has happened is that your phone will stop working. They'll receive your text messages and phone calls so they'll intercept any one-time passwords sent by either of those methods. Furthermore, many online accounts will allow you or a thief to recover your password by texting or calling your phone and the thief is now the recipient of both of those. You may have the physical phone in your hand but all of your voice calls and text messages will now go to the thief's phone.

To illegally port-out your phone number, a thief only needs some basic name and address information about you and a PIN that is set up at your wireless carrier's website. Better beef-up the security of wireless carrier passwords and PINS with your wireless carrier. Krebs on Security tells you how.

Log on to your wireless carrier online account and make sure your PIN isn't something obvious like "1234" or the last four digits of your social security number. Use a strong password on your wireless carrier's website. I added 2FA to mine. Otherwise, the fraudster can hack into your wireless carrier account and change that PIN. Your smartphone, one way or the other, is the key to much of your online security. If it is lost or stolen, take action immediately.[8,9]

Since this all began with a reader's comment regarding security at TreasuryDirect®, let's look at how we might secure accounts there.

To log on to a TreasuryDirect® account, a thief will need your account number, a password for that account, an email address to which TreasuryDirect® will send a one-time passcode each time we attempt to log on, and that one-time passcode.

First, create a random password at TreasuryDirect® that is at least 12 characters long. Then, create unrelated answers to password recovery security questions at TreasuryDirect®, as described above.

Create a new email address with a random name and direct TreasuryDirect® to send one-time passwords there instead of sending it to your public primary email address. Secure the email account with a long, random password.

Now, a hacker will need to learn your TreasuryDirect® account number, hack its long random password, figure out what e-mail account you have told TreasuryDirect® to send your one-time password, and hack that e-mail's long random password to learn your OTP. If he tries to hack your TreasuryDirect® account using password recovery, he will need to know that you told TreasuryDirect® that your father was born in the city of banjo.

I believe any web-based service is hackable but a thief could probably find an easier way to steal money than this.

If you only install anti-malware software on your computer and improve your passwords, you will greatly enhance your online security. If this seems overwhelming, start by improving all of your passwords on financial services company websites and do more later.

You can download a checklist in Word to organize your security enhancement project. I included a sample using a Charles Schwab account. Click the link to see the document, then click download to save a copy.

This is the world we live in. Practically all financial services companies have an online presence with fraud guarantees provided only if the company considers that you have adequately protected your login credentials.

I realize that most readers will find this all quite complicated even with the links I have provided but this is your retirement savings we're trying to protect here and i4 your security doesn't meet the standards of financial services companies, their "100% online fraud guarantee" might not be available to you. Follow these steps and you are far less likely to ever need to recover from online fraud or rely on a fraud protection guarantee.

Some readers are having problems posting comments anonymously. Please feel free to email comments to and request that I post them anonymously.


[1] Avast for Mac

[2] Windows Defender, Microsoft.

[3] Change Your IOS Passcode. or Change Your Android Passcode for Android.

[4] Some financial services companies will provide, often for free, a hardware "token" to generate the 2FA passcode instead of using your phone. See Protect Your Investment Accounts With A Security Token.

[5] Two Factor Auth list of 2FA supported websites.

[6] Two-Factor Authentication: Who Has It and How to Set It Up, PC magazine.

[7] This is why you shouldn’t use texts for two-factor authentication, Major SMS security lapse is a reminder to use authenticator apps instead,

[8] If your iPhone, iPad, or iPod touch is lost or stolen.

[9] Find, lock, or erase a lost Android device, Google Help.

[10] Time to Kill Security Questions—or Answer Them With Lies, Wired.

[11] This is why your six-digit iPhone passcode isn’t secure,

Wednesday, July 31, 2019

You're Responsible for Your Own Online Security

Credit cards, debit cards, ATMs, and electronic fund transfers (EFTs) offer excellent fraud protection but your bank, credit union and investment company's online protections aren't as strong.

In response to my post, The Best Inflation Protection You Never Heard Of, a reader commented that he/she avoids I Bonds due to security concerns with TreasuryDirect.® It didn't take long to find several threads on the topic. The primary concern seems to be this statement from the Code of Federal Regulations:
§363.17   Who is liable if someone else accesses my TreasuryDirect® account using my password? You are solely responsible for the confidentiality and use of your account number, password, and any other form(s) of authentication we may require. We will treat any transactions conducted using your password as having been authorized by you. We are not liable for any loss, liability, cost, or expense that you may incur as a result of transactions made using your password.[72 FR 30978, June 5, 2007]
Should you be concerned about security issues at TreasuryDirect,® the only place where you can purchase I Bonds? I think you should be concerned about the security of online access to your holdings at all financial services companies and I think your security is largely up to you.

Having your financial services company hacked is different than having your individual account hacked using Internet access. I'm addressing the latter but the former happens with amazing frequency and you will be protected from those breaches. You probably won't even know it happened to your company until you read about it in the paper.[1]

You will probably find wording similar to that of the TreasuryDirect® statement above at the websites of all of your banks, credit unions, investments companies, and other financial services.

First, let's look at where we are protected.

Electronic Fund Transfers.

According to the Federal Reserve, "Regulation E provides a basic framework that establishes the rights, liabilities, and responsibilities of participants in electronic fund transfer systems such as automated teller machine transfers, telephone bill-payment services, point-of-sale (POS) terminal transfers in stores, and preauthorized transfers from or to a consumer's account (such as direct deposit and social security payments). The term "electronic fund transfer" (EFT) generally refers to a transaction initiated through an electronic terminal, telephone, computer, or magnetic tape that instructs a financial institution either to credit or to debit a consumer's asset account."[2]

Section 205.6 of Regulation E states the liability of [the] consumer for unauthorized transfers, "[Regulation E] limits a consumer's liability for unauthorized electronic fund transfers, such as those arising from loss or theft of an access device, to $50; if the consumer fails to notify the depository institution in a timely fashion, the amount may be $500 or unlimited."

At first glance that would appear to cover online access to your account at a bank or credit union — they are both subject to Regulation E and it specifically mentions computers — but that does not appear to be the case. The catch seems to be in how your bank or credit union defines "unauthorized access."

Credit Cards.

According to[3],
"Under the Fair Credit Billing Act, your liability for unauthorized charges depends on whether the thief personally presented your card to make the purchase, or just stole the number.
    • If the thief personally presents your card to make the purchase, the card issuer can't hold you liable for more than $50 in fraudulent charges. (12 C.F.R. § 1026.12). Many card issuers waive this $50.
    • If the thief stole the number, but not the card, you have no liability.
In either of the above situations, however, it's important to notify the card issuer as soon as you know of the theft—by phone and in writing.
Additional information regarding how to report fraud is also available at the NOLO link.[3]

ATM and Debit Cards.

Also from,
"With ATM or debit cards, you must act quickly in order to avoid full liability for unauthorized charges when your card is lost or stolen. Under the federal Electronic Fund Transfer Act, your liability is:
    • $0 if you report the loss or theft of the card immediately and the card has not been used
    • up to $50 if you notify the bank within two business days after you realize the card is missing
    • up to $500 if you fail to notify the bank within two business days after you realize the card is missing, but do notify the bank within 60 days after your bank statement is mailed to you listing the unauthorized withdrawals, or
    • unlimited if you fail to notify the bank within 60 days after your bank statement is mailed to you listing the unauthorized withdrawals. (15 U.S. Code § 1693g).
If you can convince the bank that your notification failure was due to extenuating circumstances, it must extend the notification timeline for a "reasonable period."
If your card wasn't lost or stolen, but the number is used for unauthorized transactions, you aren't liable for those transactions so long as you report them within 60 days of the statement being sent to you.
In response to consumer complaints about the possibility of unlimited liability, some card issuers cap the liability on debit cards at $50. And some banks don't charge anything if unauthorized withdrawals appear on your statement. Also, some states have capped the liability for unauthorized withdrawals on an ATM or debit card at $50."
So, for ETFs, credit cards, debit cards, and ATMs, the fraud protections are pretty strong but what is the extent of our protection for accounts with other financial services?

Banks and Credit Unions.

As I previously mentioned, banks and credit unions are subject to Regulation E and that regulation seems to protect online access to your account. A review of a few online-fraud policies, however, reveals a loophole that limits their guarantees of "100% fund recovery" if you "share" your login credentials or don't "adequately" protect them.

My credit union states in its "Zero Liability Guarantee for Online Fraud" policy, "You should not share your UserID and/or password with anyone. If you share this information with anyone, any actions they perform on your accounts online are considered to be authorized by you."

I found similar statements at bank websites. Wells Fargo's states, "To qualify for the protections provided by the Online Security Guarantee, you must. . . Never disclose your personal account information to others (including your Personal Identification Number (PIN), online username, password, one time passcodes, RSA SecurID® token, or any other security credential you may use to access your accounts)"[4]

Wells Fargo's statement goes on to warn that, "If your device allows access to anyone other than you via fingerprint, that person will also be able to access your Wells Fargo Mobile downloadable applications on the same device when Touch ID® or fingerprint is enabled, and their transactions will be considered authorized."

So, if your phone's fingerprint access feature fails, allowing someone to gain access to your login credentials, Wells Fargo treats that as your authorization for that person to make transactions in your account. And, those fingerprint readers may not be as secure as you think.[5]

You can find your investment company's online-fraud protection policies, well. . . online.[6,7,8] Most of the investment companies I researched do offer full protection against fraud except for fraud committed when you share your login credentials. The problem is that most have a very broad definition of "sharing." Fidelity Investments states, for example,[6]
"What are examples of where I won't be covered?

If you grant authority to, or share your Fidelity account access credentials or information with, any persons or entities, their activity will be considered authorized by you. Losses of cash or securities transferred to outside accounts that are beneficially owned by you are not covered by this guarantee. Also not covered is any activity by an employer/plan administrator, financial intermediary, or third-party who is authorized by you to access your data (or who received your data as a result of that access), or with whom you've shared your username, password, or account number, or from malware or a breach of security that affects the systems of any of those parties."
Fidelity also lists some types of assets that aren't protected:
"What assets may not be covered?

Assets including certain annuities and insurance products, Fidelity Advisor Fund accounts, and Fidelity Advisor 529 accounts are not covered because they are held away from or maintained by someone other than Fidelity."
In a timely email, Charles Schwab just this week sent me the following information:
"We want you to have the highest level of confidence when you do business with Schwab. That's why we offer you this simple guarantee: Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity. Read more about our Security Guarantee at"[7]
That sounds excellent until you click on that link and see the limitations of the guarantee:
"Does the guarantee apply to my account if I use a financial application ("app") or program that retrieves my account data from Schwab for things like financial planning or to help me manage my finances?

Yes, with some conditions. You must not share your Schwab login credentials with anyone or through a non-Schwab app. A firm that retrieves, aggregates, and presents account information to a customer for financial activities is known as an "aggregator." When you authorize an aggregator and instruct Schwab to allow the aggregator access to your account information, the aggregator as well as its employees, agents and financial apps and companies the aggregator does business with who receive your Schwab account information ("aggregator third parties") are considered your authorized persons. The guarantee only applies to unauthorized activity in your account. What an aggregator or an aggregator third party does in connection with your account and your information is authorized, so the guarantee does not apply to their actions."
Sharing login credentials typically invalidates that "100% guarantee" that your loss will be recovered. How broad can a financial service company's definition of "sharing" be?

  • Providing your login credentials to any other person, such as a financial advisor, is generally considered sharing. One company's website suggested that giving your login credentials to your spouse is sharing and recommended that spouses submit paperwork to give one another access to their accounts, instead.
  • Providing login credentials to a third-party aggregator is typically considered sharing. Popular third-party aggregators include, Vanguard's Portfolio Watch, and Fidelity Investments Fullview.
  • As mentioned above, Wells Fargo assumes that you have shared your login credentials with anyone who can fool your smartphone's fingerprint ID feature.
  • Fidelity Investments assumes that someone who learns your login credentials by a security breach or malware is authorized to access your account.
  • TreasuryDirect®'s statement above appears to state that anyone who has your login credentials is authorized to make transactions in your account regardless of how the credentials were obtained.
The message is quite clear: if you want a guarantee against online fraud, don't share your login credentials with anyone or anything and don't let them be stolen. Some recurring themes run through these policies.

  • You have no fraud protection guarantee at any investment company I have researched if you share your login credentials,
  • The company's definition of "sharing" can be quite broad,
  • Investment companies can have vastly different descriptions of what they consider "adequate" protection of your credentials, and
  • Some company's don't protect all types of accounts.

When I began research for this post, I had hoped to be able to provide some general guidelines for all banks, credit unions and investment companies regarding their online fraud protection. Unfortunately, I found that they vary so much that I needed to read every policy for every financial services company that I use to understand my protections and what I am required to do to be eligible for their "100% online guarantees." I changed my passwords at each one, in part so I no longer run afoul of "third-party-aggregator sharing" rules and to be completely honest, in part because the protections weren't as ironclad as I had assumed. I strongly suggest that you do the same.

So, bottom line, fraud protection at investment companies, banks and credit unions is significantly weaker than for credit cards, debit cards, ETFs, and ATMs.

But what about SIPC, you ask? Isn't it the equivalent of FDIC for banks? No, SIPC offers protection of assets at failed brokerage firms. According to their website[9], "SIPC protects against the loss of cash and securities – such as stocks and bonds – held by a customer at a financially-troubled SIPC-member brokerage firm. The limit of SIPC protection is $500,000, which includes a $250,000 limit for cash. Most customers of failed brokerage firms are protected when assets are missing from customer accounts."

Unless it is failing, your investment company backs your brokerage accounts, not SIPC.

Having read this post, extremely risk-averse investors might be tempted to try to find financial services companies with no Internet access. They may be surprised by how difficult that has become. This is the world we live in: we're forced online but not adequately protected from online security problems. Security is largely in our own hands.

Fortunately, there are steps we can take to secure our accounts. Unfortunately, none is perfect.

Here's my advice. Google "online fraud protection company name" for every bank, credit union, investment company or other financial services company you use online. (Links to a few are provided below in REFERENCES.) Search their websites for the following information:
  1. Is there an online fraud guarantee?
  2. Under what conditions are you not covered?
  3. What types of accounts are covered?
  4. What actions does the company require on your part to ensure that your login credentials are "adequately" secured?
Here's a tech hint that will help when they play the fine-print game. Command+ on a Mac or CTRL+ on Windows will usually increase that tiny font as much as you'd like. (I'm looking at you, Fidelity.)

Because this post is already, as my grandfather would say, longer than a horse's face, I have posted  some recommend security measures you should implement with all of your financial accounts, including TreasuryDirect® at How to Secure Your Online Financial Accounts.


[1] For Big Banks, It’s an Endless Fight With Hackers, New York Times.

[2] Regulation E, federalreserve.

[3] Your Liability for Unauthorized Credit and Debit Card Charges,

[4] Wells Fargo online fraud policy.

[5] That Fingerprint Sensor on Your Phone Is Not as Safe as You Think, New York Times.

[6] Fidelity Investments online fraud policy.

[7] Charles Schwab fraud policy.

[8] Vanguard Investments Online Fraud Policy

[9] Securities Investor Protection Corporation (SIPC) website.

Tuesday, July 23, 2019

Navigating the TreasuryDirect® Maze

In a previous post, The Best Inflation Protection You Never Heard Of, I wrote about U.S Series I Savings Bonds. Like Treasury Inflation-Protected Securities (TIPS), I Bond returns compensate for inflation, as measured by the CPI-I Index.

I like Series I Bonds but the TreasuryDirect® website, not so much.

The two types of bonds (I Bonds and TIPS) are otherwise significantly different. I Bonds have some unique features as I previously explained, but they also have significant maximum purchase restrictions that make them cumbersome for wealthy retirees to accumulate.

Those maximum purchase restrictions were one of two issues raised by readers of that post, the other being difficulty in navigating the TreasuryDirect® website to purchase the bonds.

Individuals can purchase up to $10,000 of I Bonds per social security number per (calendar) year, which means a couple can purchase $20,000 annually. A single, retired friend complained that it would take decades to buy enough I Bonds at $10,000 per year to fill his bond portfolio. I suppose I can somewhat sympathize with that "problem" except that I know a lot of people who would love to have it.

I, too, need to own TIPS in addition to the I Bonds I purchase but I don't think of my inability to buy as many I Bonds as I'd like as a reason not to purchase any. Other than the maximum purchase limitation, they have some very attractive features.

TreasuryDirect® e-commerce capabilities could use some work. I just spent two weeks working with a couple of well-educated clients who struggled mightily but were ultimately successful in purchasing I Bonds for both spouses. I will offer some tips that might help you navigate the website (and therein lies the first tip: don't go to or

The first step to purchase I Bonds at TreasuryDirect® will be to open an account for yourself and one for your spouse if you are married. You can submit your application(s) online by clicking here and then click the "Go" button. But, there is some prep work you will need to complete first.

For each account that you will open at TreasuryDirect® you will be required to submit a TreasuryDirect® Account Authorization Form, FS Form 5444, and snail-mail those completed forms to the Treasury Retail Securities Service address on the form. The form requires a bank's signature guarantee or a brokerage's signature guarantee or Medallion Guarantee. Certification by a notary isn't acceptable. Do not fill out the form until you are in the presence of the guarantor.

You will need a source of funds to purchase the bonds, of course, and you have two options. Typically you will want to purchase bonds using an account at a bank that accepts Automated Clearing House debits and credits. (There is a second way using a "Zero-Percent Bond" to make payroll purchases or a recurring bank debit.) You will provide your banking information when you create the TreasuryDirect® account, so have check(s) available to provide the routing and account numbers.

One of the clients I helped was notified that his account application "needed further security checks." About a week later, he was informed that his application had been accepted, though he was unable to find out why additional checks had been necessary.

You may also need to move funds into the bank account before the bond purchase. If you need to sell stocks or funds, for example, to purchase I Bonds, then be aware that it may take a few days for the brokerage sale to clear and another few days to transfer the sale proceeds to the bank account. There are sometimes ways to link bank accounts and brokerage accounts to make this work faster in subsequent years.

As I pointed out in the aforementioned post, you will normally want to purchase I Bonds from a taxable account. If you withdraw retirement account funds, the transaction will be taxable at ordinary income rates and may be subject to penalties. TreasuryDirect® accounts cannot be retirement accounts.

TreasuryDirect® sells several different types of bonds. Once you reach the purchase page, be sure to select "Series I", the second radio button from the bottom of the page.

To summarize the steps:
  1. Collect social security numbers for each of the spouses.
  2. Find a check for each of the bank accounts(s) from which you will make the purchase of I Bonds.
  3. Go to TreasuryDirect® Open Individual Accounts and open an account for each spouse. Set up strong passwords for the accounts, write them down and store them safely (A strong password is very important so please don't ignore.) Save copies of all confirmations for a paper trail.
  4. If you are asked to submit FS Form 5444, download it and take the blank form(s) to your bank or brokerage for signature guarantee(s). Mail the completed form(s) to the address stated on the form. (Update: I edited this after a reader comment below. Though I was unable to find a definitive statement online, it appears that this form is only required if 1) your submission can't be validated online or 2) you are randomly selected to submit it. Regardless, you will be instructed to submit it as part of the application submission process if it is required.)
  5. If you will use funds from a brokerage account instead of a bank, sell the appropriate amount of assets. Use funds from a taxable account — TreasuryDirect® accounts cannot be registered as retirement accounts.
  6. When the brokerage trade is completed and funds are available, transfer those funds to the bank account(s) that you registered during the TreasuryDirect® account creation process in step 4.
  7. When the bank deposits are available, log onto your TreasuryDirect® account(s), click the red "BuyDirect" tab, select "Series I Bonds" from the options, and enter your purchase. Your registered bank account number from which funds will be drawn will be in a drop-down box.
When you return to purchase more I Bonds next calendar year, you will be able to skip steps 1, 2, and 3.  TreasuryDirect® e-commerce software and paperwork requirements are a bit of a maze but the steps are necessary to protect your account. These instructions should help and you can console yourself with the thought that next year's purchases should be a lot easier.

Wednesday, July 10, 2019

My Preferred Planning Software is MaxiFi

I've been working on a research paper with UNC econometrician, Neville Francis for the past year and that has given me the opportunity to look at several free online retirement planners. Overall, I have to say that most were disappointing.

I have also worked for several years with another online retirement planning tool that is not free but is quite affordable, economist Laurence Kotlikoff's MaxiFi.[1] I recently asked Dr. Kotlikoff some questions about his product.

Dr. Kotlikoff, you say that MaxiFi is based on "consumption smoothing", the "proposition that households want to have a stable standard of living through time as well as across good times and bad times." What does that mean to a retiree or to someone saving for retirement?
Consumption smoothing is at the heart of economics-based financial planning. It's firmly anchored in human physiology. None of us wants to splurge today and starve tomorrow. Nor do we seek the opposite. Whether retired or still working, rich or poor, we're after the same thing — a highly stable living standard. Leaving aside issues of investment risk, the core financial planning question is how much to save each year to achieve a smooth consumption ride. MaxiFi calculates this directly based on your lifetime resources net of future taxes and gross of future Social Security benefits. In so doing, MaxiFi eliminates the guesswork in planning your retirement finances. It also helps you find investment strategies that limit your investment risk. In contrast, conventional financial planning asks you to set a goal for annual retirement spending. My goal is $1 billion.
A retirement planner recently commented to me that retirees don't all want "smooth consumption"; some want to spend more early in retirement. But spending more at some ages than others isn't inconsistent with "smooth" consumption, is it?  
MaxiFi has a Standard of Living Index that lets you tell the program you'd like to have a higher living standard earlier in life and a lower one later on. The tool will recommend discretionary spending that follows your desired living standard path as closely as possible subject to not putting you in debt. You can also specify special expenditures, like a major trip when you reach 70. MaxiFi will budget for this and have you pay for it by spending less ever year before and after the trip.
Most retirement planning tools measure success with "probability of ruin", or the percentage of simulated future scenarios in which a retiree can expect to not outlive their savings. Please explain why you prefer consumption smoothing.
Conventional planning is built on three mistakes. First, it asks people their retirement spending targets. Mine is $1 billion a week. So right away I've made a mistake. But even if I guess a "reasonable" number, I'm going to be miles off the level that MaxiFi will calculate. Second, conventional planning assumes you'll keep saving what you are now saving. That's mistake number 2. What you are now saving is surely wrong. The third mistake is assuming you'll spend your targeted amount year after year in retirement whether your assets go through the roof or fall through the floor.

Conventional planning's "probability of ruin" Monte Carlo simulations calculate the chance you'll run out of money if you make all three mistakes, i.e., if you a) save the wrong amount each year before retirement, b) spend the wrong amount year after year after retirement, and c) never adjust your annual spending once you retire. I can't fathom why anyone would wish to know the probability of financial survival in the context of making three major financial mistakes. Financial planning is supposed to help us make the right financial decisions, not tell us something we don't want to know about something we shouldn't be doing.
I can find lots of free "single-purpose" planning tools on the internet, tax planners, sustainable withdrawal rate calculators, life expectancy calculators, Social Security optimizers, RMD calculators, asset allocators, etc. Is there an advantage to incorporating them into a single program like MaxiFi?
All our financial decisions are interconnected. Take life insurance. You can't decide how much to buy until you know the living standard you need to insure. But your sustainable living standard (if no one dies) depends on the amount of insurance premiums you'll be paying. So, your living standard and life insurance needs must be jointly calculated. MaxiFi does this. It jointly handles all the factors you mention and more. The advantage of MaxiFi's integrated financial planning is that all its suggestions and calculations, including federal and state taxes, are absolutely internally consistent. If you use piecemeal calculators you'll get a set of suggestions that don't add up.
MaxiFi asks for only a few of my expenses as input. Why is that?
MaxiFi asks you to specify your "off the top" expenses on housing and other must-spend items, like alimony payments, out-of-pocket medical expenses, or college tuition. These expenditures are like negative income. Your other resources less a) these off-the-top expenses and b) your lifetime taxes determine your lifetime budget — what you can spend on a discretionary basis over the rest of your life. MaxiFi then smooths this spending. If we were to ask you to specify everything you were going to spend each year, year in and year out, you'd give us amounts that were either a) unaffordable or b) left some of your lifetime budget on the table.
Is MaxiFi a "Monte Carlo" simulator?
MaxiFi does Monte Carlo simulations on your living standard. It calculates 500 living standard trajectories you might experience based on how you are investing. It then compares these 500 trajectories with 500 based on investing more safely and 500 based on investing at greater risk. These trajectories take into account that you'll adjust your spending annually in light of how well your investments fare, always with the goal of having a stable living standard. Best yet, MaxiFi combines all of the 500 trajectories in a single index of your average lifetime happiness — what economists call your Expected Lifetime Utility. This index, which takes into account your tolerance for risk, lets you compare in terms of three numbers (one for each of the three sets of 500 trajectories) how your current investment strategy stacks up against investing at less or more risk. Lifetime expected utility maximization is the gold standard of economics-based portfolio guidance.
Can MaxiFi tell me if I should purchase life insurance or an annuity?
Absolutely. It calculates how much term life insurance you need to hold each year to ensure survivors have the same living standard to the dollar had you not died. It also shows you how much higher or lower your living standard will be if you purchase an annuity.
Can I perform what-if analyses with MaxiFi? What kinds of things can I test?
You can set up as many alternative profiles as you'd like and compare them against your base case in terms of their lifetime discretionary spending. For example, you can easily learn how much more you'll get to spend if you downsize or if you go back to work or if you switch jobs or if you annuitize your retirement accounts or if you wait to take your Social Security benefits.

But MaxiFi also does its own what-ifs for you. Once you run your base plan, MaxiFi asks you to MaxiFi It. When you run this report, MaxiFi looks for safe ways to raise your living standard by maximizing your lifetime Social Security benefits and finding the retirement account withdrawal strategy that will reduce your lifetime taxes.
Where can I learn more about how MaxiFi works?
Go to Check out the videos, the case studies, and other descriptions posted there. And then try it! I promise, you'll get hooked on its ability to safely raise your living standard and finally take the guess work out of financial planning.
(Note: If you prefer video instruction, I have added two links below to recent MaxiFi Webinars.)[2,3]

Those are some of the reasons Dr. Kotlikoff believes MaxiFi's economics-based approach is best. Now, here's why I like it.

At $99 per year with $70 renewals, it's quite affordable for the do-it-yourselfer.

Dr. Kotlikoff and his team have steadily improved and refined the product, beginning with E$Planner, for over 25 years. That leaves the others with a lot of catching up to do with both the economics and the technology.

As a computer scientist, I know from experience that Dr. Kotlikoff has a top-notch technical staff and their help desk has always been available when I needed it with real people who know their product.

MaxiFi completely avoids the limitations of probability-of-ruin estimation. Instead, it incorporates consumption smoothing and maximizies the utility of achievable spending.

Many retirement planning tools address only the decumulation phase, when we retire and begin spending down our wealth. MaxiFi is a life-cycle planner and is useful at any stage.

Lastly, as Dr. Kotlikoff mentions, MaxFi integrates many calculations into a single model. Most free online simulators handle only a part of the problem, like maximizing Social Security benefits or modeling investment returns. Retirement planning isn't a problem that can be solved by solving many individual sub-problems independently.

If you're interested in financial planning software, give MaxiFi a try. You can use it to build a retirement plan or to create a "second opinion" of one you already have. It's also a good tool for your annual retirement plan checkup.

I rarely promote products at my blog but I know that many of my readers are do-it-yourselfers and many have expressed interest in software tools. I have a lot of confidence in MaxiFi. A multi-client version called MaxiFi Pro is available for advisors.

There are a number of new entrants into the online retirement planning field and I'll keep looking for free or affordable, unbiased, comprehensive planning tools. If you are especially fond of another tool that shares these attributes, please add a comment below.

To be clear, I don't believe that software can effectively replace a good human retirement planner given the current state of the technology, though the latter will no doubt cost more. I think you'd be way better off using a good human planner who uses good planning software. But for now, at least, I prefer MaxiFi for the do-it-yourselfer.


Economist, Zvi Bodie now links to his "trusted sources" at I find the entire website very useful and particularly the videos. provides a wealth of retirement planning software. I encourage you to take a look. Full disclosure, I act as an advisor to NewRetirement.


[1] MaxiFi web-based planner, website.

[2] MaxiFi Webinar, June 26, 2019, VIDEO.

[3] MaxiFi Webinar, June 13, 2019,VIDEO.

Wednesday, July 3, 2019

The Best Inflation Protection You Never Heard Of

In a recent post, I discussed inflation's potential impact on your retirement income (see Remember Inflation?) and I warned against letting three decades of low inflation lull us to sleep.

Inflation rates are low right now, about 1.9% per year according to the U.S. Department of Labor. Even at that rate, a 2019 dollar in 2049 would purchase only $0.56 worth of goods and services in constant dollars of 2019 by the end of a 30-year retirement. Assuming the long-term average inflation rate of 3.15%, that dollar in 2049 would be worth only $0.38 in 2019 dollars.

Of course, there isn't a strong argument that inflation rates won't be significantly worse than average sometime in the next thirty years as they have been in four of the past eleven decades. The reality is that no can predict future inflation, mean or worst-case, with any certainty.

It is nearly certain that we will see some level of inflation over several years of retirement and even low levels will erode the purchasing power of nominal annuities and pensions. The only real question is how much.

Economist, Zvi Bodie and I recently published a paper[1] recommending that retirees consider purchasing CPI-adjusted annuities and CPI-adjusted bonds (TIPS)[2] instead of their nominal alternatives.

Retirees with pensions rarely enjoy inflation protection and when they do it is limited. I have several friends and family members covered by the Kentucky Teachers' Retirement System, for example. According to their website, their pensions currently offer a 1.5% cost of living adjustment which is much better than nothing but won't adequately compensate for historical average inflation or even today's low rate.

Annuities, whether CPI-adjusted or nominal, aren't the best solution for every household but there are other inflation-protecting alternatives to consider. TIPS are another choice for consideration but for this post I'll suggest U.S. Treasury Series I Savings bonds, or I Bonds.[3]

I Bonds are meant to be used as inflation protection for individual households and can only be purchased online at®.[4] The interest rate they pay consists of a fixed rate, currently 0.5% plus a variable inflation rate, currently 1.4% per year, that is recalculated twice a year. The fixed rate has been as high as 3.4% in 1998. These components constitute a "composite rate" that is currently 1.9% per year. Before you lose interest in a 1.9% return, consider several additional features of I Bonds that distinguish them from CDs or money market funds that don't compensate for inflation.

The best inflation protection you never heard of.
[Tweet this]

CD's typically can be purchased with terms up to five years. I Bonds pay interest for 30 years.

The early withdrawal penalty for a CD depends on its term. A 5-year CD, if redeemed before the end of its term, will typically incur a penalty of about nine months of interest and a 1-year CD typically three months. I Bonds can't be redeemed for one year after purchase but there is no penalty for redemption after five years and only a 3-month penalty for redemptions between one and five years.

If I Bond interest rates decline, you have locked in your rate for up to 30 years. If rates increase, you can sell your old bonds and buy new ones, subject to annual purchase limits described below.

According to Dr. Bodie, "...another advantage of I Bonds is that [should interest rates rise,] investors could then cash out their existing I Bonds (and keep principal plus accrued interest) and buy new ones at the higher rate of interest. In other words, whether interest rates go up or down, the investor is protected. (But note that if you buy new I Bonds you would be subject to the $10,000 limit.) If you have the money, you would have to be nuts not to invest in I Bonds up to the limit."

I Bonds can never yield less than zero, so in the worst case your investment will maintain its purchasing power. In the event of deflation, I Bonds would increase in value.

From a tax perspective, according to®.[4], I Bonds are somewhat similar to a non-deductible IRA in that tax on interest can be deferred. You don't have to pay taxes on earnings until the bonds are redeemed, though you can choose to pay annually if that benefits you. I Bonds are subject to federal income taxes but not state or local income taxes. CD and money market fund interest can be subject to all three if held in a taxable account and interest is taxed as it accrues annually.

I Bonds do have some drawbacks. A household can purchase a maximum of $10,000 per Social Security number per year. Still, that's $20,000 per year for a couple. Additional purchases can be made up to $5,000 per Social Security number per year if the purchase is made from a federal tax refund.

Some advisors suggest that the maximum annual purchase limitations mean I Bonds will be less interesting to households with a lot of savings. Perhaps, but I find them too good a deal to pass up even if I'd like to buy more (and I would).

I Bonds can't be purchased in a retirement account. Certain entities in addition to individuals, however, are permitted to open®.[4] accounts including a personal trust, such as a revocable or "living trust."[5]

The real interest rate on I Bonds will be relatively low because they are extremely safe, backed by the U.S. Treasury and protected from inflation.

With the very low early-withdrawal penalties, I Bonds can be an excellent solution for investing an emergency fund or for any other future liability beyond one year and for protecting that investment against inflation. They are accessible by retirees with limited resources in denominations as low as $25. Even households with large retirement savings may want to max out I Bond purchases before buying TIPS.[6]

It's a struggle to find retirement strategies for under-saved households but I Bonds provide one. Households that are able to save some of their early-retirement income from pensions and Social Security benefits could use those savings to purchase I-bonds that would then provide inflation-protected consumption later in retirement.

To find out more about Series I Savings Bonds and how to purchase them, go to®.[4]. Creating an online account at®.[4] is currently the only way you can purchase them. If you prefer video explanations, please see the links below.

TIPS: (the old-fashioned kind)®.[4] is an excellent informational website but it could be a better e-commerce site. Don't enter "" into your browser (it's ""). Likewise, don't enter "", that's a different website. To purchase I bonds, go to the homepage "" and click on the green "Open an Account" link toward the upper right.

For more help creating an account and funding it, see Navigating the®.[4] Maze.


[1] Hedging Against Inflation with Real Annuities, Zvi Bodie and Dirk Cotton.

[2] TIPS in Depth,

[3] Series I Savings Bonds,

[4] America’s Best Kept Financial Secret: I Bonds, Zvi Bodie on PBS.

[5] How To Transfer I Bonds to an Entity Account,

[6] Comparing I Bonds to TIPS,

[7] How to Buy Digital Savings Bonds Online, VIDEO.

[8] How to Buy Digital Savings Bonds as Gifts, VIDEO.

[9] How to Protect Your Nest Egg from Inflation, Zvi Bodie, VIDEO.

[10] Guided Tour for Opening an Individual Treasury Direct account,

Friday, June 28, 2019

The Real Cost of Nominal Annuities

There are a number of ways that a retiree could speculate on the direction of future inflation but I doubt that many would want to. I imagine that most retirees would prefer to "inflation-proof" their retirement plan to the extent possible, instead. It’s possible to speculate on inflation, however, without even being aware that you are.

My last post, Remember Inflation?, was intended as preparation for this one and I recommend you read it first unless you feel you have a good understanding of the topic.

I recently co-authored a paper entitled, “Hedging Against Inflation Risk with Real Annuities” with economist, Zvi Bodie. Dr. Bodie has made key contributions to Life-Cycle economics and pension planning. If you’re studying retirement finance and are unfamiliar with his work, then you need to remedy that. I’ll provide links in the references below to get you started but the obvious places would be his website[1] and two of his books, “Risk Less and Prosper”[2] and “Worry-Free Investing.”[3]

Here's the crucial point of the paper in a nutshell. We obtained annuity quotes recently for a nominal (no inflation protection) income annuity, a nominal income annuity with a 3% annual cost-of-living adjustments, and a "real" annuity with no caps that is adjusted annually for inflation based on the Consumer Price Index for All Urban Consumers (CPI-U).[4]

Table 1.

I can purchase a nominal annuity that pays out $6,440 a year but because I can't predict future inflation, I have no idea how much purchasing power it will have in the future. Its future purchasing power might be a lot more or a lot less than $4,550 will purchase today in 2019 (see the first row of Table 1).

The rightmost two columns of Table 1 show the purchasing power in today's dollars twenty years from now if future inflation should mimic the high inflation of the 1970s and 1980s (column 5) and the same if future inflation looks like the low-inflation 1950s and 1960s (column 6). Both real payouts, $,1723 and $4,109, would have been significantly lower after twenty years than the initial $6,440 payment of the nominal annuity.

I can purchase a nominal "graduated-payment" income annuity that pays out $4,670 for the first year with a payout that increases 3% each year thereafter regardless of the rate of future inflation. Like the level-payment nominal annuity in row one, I have no idea how much purchasing power it will have in the future.

I can purchase a CPI-adjusted annuity today that pays out $4,550 a year for as long as I live (row three). If I live for 30 years or more, it will still provide $4,550 of purchasing power in 2019 dollars. This is the only annuity I can purchase from among these three for which I can predict future purchasing power.

Which annuity will provide more lifetime purchasing power, the nominal annuity that pays $6,440 per year or the real annuity that pays $4,550?

That's a trick question. The correct answer is that we can't know until the end of retirement. Nominal and real dollars are apples and oranges so we can't compare them directly. We need to convert the nominal dollars to real dollars — their future purchasing power — to compare the two. That's easier said than done because it requires that we make a guess about unpredictable future inflation rates.

If future inflation is benign, as it was from 1950-1970, then both the nominal level-payment annuity and the nominal annuity with a 3% COLA seen in Chart 4 would end up purchasing more at today's annuity prices than the CPI-adjusted annuity.

On the other hand, if future inflation is historically high, as shown in Chart 3 of the 1970s and 1980s, then the CPI-adjusted annuity would end up purchasing more than either of the two nominal annuities.

Charts 3 and 4 represent historically high and low inflation rates for 20-year periods since 1913 so other periods would have shown results of inflation ranging between those two.

The question this raises is whether that potentially large difference in a nominal annuity or bond's future purchasing power is a risk you want to take. Do you prefer a lifetime of $4,550 of near-certain 2019 purchasing power or would you be happier with a lifetime of 2019 purchasing power that ends up somewhere, unpredictably, between $2,257 and $5,381 after 20 years for the COLA annuity or between $1,723 and $4,109 for the nominal level-payment annuity?

Do you purchase an annuity to provide guaranteed purchasing power for life, or to provide a fixed number of dollar bills whose future purchasing power is unknowable? Is this something you want to speculate on?

The CPI-adjusted annuity has no inflation risk. It is a true inflation hedge. Purchasing a nominal annuity (or a nominal bond) is a bet on future inflation that you probably don't want to make.

Where does the graduated-payment (COLA) annuity fit in? The annual increases are chosen when you purchase the annuity. Adjustments are not linked to inflation but increasing income would offset some inflation, though it would provide a lower initial payment.

Joe Tomlinson did an analysis for the Journal of Retirement Income and concluded that "An inflation-indexed SPIA would be ideal. A COLA-SPIA may be the next best alternative.'[6]

In a separate analysis, Tomlinson found that at today's annuity prices, inflation needs to average 3.57% for the real annuity to outperform the level-payment nominal annuity. Inflation averaged 7.3% in the 1970s, 5.8% in the 1980s, 4.9% in the 1940s, and nearly 10% in the 1910s. All are significantly higher than the long-term average rate of inflation of 3.15%.

I have two concerns regarding inflation. First, even today's low inflation rate of around 2% will roughly halve a retiree's purchasing power over a 30-year retirement. Every retirement plan should consider inflation risk but after three decades of low inflation, it may not get the attention it deserves.

My second concern, also expressed by Tomlinson at Advisor Perspectives, is not the risk that inflation runs a little more than average but that it substantially exceeds average inflation for a prolonged period, as it has done in four of the last eleven decades (see Chart 1), and decimates the purchasing power of a nominal pension or a nominal annuity with or without a COLA. This is a potentially catastrophic outcome that isn't adequately addressed by nominal annuities even with a COLA. As I have often said, I believe retirement plans should take unacceptable outcomes off the table.

If you don't want to buy a CPI-adjusted annuity, have already purchased a nominal annuity, or have a pension without inflation protection, it's important to understand your inflation risk exposure and to try to mitigate it in other ways. You can do this by stress-testing your retirement plan to make sure you would retain minimum-acceptable income even in a period like the 1970s and 1980s. If you would not, you then need to look for other ways to mitigate inflation risk.

You can stress test this easily with planning software like Maxifi Planner[7] or ask your planner to run a high-inflation scenario for you.

The risk of purchasing a nominal annuity or owning a nominal pension has to be considered within the context of the rest of your retirement plan. For example, if a severe loss of the purchasing power of the pension or annuity would not compromise your standard of living because they represent a small portion of your income-producing assets, then they pose less risk to your plan. A nominal annuity or pension that is a major source of your plan's income would obviously be riskier. Purchasing a nominal annuity can be a rational choice in some scenarios and the best way to see that is to run the stress test.

Social Security benefits have historically been adjusted for inflation but most pensions are not. If you have a nominal pension or annuity then its purchasing power will almost certainly decline significantly over a long retirement.

The key takeaways are these. Express your retirement plan in real dollars or insist that your planner do so. Understand your retirement plan's exposure to inflation risk. Consider the possibility and ramifications of not enjoying three more decades of low inflation. Decide if you're willing to speculate on future inflation rates.

So, which annuity has the largest payout, the nominal or the CPI-adjusted? Unfortunately, only time will tell. The only meaningful comparison is based on purchasing power, not first-year payments. You can only be sure about the real annuity's purchasing power.

Unless you're a gambler, why bet on low future inflation? You can completely hedge inflation risk with a no-cap, CPI-U-adjusted annuity. The same logic applies to TIPS and I Bonds instead of nominal bonds.

I'll describe U.S. Series I Savings Bonds in my next post.


[1], Dr. Bodie's website.

[2] Worry-Free Investing at Amazon, by Zvi Bodie.

[3] Risk Less and Prosper at Amazon, by Zvi Bodie.

[4] We obtained recent quotes for income annuities for an unmarried 65-year old male. The nominal annuity quotes were provided by New York Life and the CPI-adjusted annuity quote was obtained from The Principal. The Principal is currently the only U.S. provider of CPI-adjusted annuities. (We found one additional provider that only sells to its group members.) The Principal sells a "real" annuity through the purchase of a CPI rider for a single payment income annuity (SPIA). Quotes for these annuities are available through and

[6] Making the Case for a COLA-SPIA, Kerry Prechter, The Retirement Income Journal.

[7] Maxifi Planner  online planning tool.

Wednesday, May 29, 2019

Remember Inflation?

I've noticed lately that our country is highly polarized.

No, I'm not referring to social media or cable news. I'm thinking about the great divide between Baby Boomers and every other younger cohort on the topic of inflation risk.

Baby Boomers worry about inflation.

Many of us graduated college into the jaws of 1970s "stagflation" (a terrible-sounding word describing a stagnant economy with high inflation) and watched our grandparents' pensions, paid in nominal dollars, slowly disappear over two decades as they aged. It was common to hear them say, "We're living on a fixed income" but they were not — they were living on a disappearing income in terms of purchasing power.

Fast forward to 2019 and a GenX'er recently suggested that we "old-timers" have too much fear of the "big bad inflation wolf."

I have no idea whether inflation rates the likes of which we experienced in the 1970s and 1980s will reappear anytime soon. Long-term inflation is unpredictable. I hope the GenX'er is right but I'm not willing to bet my retirement that he is. High inflation can be catastrophic and when we plan for retirement we should take catastrophic outcomes off the table when we can.

Inflation peaked at over 13% in 1980. I had a 14% mortgage.  Inflation rates were even higher in earlier decades. But annual inflation is a snapshot. Prolonged inflation is the real monster.

I stumbled across the following chart recently at[1]. It shows historical annualized inflation rates by decade. Inflation for the decades of the 1970s and 1980s averaged 7.25% and 5.8% per year, respectively. Again, much lower than the annual peak in 1980 but destructive in its persistence.

We can now update inflation from 2010-2019 to 1.78%.

Notice that periods of high inflation come and go with no regularity. Also, notice that the high inflation of the 1970s and 1980s was immediately preceded by very low inflation in the 1950s and 1960s. No one saw it coming.

We sometimes speak of high inflation rates as "tail risk" but four of the previous eleven decades experienced average annualized inflation significantly higher than the long-term average of 3%. We haven't seen high inflation since the 1980s so we're probably experiencing recency bias.

There are a number of ways a household can mitigate inflation risk. I will write about one, CPI-adjusted annuities, soon. In the meanwhile, you can read a paper that economist, Zvi Bodie and I recently co-authored on that topic[2].

Buying TIPS bonds instead of nominal bonds is a near-perfect inflation hedge that transfers inflation risk to the U.S. Treasury. Your home equity might keep up with inflation. Social Security benefits are inflation-adjusted.

Although stocks are commonly referred to as an inflation hedge, they are not truly a hedge because real equity returns are not correlated with inflation. Stocks typically perform poorly in times of high inflation. Rather than "protect" against inflation they more or less "eventually outrun it", which is fine if both you and your portfolio survive long enough.

Economist, William Sharpe was recently quoted on this great divide. "I realize that it is hard to make the point that inflation can get out of control with the generations that grew up after the early 1980s, but perhaps we can point to other countries in more recent times, then ask them whether they think we are virtually guaranteed to have low and relatively steady rates of increases in prices for the rest of their lives.”

It's a good question to ask yourself or your advisor.

Don't forget inflation.

In my next post, The Real Cost of Nominal Annuities, I'll share some thoughts on hedging inflation with CPI-adjusted annuities.



[2] Hedging Inflation Risk with Real Annuities, Zvi Bodie and Dirk Cotton.

Friday, May 10, 2019

Going it Alone with Retirement Planning Software

I love models. I build and research models almost every day and have for almost two decades. For the past year, I have explored online retirement models while co-authoring a paper with an econometrician. Modeling is pretty much all econometricians do.

I don't like bad models, or models used for the wrong reason, or models used by people who don't understand them, especially when people who don't understand them try to explain them to other people who don't understand them.

It also concerns me that many people attribute mystical powers to computers. A computer model is no better than the human that programs it. It's just a whole lot faster and doesn't get complacent or bored.

So, I certainly don't like all models.

If you're going to use computer models to help plan your retirement, there are many things to consider.

First, economic models can be very useful to study your retirement prospects and figure out the best bets but they in no way predict your future. As the saying goes, all models are wrong but some are useful.

A Monte Carlo model, for example, can test thousands of possible future scenarios for your household but your retirement is a one-time event. There is no way to know which one of a multitude of simulated scenarios might be similar to the future you will experience or if any of them will. The tendency is to guess that your retirement will be like the median model outcome but that means you will be overly optimistic half the time.

The output that models create is only as realistic as the assumptions we feed them. Unfortunately, we can't estimate with any precision what future market returns will be, how long we will live or even how much we will need to spend over the coming decades. These are some of the key assumptions that drive models and we are, for the most part, guessing at what they might be.

In computer science there is an old saying, garbage in, garbage out. What we mean is that the output of a program is only as good as the input. Make a wild guess at the input and the output will be a wild guess. Unfortunately, many of our guesses, or "assumptions", are by necessity fairly wild.

A reader recently commented that "retirement planning is an unsolvable problem with unlimited variables." You could say that about chess, too, but some players clearly solve it better than others.

Retirement finance is unsolvable if your definition of "solvable" is finding a single, optimal solution in advance for your individual household. But, there are lots of "games" in economics that are probabilistic — retirement planning can be considered a "stochastic game against nature" in game theory parlance — for which we can determine the best strategies even though we can't be guaranteed to win.

We should never expect a model to provide a single, optimal solution to the retirement planning "game", nor should we expect that from a human advisor. The optimal solution can only be identified with certainty after retirement is over and that isn't very helpful for planning purposes.

Our goal, like that of the chess player, should be to find and implement strategies that produce the outcomes we want and avoid the ones we fear more often than alternative strategies do.

Many so-called retirement models concentrate almost solely on investment results. Those are investment models, not retirement models. A comprehensive retirement plan will consider many factors including Social Security maximization, annuitization, life insurance, estate planning, taxes, and others.

It is possible to use multiple models (perhaps an investment model, a Social Security model, and a tax program) to solve these problems individually but a comprehensive plan needs to also consider the interplay of these factors. (See a sample list of free limited-purpose models below.) Change any of these factors and other factors will be impacted. We would pay a big price in the planning process if we didn't consider that. A comprehensive retirement planning model is a much better tool.

A major benefit of Monte Carlo models is that we can test changes to many factors and see how they interact in one model run.

Assume, for example, that we are planning retirement with a spreadsheet model, such as the Bogleheads spreadsheet below, that considers many retirement-funding options. Let's say that I want to run the spreadsheet to consider all possible combinations of market returns ranging from 4% to 10% in 1% increments, asset allocations from 0% to 100% equities in 10% increments, and annuitization from 0% to 50% in 10% increments. Considering just those three factors, I would need 462 runs to capture the combined effects with a spreadsheet model or I could capture them and many more with one run of a Monte Carlo model. There are actually several other factors I should include and note that the spreadsheet is not modeling sequence risk.

It is unlikely that a retirement toolkit provided by an investment firm will give annuities, life insurance or reverse mortgages consideration equal to equities and vice versa. Better to find a model with no agenda.

It's also important to know who built the model and their qualifications. I have a lot of confidence in the Bogleheads and more in Laurence Kotlikoff, who created MaxiFi. Wealthfront identifies the developer of their retirement model. But, unless you know the qualifications of the model builder, I'd steer clear. Anyone can build a model and post it on the Internet.

Building a retirement model requires an understanding of finance, modeling skills, expertise in the computer language used (even if it is only Excel), and a sound understanding of statistics and probabilities. If you don't have all four, then building your own model is a very bad idea.

Retirement planning software can answer a lot of questions but you have to know what to ask.
[Tweet this]

Models can answer a lot of questions but you have to know what to ask. A model is unlikely to suggest that Roth conversions might be profitable, for example, or that you should consider a combination of annuities, whole life insurance, and equities, as Wade Pfau and Michael Finke have suggested.[1] A good human retirement planner knows what to ask.

I am wary of models that use probability of ruin as their metric of success.[2] Probability of ruin measures the probability of portfolio failures but does not measure the magnitude of losses. For example, it will count a strategy that funds 29 out of 30 years an unequivocal failure. It will count a retirement strategy that successfully funds 30 years as a success but no more successful than one that funds 50 years.

As Zvi Bodie points out, probability of ruin doesn't consider utility. Presumably, retirees will be less satisfied coming up $100 short of paying the bills than they will be satisfied with a $100 surplus. Paying the bills is a necessity; having a little extra is a nicety.

Probability of ruin is a particularly bad metric for Monte Carlo models because, among other reasons, results can change significantly by changing nothing but the random number draw. If you use such a model, try running it several times with the same input and see if you get nearly identical results each time. If the results change a lot for each run and never converge then the model is problematic. If the results are precisely the same for each run with the same input it may be because the model always uses the same set of random numbers for every run to speed up computation, so we still can't say for sure that the model is properly constructed.

If you are going to plan with a "retirement toolkit", I recommend the following:

  • Be aware that today's retirement models are not a replacement for a human advisor. If you plan your own retirement with these models then you and not the model will be replacing the advisor.
  • Understand that no model can predict your future, certainly not for 30 years. You will need to recalculate periodically.
  • Know the credentials of the model builder.
  • Use models to explore the possible outcomes and better understand the economic forces at play. When you see bad outcomes, try to come up with a way to mitigate them.
  • Be aware that a model is only as good as the input we provide and the assumptions we make and that we can't make very precise assumptions. That means we won't get very precise results.
  • Understand that a model is not a retirement plan. It is one tool to help build a plan.
  • Find a model from a provider that won't profit from the sale of retirement-funding products.
  • Find a comprehensive retirement model that tests several key factors — spending rules, taxes, Social Security claiming, pensions, annuities, life insurance, asset allocation, etc. — and their interactions instead of trying to combine the results of single-purpose models.
I think the best and most comprehensive retirement planning software with a reasonable price tag for consumers at present is Laurence Kotlikoff's It's not free but it is affordable. It can be tricky to use and, again, the more you know about retirement finance, the better the results you can expect. MaxiFi provides all the capabilities that I mentioned above and more and it completely avoids probability-of-ruin issues by maximizing lifetime consumption, instead.

What should you do with this information?

Use all "toolkits" with caution. I have a toolkit in my garage that contains all the tools needed to perform most household plumbing chores but for some reason, my wife still insists that I call a professional plumber.

Given that finding a great retirement planner can be challenging and expensive and that many of this blog's readers tend to do their own planning, it's easy to see the allure of finding a great software package and doing it yourself. Today's software, however, is much closer to a toolkit than to a "robo-advisor." Those who choose this path should avoid being overconfident in the results and should build plenty of safety margin into their plan.

Sample List of Free Limited-Purpose Retirement Planning Tools

  • Estimate a budgetary amount to spend from savings for the current year: Ken Steiner's How Much Can I spend in Retirement SpreadsheetNote: Ken Steiner mentioned to me that my original wording here, "safe amount to spend" should instead say "budgetary amount to spend", as we agree there is no way to predict a "safe" spending amount. Ken's goal is to provide a budgetary spending estimate based on sound actuarial principles.


[1]Improving Retirement Outcomes with Investments, Life Insurance, and Income Annuities, Wade Pfau and Michael Finke.

[2] Toward Determining the Optimal Investment Strategy for Retirement, Javier Estrada.