Fun fact about the Medallion Signature Guarantee: It's not a seal or embossment, like it often is for a notarization. Instead, it's a stamp (like what you see on [0]). It's a big stamp, but it's just a stamp.
That's OK, though, because the person making the stamp is keeping a lot of records, so they'll know what they stamped.
When I first got my Treasury Direct[1] account, I couldn't verify my identity using their online process, and so I had to mail in FS Form 5444[1]. My local credit union had "Medallion Service" as one of the reasons for booking an appointment (separate from "Notary"), and they were able to take care of it. As mentioned in the article, the person at the credit union asked me for a monetary value. As it was a new Treasury Direct account, I said "$10,000" (the maximum amount of Series I bonds you can get per calendar year).
And as implied in the article, my credit union had no problems issuing this, even though they were not involved in Treasury Direct in any way.
It's interesting, all the 'little' 'home-grown' ways of identity guarantee that pop up when needed.
I'm not in the US, but can fully appreciate the practice.
If I were to request to move funds in 6-to-7 figures range across institutions, I absolutely would want the receiving outfit require that I visit my current outfit in person first to authorise such a transfer. Making sure that such visits are smooth and efficient is good service.
On a related note, when I got my mortgage in the UK, the issuing bank/lender-arm required me and my wife each to get a Proof Of Being Alive. (I'm not a UK native.) Turns out embassies issue these quite routinely, for a modest fee, and a visit that lasts at most 15 minutes. At the time I found that requirement both confusing and irritating, but in the context of the article, it makes sense. The lender was about to issue a sufficiently large loan to a person with very limited[ß] UK transaction history.
On the upside, more recently that same bank/lender prodded and arranged me to get an early, admittedly pretty good fixed deal on my remortgage - two months before the central banks started to hike their rates. Without that early intervention my current rate would be at least three percentage points higher.
ß: from the viewpoint of a financial institution, who likely measures customer relationship ages in decades.
> I absolutely would want the receiving outfit require that I visit my current outfit in person first to authorise such a transfer.
So, about that… The Medallion Signature Guarantee is often obtained from an entity not involved in the transfer. From [0] on my post:
> We do not provide medallion signature guarantees for assets you're transferring out of a Bank of America or Merrill account (guarantees are typically provided by a third party not involved in the transfer or by the firm receiving the assets).
In a way, that's a good thing: By the time you've initiated this transfer, the receiving entity should have done their KYC. And the losing entity probably would not want to take the cost of the liability. Having a third party—one who has had you as a customer for some time—is a good layer of security.
It’s also not unreasonable to expect that an entity you want to take assets out of will, to the first order of approximatiom, be incentivized to make any process involved in that as protracted and difficult to navigate as possible. (This is also, I expect, why the asset transfer process described in TFA is initiated from the receiving side, why mobile number portability is requested via your new mobile network, etc.) So if the recipient doesn’t want to take on the verification burden because they just met you, falling back to a third party rather than the sender makes sense.
> Fun fact about the Medallion Signature Guarantee: It's not a seal or embossment, like it often is for a notarization. Instead, it's a stamp (like what you see on [0]). It's a big stamp, but it's just a stamp.
As far as I'm aware, a "seal" and a "stamp" are the same thing. In particular, a seal is just a device that impresses ink onto paper. How is that supposed to be different from a stamp?
(Depending on the documentary technology of the culture, a seal may also be used to make a physical impression in a soft substance, but obviously that is still no different from a "stamp".)
Seals can also be used to bind multiple documents together, or to permanently keep a single document intact.
I worked for a bit with a non-profit which was involved in international adoptions. Seeing documents under apostille with elaborate seals wasn't uncommon. eg, a multi-page document attached to a government certificate of authenticity, bound together by a ribbon passed through a drilled hole, with the hole filled with wax.
"We do not provide medallion signature guarantees for assets you're transferring out of a Bank of America or Merrill account (guarantees are typically provided by a third party not involved in the transfer or by the firm receiving the assets)."
This seems to differ from the article and seems to be a way to make it harder to withdraw assets (why would a third party provide a medallion to insure someone else's assets?)
From my own experience getting a medallion stamp, the losing institution doesn't want to make it easier for you to transfer out. The paperwork is often annoying enough as it is. Certain things "can't be done" online so you have to send in forms and wait. (Always use registered mail, just in case!) If you put enough blockers in place, the customer may just decide to leave the account where it is.
Says "can in principle be totally uninvolved", not "customarily is totally uninvolved.
The article seemed to imply that the institution transferring the securities would also be in the best position to vouch for the identity of the owner who it had been the custodian for.
I never knew about the 3-day limit before, it makes sense that this is the reason behind unverified ACATS transfers (a problem that I've spent no small amount of time arguing about on various online forums long ago).
Interestingly, Fidelity lets you put your account into "lockdown" mode there they'll reject all ACATS (and ACH too I believe) transfers automatically without your intervention. I've always wondered what kind of legal magic they're pulling to make this compliant with FINRA rules.
What eventually convinced me over that it's not a problem is, as Patrick says, that these institutions will with high likelihood make you whole for fraudulent transfers, the same way they will for fraudulent ACH. The financial system generally works.
> these institutions will with high likelihood make you whole for fraudulent transfers, the same way they will for fraudulent ACH. The financial system generally works.
This applies to so much of the financial system, that it baffles me people worry about the things they do. I have family members that are so scared of card skimming they only pay in cash, and friends who are still too scared of the internet to buy things online.
> This applies to so much of the financial system, that it baffles me people worry about the things they do.
That's easy to understand. For the "financial system", $1000 is nothing. For many people, $1000 means the difference between having something to eat or not. Even if you get your money back in the end, not having any money for several days can be a disaster; and the 1% chance that you might not get that back can be too much risk to bear.
> I have family members that are so scared of card skimming they only pay in cash
That's understandable. With cash, all you can lose is the cash you have in hand at that moment; if your card is skimmed and used without your permission, you can lose up to the card's limit (and perhaps even more, if the limit isn't strictly enforced). You might say that fraudulent transactions will be reversed, but there's always that 1% chance that the other side will somehow manage to convince your bank that the transactions were in fact legitimate.
> and friends who are still too scared of the internet to buy things online.
When you buy at a store, the goods you bought are in your physical possession at the moment of the payment. When you buy things online, the goods you bought show up days or even weeks later, if they do, and until they arrive, you have no idea whether they're actually what you bought (and that's on top of the "card skimming" risk).
Sure, if you have enough resources, you can tolerate losing $1000 of the limit of one of your credit cards for a few days until the charge is reversed (and even, in the worst case, absorb the loss in case that charge isn't reversed), but not everyone can do that. And the perceived risk can be higher than the unknowable real risk; someone who has heard about (or experienced) enough incidents in which money was lost (temporarily or not) will understandably be more reluctant to expose themselves to these risks.
I once had to starve for 2 days because my bank froze my card over the weekend and being in a new country, had no cash with me (the nearest exchange was too far away by foot)
Nowadays I pretty much have the bare minimum in the bank and just spend cash.
For a lot of people, not having access to anything they currently have in their bank account, which is most of their savings, is actually a quite big deal, even if they can get that money back eventually.
I regard this as dealing with differing amounts of annoyance. Fraudulent credit card charge? Pffft - it will get taken care of with maybe two phone calls. Fraudulent debit card charge that leaves me with $8.31 in the bank? Getting up there on the annoyance scale. I have cash to live on for a few days, but it will likely require several phone calls and some outstanding bill-pays may bounce[0]. Someone buying a car with my stolen identity? Hugely annoying.
[0] I have a couple of monthly bills that cause a physical check to be printed and mailed. And one of the recipients only checks their mail twice a week so the float time is significant. I deal with them because I must.
On a technical basis yes. Finance rests upon a foundation of people emailing around spreadsheets and trust. Much better than new innovative cryptocurrencies that are just a trojan, wallet address typo, or exit scam away from losing your savings.
Bitcoin does, but Ethereum doesn’t, at least not originally.
There is some way to encode a checksum in the capitalization of the letters/digits A-F, but I’m not sure how ubiquitously supported that is. It seems like a pretty bad hack in any case.
One of my early lessons was realizing the spreadsheet folks have their own backup systems and they're fairly ingenious and orthogonal to my own concerns.
We certainly have the ability to implement transfer authorization, from the sender side, using good authentication technology. This doesn’t have to be cryptocurrency: it can just be the same techniques that we use to authenticate people logging into their bank account, eg passwords, MFA, passkeys, Face ID. We don’t do that for a bunch of business reasons given in the article (mostly that sending institutions are disincentivized from enabling this, and regulators have come up with a kludge that spreads the losses out in weird ways.) The result is that we use a system based on trust, reversal and insurance. This seems fine, but it almost certainly raises costs across the entire system in ways that we can’t obviously measure. Those costs presumably show up in places that typical consumers can’t really see, unless they’re very sophisticated: for example, higher management costs and worse spreads and weird fees.
Insomuch as this is a problem, I also don’t think it will change materially any time soon.
A robust financial system has to be reasonably accessible to such a wide range of people and institutions with varying capabilities that even building something that caters exclusively to the technically inclined is all but impossible.
I wrote on here before about how Vanguard used to offer a FIDO2-only MFA option. You could disable SMS MFA. That eventually got removed because the mobile app never supported it, so now they’ve enforced SMS as a mandatory MFA factor. And FIDO2 has been fairly easy to implement on mobile for years before Passkeys specifically were pushed.
As trusting as the traditional finance system is, it seems they still experience exit scams, wire typos, and countless other scams that lose savings.
Crypto has a long way to go, but tradfi hasn't solved its own problems. Until then, I guess we'd all better hope our bank representatives have a lot of friends in the industry.
Crypto can't solve its main problem though; it's fundamentally based around not being able to reverse transactions, which means you can't reverse a mistaken or fraudulent transaction, which is the whole reason tradfi works. And I don't think the other stuff makes up for this, even if programmability and flash loans are interesting.
Of the many crypto problems I can think of, reversible transactions seems low on the list. Tradfi "works" because there is no other choice given so people make it functional and it is comfortable through familiarity.
People conveniently forget the rampant scams, identity theft, and numerous types of fraud that are clearly irreversible in tradfi. Then they present it as a new problem that crypto must solve as well as being the same as the old system.
There's nothing in crypto that inherently prevents transaction reversals.
This can be implemented as a smart contract on any sufficiently advanced blockchain (definitely Ethereum, not sure about Bitcoin).
The way this works is that you put the money in an escrow contract first, designating a trusted third party as an arbiter. If you don't dispute the transaction for a few weeks, the money goes through irreversibly. If you do, the contract "locks up", and the third party can now either decide to send the money on to its destination or return it back to you. The contract is designed in such a way that those are the only things that third party can do with your money, they have no way of taking it for themselves. Either way, they get a small cut for the trouble of adjudicating the transaction.
If what you're worried about is wallet hacks, not disingenuous merchants, that's doable too. Instead of storing your money directly in your wallet, you'd have to store it in a smart contract, designed in such a way that your key is the only one that can move money out of it. However, limitations would be placed on the contract with regards to how much money can be moved daily. Such limits would likely be different for transfers to trusted escrow contracts and for irreversible transactions. If you needed to move more money, you could designate a trusted third party (let's say a traditional bank doing traditional bank things for identity verification) as being able to override these limits for you. Again, that would be their only responsibility, they would not have the right to move any of your money without your permission. This essentially relegates a bank to the role of an identity verifier who cannot take control of your money in any possible way except by colluding with a hacker who already has access to your wallet.
THe reason none of this exists is ecosystems and network effects, not technical limitations.
> There's nothing in crypto that inherently prevents transaction reversals.
Irreversibility was a key design parameter of bitcoin.
You can kludge a reversal system on top, much as you can build an SQL-a-like atop Mongo. Or you could not use a system whose literal point is the opposite.
That just shifts the problem around: if there's a bug or mistake in the smart contract itself, then you face the problem that you can't reverse that smart contract.
I have emphasized the main difference between this and a bank multiple times, but if it's not sufficiently clear: A bank holds your money. It can do whatever it wants or is forced to with that money, including seizing it if you're Canadian and attend a protest[1]. In the system I outlined, a bank can only decide whether a transaction you dispute should be reversed. As long as you don't dispute any transactions, the bank has no ability to take your money.
But then I can't spend my money for several weeks - the feature that crypto can't implement is having the reversal window be wider than the lockout window.
In tradfi, the counterparty is typically a sophisticated financial institution that either is in your jurisdiction or at least cares somewhat about not annoying your government. If it isn't, it's probably a customer of said financial institution, and thus subject to their rules. In crypto, your counterparty might be literally anybody.
I was going to make a dumb joke about how this was the plot to a horror story or movie or something. I paused for a few seconds (that's discouraged around here, so it better be a good joke)... and it started to sink in that it could well be the plot not only to a horror movie, but maybe has the potential to be a compelling one. "You'll be made whole, eventually" sounds great, until you think back to all those times in your life where "in a few weeks" would've ruined you. Even death's not out of the question if it pushes someone over the edge into suicide territory. The lunatics really do run the fucking asylum.
What’s horrifying about being able to quickly fix a honest mistake in mutual agreement? It’s not always possible, but when it is, it’s so much more efficient than the alternatives.
Trust isn’t a given and not always warranted, but when it is, it is a feature, not a bug.
I had to get a medallion stamp to do an ACATS transfer from broker A to B. I chose to get it at bank C, where I had my checking account, which also happened to own broker D.
Of course, the medallions were handled by a sales guy (sorry, financial advisor) working for broker D who then spent an hour trying to convince me I should move my account to them instead. Eventually he finally gave in and sent off the paperwork.
It's annoying the hoops you have to go through to get control of your own money.
Reminds me of when I wanted to close my Bank of America account: I didn't know that you needed to make an appointment for that. But indeed, it's my money, I had all the ID-verification paperwork needed, and I was stubborn enough to agree to wait for a clerk to become available.
For what it's worth, you may wish to consider a credit union, as it's less likely that a credit union would also own a brokerage.
I've had to get a medallion before to move a small retirement account and there were two things I very much did not like about the process:
(1) Most institutions require you to have been a member for 6 months before they will grant a medallion. I was transferring money between Fidelity and Schwab. Neither of which have branch offices within an hour of where I live. And I only have a virtual bank. There was no one willing to give me a medallion because I have no local banking relationships. I had to pull a favour with work to get our controller to vouch for me at our business bank.
(2) I've done domestic and international wires for much more money without needing anything like a medallion. Why can't I do something like log in to Fidelity and wire the funds across directly?
(Also, have fun finding the forms required to transfer your retirement account. Fidelity at least made the process exceptionally difficult, and their customer service agents acted like they didn't know what a Simple IRA was or why one would want to transfer out. Sure there's a page about transferring, but it likes to loop you into the "transfer funds into" flow.)
The other side of this is that I’ve absolutely had a SEC advisor tell me that I couldn’t access my money unless I kept my account with him and the bank had to verify my access to the money if I wanted to transfer it, but if I stayed I could keep it. ACATS ultimately protects the consumer from keeping their money with unscrupulous advisors.
I agree with the author that it is totally terrifying, but I feel the assets should be kept with a third party or third party verification service so that the broker isn’t incentivices to “verity” details.
I think medallions are a good solution to this problem and like the author of the piece says they are shockingly easy to get. I think that the advisors themselves receiving the money generally have huge relationships with the companies they work with that issue medallions and even the third party companies with relationships with the receiving advisor will generally provide one for free even if the person doesn’t have one.
It's somewhat amusing to look back on my Computer Science education, where they taught us that database transactions are used to ensure bank balances are moved atomically between accounts
Is it just me, or is that cat song not that good? I listened to it twice, and found it completely unremarkable. A minute later, I can't remember much about it.
De gustibus non est disputandum; there are some things that ruin many people's lives that have no appeal to me, there are some things many people enjoy responsibly that I have learned to stop myself from using because I will not make good decisions over a period of years, and then there was that freaking cat song, which gave me the strongest "WARNING: Your brain is not in control of your response to this song, in a way which is qualitatively different than the usual ways music is moving." when listening to it that I found it remarkable.
> I think if you say the words “my cat” to me when I am on my deathbed I will immediately hum three notes.
The song is currently ruining my life in a very different sense: I keep listening to the song over and over to try to guess which three notes you're talking about, but I can't for the life of me figure it out. Mind clearing that up for me?
(Personally, I definitely see how the song could be perceived as infectiously catchy, but it doesn't seem to do it for me. I think the structure and rhythm are a little too irregular for it to get stuck in my head.)
Back in the mid-1990s, I remember a news fluff piece about a woman who claimed to have epileptic seizures in response to hearing Mary Hart's voice (some newstainment journalist/anchor, maybe Entertainment Tonight?). Doctor supposedly confirmed it via experiment (though, now I wonder if the man should've kept his license, seems unsafe).
Earworms are probably the same. Specific either to unique brains, or to particular brain neuro-templates.
I had stopped watching Seinfeld beyond the first season. Had no idea.
Shit, do I always sound like a fool because I am a fool, or just because everything I know has been turned into a sitcom joke that I never found out about?
That's OK, though, because the person making the stamp is keeping a lot of records, so they'll know what they stamped.
When I first got my Treasury Direct[1] account, I couldn't verify my identity using their online process, and so I had to mail in FS Form 5444[1]. My local credit union had "Medallion Service" as one of the reasons for booking an appointment (separate from "Notary"), and they were able to take care of it. As mentioned in the article, the person at the credit union asked me for a monetary value. As it was a new Treasury Direct account, I said "$10,000" (the maximum amount of Series I bonds you can get per calendar year).
And as implied in the article, my credit union had no problems issuing this, even though they were not involved in Treasury Direct in any way.
It's interesting, all the 'little' 'home-grown' ways of identity guarantee that pop up when needed.
[0]: https://www.bankofamerica.com/signature-services/medallion-s...
[1]: https://www.treasurydirect.gov/forms/acctauth.pdf