88% of consumers say their perception of business is improved when there is an investment in the customer experience, including security. Experian, 2020 Global Identity and Fraud Report
Our enterprise-wide security strategy protects account holders with a combination of technology, policies, and processes.
Our security strategy is informed by frequent board and committee briefings, executive tabletop sessions, periodic security briefings, and an established business continuity plan.
Our associates are carefully vetted and thoroughly trained in security awareness and incident response protocols.
We employ advanced network and data protection, access management, and authentication protocols, plus cybersecurity data analysis.
We design processes to ensure appropriate controls are in place for all that we do. Ongoing risk assessment management and testing are vital parts of our best practices.
We continuously monitor plan, participant, and transaction activity around the clock, every day of the year.
T. Rowe Price makes every effort to ensure that participant interactions are not only seamless but also well protected through robust security practices for authentication.
Multi-Factor Authentication provides an additional layer of security to normal login requirements and call center interactions. It requires participants to provide information that only they have access to: a code they must enter during login or provide to our call center representatives at the start of their phone call.
Multi-Factor Authentication is required for all participants—who are guided through the setup process during login or when creating their online account.
The voice biometrics process passively authenticates callers as they naturally engage with the call center. This new technology evaluates several criteria for each caller, including voice characteristics, caller behavior, call location, and device characteristics, beginning with their first interaction with our call center. If the call seems suspicious, the system will automatically trigger additional authentication procedures.
Dark market monitoring provides another layer of cutting-edge fraud protection for participant accounts. It screens participant website login credentials against emails and passwords recovered from data breaches to help reduce the risk of fraudulent account takeover.
The service creates security alerts when passwords associated with participants’ email addresses are located on the dark web. When passwords associated with a data breach match participants' retirement plan login credentials, we alert impacted participants and lock their accounts as a security precaution.
The T. Rowe Price Account Protection Program is designed to assure plan sponsors and participants that their accounts are protected in the event of fraud. Under the program, we’ll restore eligible account losses caused by unauthorized activity* when plans and participants follow some best practices.
Plan sponsors and participants should contact us immediately if they suspect a potential breach or fraudulent activity.
All reported concerns will be thoroughly investigated to determine program applicability. The Account Protection Program may not apply if the security best practices outlined in this document are not followed.
Contact your T. Rowe Price representative to find out how we can partner to protect your participants.