Yesterday, you had money in your retirement account.

Today, you have nothing. A lifetime of savings … gone.

You didn’t blow it on a dodgy investment scheme. You didn’t bet on a loser cryptocurrency. You didn’t exhaust your hard-won savings, either.

Someone stole it … with the assistance of your retirement brokerage.

And they won’t pay you back.

Retirement Account Hacking

Unlike credit card and checking account transactions, there are no regulations protecting you from retirement account hacking. If it happens to you and you get anything back, it’ll be due purely to the charitable compassion of the financial institution that had your money.

Is that enough security for you? I didn’t think so.

Prepare for a Shock

The most important financial accounts you own are those at the most risk.

Only you can mitigate that risk.

Late last year, retired Atlantans Steve and Andrea Voss happened to check their retirement account balance with Prudential Financial.

It was zero.

Someone had called Prudential, pretending to be Mr. Voss. With shockingly little information, they got Prudential to issue a check to cash out his 401(k) account, addressed to a local UPS mail drop.

If this had been credit card or online banking fraud, Federal Reserve regulations would have strictly limited the Voss’ losses. Consumers are only liable for up to $50 in credit card fraud. Liability for fraudulent checking account transfers is capped at $500. Refunds must generally be issued within 10 days.

But retirement brokers are under no legal obligation to return your stolen retirement money.

Did you know that?

Thanks, Equifax!

I detest the credit bureau industry. Without our permission, and for their own profit, they centralize all the information needed to destroy our lives in insecure computer servers.

Indeed, all the information the hackers needed to steal the Voss’ future was available in the recent Equifax data breach — name, Social Security number, birth date and address.

Nobody knows if Equifax aided the hackers’ dirty work in this case. But it hardly matters. The Equifax breach included most of the U.S. population.

Credit card fraud used to be your biggest hacking risk. But the (late and inadequate!) application of chip technology — and the fact that the card issuer must pay — has led to a big drop in this type of fraud.

Cybercriminals have simply shifted to easier marks.

So-called “noncard” fraud is up sharply, as hackers hijack everything from hotel reward point accounts to mobile phones to cryptocurrency wallets.

The brokerage account takeover that devastated the Voss family is also on the rise. In 2016, such crimes accounted for only 2% of existing noncard fraud. That tripled in one year, to 7% in 2017.

Retirement account hijackings are particularly attractive for cybercriminals.

The balances are usually much larger than savings or checking accounts. People typically don’t check them as often … particularly when the market’s down, to avoid unwelcome news. Many clients have limited digital security skills. Some are elderly enough that someone else routinely handles their retirement account business for them.

Above all, because there are no rules compelling retirement brokers to compensate fraud losses, there’s no incentive for them to get their security act together.

Make Your Retirement Money Shipshape

Last week, I took a day off to do some maintenance on my sailboat. As always, there was more to do than I’d expected. The combination of my long absences and a vessel’s many points of failure means there’s always work to do to keep things secure.

The same is true of your retirement accounts (and other financial accounts). Here’s my list of the steps you must take to keep your own retirement afloat:

• Request two-factor authentication to gain access to your account — whether online or on the phone. This involves one-time access codes emailed to you every time you log or call in. Don’t use text notifications, though — as I explained in an article last year about cryptocurrency fraud, hackers can easily get those notices redirected to themselves.

• Check your account often. Monitor the balance and your listed addresses, phone numbers, emails and the bank account details for receiving disbursements. Notify the company immediately if there’s anything amiss.

• Use a secure username and password for online access to the account. My Privacy Code 2.0 report explains in detail how to do this.

• Read every notice from your company about “recent changes to your account.” Sign up for email alerts to notify you when any changes are made.

• Don’t choose security questions that scammers could find the answers for online or in social media, like your mother’s maiden name or favorite pet. In fact, if there’s an option, don’t use those at all — insist on direct account resets by phone, along with secure codes sent to your email or to a specialized, authentic app.

• Avoid using public computers to access your account.

I saw a T-shirt the other day that said: “Vote for Nobody — After All, They’ve Always Looked After Your Interests.”

Cheeky, but true … and fully applicable to securing your precious retirement wealth.