Messente avatar logo

Preventing fraud in online brokerage accounts

Raili Liiva

10 Jul 2017 -

5 min read

Raili Liiva

10 Jul 2017


2 min read

Who do you trust with your money?

Unauthorized access to accounts in the online trading industry should never be taken lightly and definitely leads to malicious or criminal activity, which not only concerns personal user data, but also financial transactions and the safekeeping clients’ money.  

Real Money = Real Risk  

The concept of online trading is simple: It’s the act of buying and selling financial products through an online platform. These platforms are normally provided by internet-based brokers and are available to any person who would like to attempt to money from the markets. Although online trading itself is risky, there is another risk associated with online brokerages --user security. In the last few years, there have been too many incidents where online trading firms have been hacked, personal user data, including credentials, compromised, and financial damage ensued.

For example, Scottrade suffered a breach in 2015, affecting 4.6 million customers, with hackers walking away with client credentials and contact information. In 2016, hackers cracked a Hong-Kong-based brokerage firm, causing $20 million in financial damage.

While these scenarios are different in many ways, like how long it took the hack to occur, technique, time to breach discovery, and damages, they have one key similarity. In both cases, it’s noted that if accounts were protected by two-factor authentication, the attacks may have been thwarted, or accounts could have been protected from further damage. Yet many brokerage accounts can still be accessed by simply entering a username and password, gaining access to sensitive data and initiating fraudulent withdrawals.

Let's get 2FA for your website

Passwords aren’t enough

Passwords are vulnerable to eavesdroppers on cafe and airplane WiFi networks, data breaches, and to phishing attacks. Regardless of the trading platform, it’s important to acknowledge the vulnerability; based on the trend, any brokerage firm could easily be next. When it comes to financial damage, there is no universal policy as to whether a client is indemnified after a cyber-attack drains an account. And if there is indemnification, who knows when the money comes back, or whether potential market gains are included. Whether the company decides to reimburse a client who loses money is a decision that a firm makes (information regarding policies around breaches should be available on every broker’s website.)

Better be safe than sorry

In order to keep bad guys away in the first place, implement two-factor authentication. Today, it is offered by most brokerage firms, and in fact, in Singapore, it is already made mandatory for all online trading platforms.

Then it’s up to the users. 2FA provides an extra layer of account protection. Rather than simply authenticating while singing into an account, 2FA requires additional verification if certain actions are taken, like a change in contact information, fund transfers, or withdrawals.

It may also send an alert if the account password, email address, or phone number is changed, so users can react if they didn’t update the information.

Turning on 2FA is clearly worth the extra security for brokerage accounts. 2FA is generally available in the account profile, security settings, or through calling customer service. If the online brokerage firm does not offer two-factor authentication, it’s time to suggest it, as it may save everyone quite a bit of money and time.

Whitepaper: Impact of Two-Factor Authentication on data breaches

Raili Liiva

Sales Researcher

Raili leads Messente's 2-factor authentication solution and takes care of our SMS API clients. She is passionate about online security and is helping businesses protect their user accounts against hijackings.  

We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

Municipalities take advantage of SMS to help people

16 Feb 2018

The humble SMS is a widely used tool and as such it is no miracle that municipalities use...

Uku Tomikas

2 min read

Where is the industry actually headed? WhatsApp, RCS, and more.

13 Feb 2018

The enterprise messaging space is full of innovative solutions. Some of them find their place in the mix...

Lauri Kinkar

2 min read

Central log management and why it really matters

06 Feb 2018

It’s a well-known fact that without logging we don’t really understand if our systems are functioning properly. Or...

Uku Loskit

2 min read

Breaking down partnerships to the ridiculous

26 Jan 2018

There are stark financial differences in using a global messaging provider, versus several geographically local service providers. These...

Uku Tomikas

2 min read