Messente avatar logo

Preventing fraud in online brokerage accounts

- 5 MIN READ - 10 Jul 2017

Who do you trust with your money?

Unauthorized access to accounts in the online trading industry should never be taken lightly and definitely leads to malicious or criminal activity, which not only concerns personal user data, but also financial transactions and the safekeeping clients’ money.  

Real Money = Real Risk  

The concept of online trading is simple: It’s the act of buying and selling financial products through an online platform. These platforms are normally provided by internet-based brokers and are available to any person who would like to attempt to money from the markets. Although online trading itself is risky, there is another risk associated with online brokerages --user security. In the last few years, there have been too many incidents where online trading firms have been hacked, personal user data, including credentials, compromised, and financial damage ensued.

For example, Scottrade suffered a breach in 2015, affecting 4.6 million customers, with hackers walking away with client credentials and contact information. In 2016, hackers cracked a Hong-Kong-based brokerage firm, causing $20 million in financial damage.

While these scenarios are different in many ways, like how long it took the hack to occur, technique, time to breach discovery, and damages, they have one key similarity. In both cases, it’s noted that if accounts were protected by two-factor authentication, the attacks may have been thwarted, or accounts could have been protected from further damage. Yet many brokerage accounts can still be accessed by simply entering a username and password, gaining access to sensitive data and initiating fraudulent withdrawals.

Let's get 2FA for your website

Passwords aren’t enough

Passwords are vulnerable to eavesdroppers on cafe and airplane WiFi networks, data breaches, and to phishing attacks. Regardless of the trading platform, it’s important to acknowledge the vulnerability; based on the trend, any brokerage firm could easily be next. When it comes to financial damage, there is no universal policy as to whether a client is indemnified after a cyber-attack drains an account. And if there is indemnification, who knows when the money comes back, or whether potential market gains are included. Whether the company decides to reimburse a client who loses money is a decision that a firm makes (information regarding policies around breaches should be available on every broker’s website.)

Better be safe than sorry

In order to keep bad guys away in the first place, implement two-factor authentication. Today, it is offered by most brokerage firms, and in fact, in Singapore, it is already made mandatory for all online trading platforms.

Then it’s up to the users. 2FA provides an extra layer of account protection. Rather than simply authenticating while singing into an account, 2FA requires additional verification if certain actions are taken, like a change in contact information, fund transfers, or withdrawals.

It may also send an alert if the account password, email address, or phone number is changed, so users can react if they didn’t update the information.

Turning on 2FA is clearly worth the extra security for brokerage accounts. 2FA is generally available in the account profile, security settings, or through calling customer service. If the online brokerage firm does not offer two-factor authentication, it’s time to suggest it, as it may save everyone quite a bit of money and time.

Raili Liiva

Raili Liiva - Sales Researcher

5 Fundamentals to selecting an A2P provider

18 Jul 2017

Making an informed and educated decision when choosing a messaging partner requires navigation in the application-to-person (A2P) ecosystem. Asking the right questions early is the basis for avoiding costly mistakes and having a strong partnership. These five fundamental features will help you build a framework for asking questions and guide a structured conversation when shopping for an A2P vendor

Joosep Merelaht

Joosep Merelaht

Yet another hack that 2FA could have prevented: 8tracks

11 Jul 2017

The irony here is uncanny.

8tracks, a social internet radio service, recently announced a data breach, losing a copy of their user database, which includes email addresses and passwords. While 8tracks ensures their users that passwords are encrypted, hashed, and salted, they still recommend that users change their passwords with their service. Their CEO also moved on to explaining that their (over) 18 million users “refrain from using the same password across multiple sites,” use a password manager, and user two-factor authentication.

Yuriy Mikitchenko

Yuriy Mikitchenko

An easy way to ensure confidentiality: Flash SMS

03 Jul 2017

SMS has some tricks up its sleeve. While familiar to most as a simple communication tool, SMS also provides solutions for both confidential and time sensitive situations. This is where flash SMS comes into play.

Uku Tomikas

Uku Tomikas

Start sending messages to

for € N/A

Contact us