Messente avatar logo

Preventing fraud in online brokerage accounts

Raili Liiva

10 Jul 2017 -

5 min read

Raili Liiva

10 Jul 2017

-

2 min read

Who do you trust with your money?

Unauthorized access to accounts in the online trading industry should never be taken lightly and definitely leads to malicious or criminal activity, which not only concerns personal user data, but also financial transactions and the safekeeping clients’ money.  

Real Money = Real Risk  

The concept of online trading is simple: It’s the act of buying and selling financial products through an online platform. These platforms are normally provided by internet-based brokers and are available to any person who would like to attempt to money from the markets. Although online trading itself is risky, there is another risk associated with online brokerages --user security. In the last few years, there have been too many incidents where online trading firms have been hacked, personal user data, including credentials, compromised, and financial damage ensued.

For example, Scottrade suffered a breach in 2015, affecting 4.6 million customers, with hackers walking away with client credentials and contact information. In 2016, hackers cracked a Hong-Kong-based brokerage firm, causing $20 million in financial damage.

While these scenarios are different in many ways, like how long it took the hack to occur, technique, time to breach discovery, and damages, they have one key similarity. In both cases, it’s noted that if accounts were protected by two-factor authentication, the attacks may have been thwarted, or accounts could have been protected from further damage. Yet many brokerage accounts can still be accessed by simply entering a username and password, gaining access to sensitive data and initiating fraudulent withdrawals.

Let's get 2FA for your website

Passwords aren’t enough

Passwords are vulnerable to eavesdroppers on cafe and airplane WiFi networks, data breaches, and to phishing attacks. Regardless of the trading platform, it’s important to acknowledge the vulnerability; based on the trend, any brokerage firm could easily be next. When it comes to financial damage, there is no universal policy as to whether a client is indemnified after a cyber-attack drains an account. And if there is indemnification, who knows when the money comes back, or whether potential market gains are included. Whether the company decides to reimburse a client who loses money is a decision that a firm makes (information regarding policies around breaches should be available on every broker’s website.)

Better be safe than sorry

In order to keep bad guys away in the first place, implement two-factor authentication. Today, it is offered by most brokerage firms, and in fact, in Singapore, it is already made mandatory for all online trading platforms.


Then it’s up to the users. 2FA provides an extra layer of account protection. Rather than simply authenticating while singing into an account, 2FA requires additional verification if certain actions are taken, like a change in contact information, fund transfers, or withdrawals.

It may also send an alert if the account password, email address, or phone number is changed, so users can react if they didn’t update the information.

Turning on 2FA is clearly worth the extra security for brokerage accounts. 2FA is generally available in the account profile, security settings, or through calling customer service. If the online brokerage firm does not offer two-factor authentication, it’s time to suggest it, as it may save everyone quite a bit of money and time.

The second Payment Services Directive (PSD2) impact: Read the full report.


Raili Liiva

Sales Researcher

Raili leads Messente's 2-factor authentication solution and takes care of our SMS API clients. She is passionate about online security and is helping businesses protect their user accounts against hijackings.  




We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

How we do it: Supporting a culture of growth

14 Nov 2017

Recently, I’ve had several discussions about company culture. And here’s a common question: How do you build a...

Lauri Kinkar

2 min read

This is an opportunity. Take advantage of it.

07 Nov 2017

In today’s world, it feels like the technology changes faster than we can keep up. As technology becomes...

Raili Liiva

2 min read

Scrub customer databases and make SMS more effective

31 Oct 2017

It’s often that we are asked, “what is your average delivery rate in (fill in the blank) country?”...

Margus Sütt

2 min read

Startup Conferences: What’s the point? (Slush 2017)

25 Oct 2017

With Slush coming up in about a month, it’s a good time ponder the purpose of...

Yuriy Mikitchenko

2 min read