Messente avatar logo

Preventing fraud in online brokerage accounts

Raili Liiva

10 Jul 2017 -

5 min read

Raili Liiva

10 Jul 2017


2 min read

Who do you trust with your money?

Unauthorized access to accounts in the online trading industry should never be taken lightly and definitely leads to malicious or criminal activity, which not only concerns personal user data, but also financial transactions and the safekeeping clients’ money.  

Real Money = Real Risk  

The concept of online trading is simple: It’s the act of buying and selling financial products through an online platform. These platforms are normally provided by internet-based brokers and are available to any person who would like to attempt to money from the markets. Although online trading itself is risky, there is another risk associated with online brokerages --user security. In the last few years, there have been too many incidents where online trading firms have been hacked, personal user data, including credentials, compromised, and financial damage ensued.

For example, Scottrade suffered a breach in 2015, affecting 4.6 million customers, with hackers walking away with client credentials and contact information. In 2016, hackers cracked a Hong-Kong-based brokerage firm, causing $20 million in financial damage.

While these scenarios are different in many ways, like how long it took the hack to occur, technique, time to breach discovery, and damages, they have one key similarity. In both cases, it’s noted that if accounts were protected by two-factor authentication, the attacks may have been thwarted, or accounts could have been protected from further damage. Yet many brokerage accounts can still be accessed by simply entering a username and password, gaining access to sensitive data and initiating fraudulent withdrawals.

Let's get 2FA for your website

Passwords aren’t enough

Passwords are vulnerable to eavesdroppers on cafe and airplane WiFi networks, data breaches, and to phishing attacks. Regardless of the trading platform, it’s important to acknowledge the vulnerability; based on the trend, any brokerage firm could easily be next. When it comes to financial damage, there is no universal policy as to whether a client is indemnified after a cyber-attack drains an account. And if there is indemnification, who knows when the money comes back, or whether potential market gains are included. Whether the company decides to reimburse a client who loses money is a decision that a firm makes (information regarding policies around breaches should be available on every broker’s website.)

Better be safe than sorry

In order to keep bad guys away in the first place, implement two-factor authentication. Today, it is offered by most brokerage firms, and in fact, in Singapore, it is already made mandatory for all online trading platforms.

Then it’s up to the users. 2FA provides an extra layer of account protection. Rather than simply authenticating while singing into an account, 2FA requires additional verification if certain actions are taken, like a change in contact information, fund transfers, or withdrawals.

It may also send an alert if the account password, email address, or phone number is changed, so users can react if they didn’t update the information.

Turning on 2FA is clearly worth the extra security for brokerage accounts. 2FA is generally available in the account profile, security settings, or through calling customer service. If the online brokerage firm does not offer two-factor authentication, it’s time to suggest it, as it may save everyone quite a bit of money and time.

Whitepaper: Impact of Two-Factor Authentication on data breaches

Raili Liiva

Sales Researcher

Raili leads Messente's 2-factor authentication solution and takes care of our SMS API clients. She is passionate about online security and is helping businesses protect their user accounts against hijackings.  

We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

Consider this in the bidding process - Part 2

16 Jan 2018

Continuing last week’s discussion around things that companies must consider when selecting a global SMS messaging...

Marcus Kallavus

2 min read

Consider this in the bidding process - Part 1

09 Jan 2018

Selecting an SMS provider from a pool of many can be daunting task. What should be considered when...

Marcus Kallavus

2 min read

Personalized support and why there is no way around it

02 Jan 2018

We often see client support packaged into software products, whether it includes general support tickets, to live chat,...

Uku Tomikas

2 min read

SMS boosts CRM services and it can't be overlooked

19 Dec 2017

SMS messaging has become an expected feature in customer engagement platforms, which involves communicating information to people. Even...

Marcus Kallavus

2 min read