Channelling your money into a trading platform deserves closer scrutiny of security
Getting into the world of e-trading has been a secret desire of mine for some time. But where can a rookie like me start dabbling? Should I trade in cryptocurrency? In currency? Or should I go for traditional stocks? Wherever I start, my most important launch-off criterion is to keep the 'gambling' risk low and build enough trust that everything I do on platform X or on exchange Y is as secure and private as possible. And so, I started my hunt.
The democratisation of e-trading
Commission-free trading has only been widely practiced for the last year or so. One of the first (app developers) to build a no-fees platform was Robinhood back in 2013. Robinhood, a US-based FinTech startup, began by offering US-listed stocks and exchange-traded funds at $0 per trade. The startup has since expanded to include options and cryptocurrency.
Then in September 2019, Interactive Broker jumped on the no-fees bandwagon, which set off a domino effect. In rapid succession the following October, E*TRADE, TD Ameritrade, Charles Schwab and Fidelity all announced they were slashing their brokerage fees. The Bank of America and Wells Fargo followed suit two months later. In 2020, CMC Markets, Dabble, eToro and IG also joined the fray.
The cumulative effect brought on by the no-fees movement was to democratise trading. A $9.95 fee on every trade, which my personal bank charges now, is a stumbling block for many like myself who have been hesitating to get started. Although, it could be argued that paying a fee makes you think twice before making a trade – a sort of deterrent against folly and ignorance getting the better of you. After all, the new model of “free” often means the user – for better or worse – becomes the product.
Down-to-the-second service availability
But beyond my personal folly and ignorance, I am also security- and privacy-minded. I remember hearing about Robinhood’s app freezing no less than three times over the span of two weeks, while millions of traders helplessly watched their investments plummet or opportunities take flight. Better provisioning of the platform’s ability to handle peak loads would have prevented that problem. Even so, it could just as easily have been a distributed denial of service (DDoS) attack, meaning traders need to trust that trading platforms have the security controls in place to detect DDoS attacks and block them.
Securing user account access
Sure, it would be easy to join the millions on Robinhood, but I would still have little clue of how to trade. Maybe I could try eToro, which allows you to automatically mimic another trader with the CopyTrader feature – a kind of 'learning by watching' strategy. But what if CopyTrader starts making high-risk contract for difference (CFD) trades for me? I stand to lose a lot. Then I also discovered that access to 62,000 eToro accounts was being offered for sale in a dark web marketplace. Hmm... that rattles my confidence.
If I am going to trust a platform with my hard-earned pounds, then practicing good password hygiene is not enough. I want multi-factor authentication (MFA) available. eToro offers MFA, although the one-time code is sent via SMS.
It is much more secure to obtain your code via an authenticator app, as hackers have discovered various ways to steal codes that are sent via SMS. A hacker, for example, could either intercept your SMS messages or read the notifications displaying your one-time code on your mobile device. In fact, there was a malicious Android app impersonating the Turkish cryptocurrency exchange BtcTurk called BtcTurk Pro Beta that would read notifications, collect the one-time code and then dismiss them to prevent tipping off the victims.
Luckily, Robinhood offers the more secure option of an authenticator app.
Tough backend security measures build trust
It is also important that the trading platform’s backend systems are set up in a way that is secure and compliant with data protection regulations. Setting up an account with a trading platform requires sharing my ID and financial data, so I wouldn’t want my personally identifiable information to be stolen because of lack of investment into security. Trading 212’s privacy policy, for example, talks about regular scanning for vulnerabilities and penetration testing to assess the security of systems – this builds trust.
Data protection for your financial data
Before opening an account, you should also be aware that your data is not immediately destroyed on account closure and can be stored for up to five years as part of compliance with legislation, such as the Fourth Money Laundering Directive ((EU) 2015/849) in the EU, aimed at preventing and detecting money laundering. This is the case for Trading 212 and other EU-based companies.
For this reason, it is good to be aware of the latest data breaches reported in the news. If you have an account with a company that has been attacked recently, even years after you have closed your account, it is worth taking the time to inquire about a possible breach of your data and request an identity theft monitoring service. Hackers usually attempt to sell your data in a dark web marketplace, target you with specially crafted phishing emails or will bide their time for an opportune moment to perpetrate a scam.
A multiexchange trading experience or a trojan?
Looking at so many exchanges, however, makes me wonder if I shouldn’t find a “see all from one” dashboard type of experience like Kattana. Strictly for cryptocurrency trading, Kattana provides integration into multiple popular cryptocurrency exchanges, allowing users to trade from one account.
And Kattana has similar-looking competitors: Cointrazer, Cupatrade, Licatrade, Trezarus... until I found out that these copycats are trojans! If I were to download one of these malicious 'cousins' of Kattana on my Mac, my browser cookies and history, as well as any cryptocurrency wallets, would likely be snatched up by the GMERA malware operators behind this campaign, unless protected by a security solution like ESET Cyber Security.
In the end, I am still considering my options for a trustworthy and secure exchange to begin my trading adventures. Whatever you pick, don’t be halfhearted in scrutinising the security practices of your chosen exchange.