Segregated Customer Accounts
Customer funds are held separately from CurrencyFair’s own funds in segregated client accounts as part of our operational safeguarding arrangements. This means that customer funds are not commingled with CurrencyFair’s corporate funds and are managed separately in the course of providing our services.
Where customer funds constitute Safeguarded Funds for the purposes of the European Union (Payment Services) Regulations 2018 (that is, Relevant Funds within the meaning of Regulation 17), those funds are held and protected in accordance with the statutory safeguarding requirements.
Operational segregation of customer funds does not, of itself, mean that those funds are subject to statutory safeguarding protection. Further detail on how and when statutory safeguarding applies is set out in Clause 13 (Safeguarding of Customer Funds) of these Terms & Conditions.
Two-Factor Authentication
Two-factor authentication is a way of improving account security by combining what you know, for example, your password, with something only you have in your possession, like your mobile phone.
When trying to log in or carry out certain actions, such as transferring money out, we will automatically send a message to your phone with a code. You enter this code into the two-factor authentication form on CurrencyFair.com.
To find out more, go to our Support Centre.
Your Connection Is Secure
Our website uses 256-bit encryption via SSL from VeriSign. This indicates that your connection is secure.
Secure Data Centre
All your account information is stored in a secure facility that is safeguarded 24 hours a day, and we use biometric security to gain access to our servers.
Systematic Procedures & Checks
We maintain continuous auditing, logging, backups and safeguarding of data. To further protect against malicious attacks, we run numerous security tests on our own software and systems, and maintain the very latest virus protection software.
Thorough Verification
We have built in a number of safeguards into our software, including:
Tracked Deposits & Transfers
All deposits by you to us are recorded by your bank. All your exchanges and transfers on our platform are recorded and saved in your account summary, and you will receive a confirmation email instantly. All transfers from our bank are also logged. In short, all of your interactions with us are fully documented and available to you when you need it.
Site Security
CurrencyFair takes the safety of your personal details very seriously. We make it a top priority to provide system integrity and the confidentiality of your personal and transaction details. To allow data to be transmitted securely over the Internet, the CurrencyFair Platform uses Secure Socket Layer (SSL), 256-bit encryption on required site pages (within the logged-in section). You can check that your connection is secure by looking for the https and the secure padlock symbol at the bottom right of your browser window, or in the address bar.
All customer data is backed up in an automated fashion and is hosted on a multi-region, multi-availability-zone AWS cloud. The AWS cloud on which the data is hosted is ISO 27001:2013, ISO 27017:2015, ISO 27018:2014, and ISO 9001:2015 certified. Access to this data is severely restricted and is via multi-factor authentication, and behind VPN and firewalls.
Account Security
When you register with CurrencyFair, you will be asked to provide an email address and password. We recommend a high level of password strength, including capitals, digits and symbols.
Additionally, CurrencyFair will provide you with a 6-digit CurrencyFair PIN, which you will be required to input for any functions that require us to confirm your identity, such as adding recipient accounts and transferring funds.
All relevant transactions are also reported directly to your registered email address.
Phishing & Social Engineering
Phishing is a method that criminals use to try and attain your personal information through what look like legitimate emails. Unfortunately, this is becoming a more common form of internet attack. These emails may even contain official branding. CurrencyFair will never ask you for your password, credit/debit card information, or bank details through email. Any account changes, transactions, or adding bank accounts must always be completed by logging in securely through your CurrencyFair account. Try to remember what activities you recently carried out on CurrencyFair’s website and any recent communication you had with us. If the email is unrelated to known activity on your account, it might be a phishing attempt.
If you have received suspicious emails pertaining to be from CurrencyFair, do not open any attachments in the email and do not click on any links. Please forward these emails and notifications of any other suspicious incidents to our Team via our Support Centre. We will respond to the same email string and send you confirmation of the legitimacy of the email once we have been able to verify the original sender. You can also check out our Support Centre for further information on using our site.
Suspected Fraud
The growing online payments industry, sadly, brings an increase in online payment crime. Protect yourself by only entering your personal information and bank details into websites that you trust. Any attempted or known attacks on our customers’ personal information will be communicated via the CurrencyFair blogs or our Support Centre. Alternatively, if you suspect fraud or an attack on your CurrencyFair account, please contact our Support Team through our Support Centre.
Password & Device Security
It is important that you keep your password and devices as secure as possible. Be sure to update to the latest version of your operating system, anti-virus software, and Internet browser. This will keep your information and devices protected against the latest known security attacks. Try to avoid using public WiFi areas as these are more liable to hacking. Change your password if you think that any of your private accounts have become vulnerable.
Fraud Awareness
You can find advice and tips to help spot and combat fraud in the CurrencyFair blog post, “Protecting your finances: A guide to avoiding fraud”.