Safety and Security
Your Security Is Important To Us
Segregated Customer Accounts
All customer funds are held separately in segregated client accounts with one of the world’s largest financial institutions. These accounts are separate from our corporate accounts and we cannot use them to settle any of our own obligations.
Two-factor authentication is a way of improving account security by combining what you know, for example your password, with something only you have in your possession, like your mobile phone.
When trying to log in or carry out certain actions, such as transferring money out, we will automatically send a message to your phone with a code. You enter this code into the two-factor authentication form on CurrencyFair.com.
To find out more, read our blog post on Two Factor Authentication.
Your Connection is Secure
Our website uses 256-bit encryption via SSL from VeriSign. This indicates that your connection is secure.
Secure Data Centre
All your account information is stored in a secure facility that is safeguarded 24-hours-a-day, and we use biometric security to gain access to our servers.
Systematic Procedures & Checks
We maintain continuous auditing, logging, backups and safe-guarding of data. To further protect against malicious attacks, we run numerous security tests on our own software and systems and maintain the very latest virus protection software.
We have built in a number of safeguards into our software including:
- Identity Verification - Checks on new customers to determine if the identity information provided is accurate and not suspicious.
- Automatic Logout - If you are inactive for an extended period of time we automatically log you out so unauthorised people cannot access your account.
- Contact Information Confirmation - All changes to your contact information are verified with you before we make any changes.
Tracked Deposits & Transfers
All deposits by you to us are recorded by your bank. All your exchanges and transfers on our platform are recorded and saved in your account summary and you will receive a confirmation email instantly. All transfers from our bank are also logged. In short, all of your interactions with us are fully documented and available to you when you need it.
CurrencyFair takes the safety of your personal details very seriously. We make it a top priority to provide system integrity and the confidentiality of your personal and transaction details. To allow data to be transmitted securely over the internet, the CurrencyFair Platform uses Secure Socket Layer (SSL), 256 bit encryption on required site pages (within the logged-in section). You can check that your connection is secure by looking for the https and the secure padlock symbol at the bottom right of your browser window, or in the address bar.
All customer data is backed up in an automated fashion and is hosted on a multiple region, multi availability-zone AWS cloud. The AWS cloud on which the data is hosted is ISO27001:2013, ISO 27017:2015 ISO 27018:2014 and ISO 9001:2015 certified. Access to this data is severely restricted and is via multi-factor authentication, and behind VPN and firewalls.
When you register with CurrencyFair you will be asked to provide an email address and password. We recommend a high level of password strength, including capitals, digits and symbols.
Additionally CurrencyFair will provide you with a 6 digit CurrencyFair PIN which you will be required to input for any functions that require us to confirm your identity, such as adding beneficiary accounts and transferring funds.
All relevant transactions are also reported directly to your registered email address.
Phishing and Social Engineering
Phishing is a method that criminals use to try and attain your personal information through what look like legitimate emails. Unfortunately, this is becoming a more common form of internet attack. These emails may even contain official branding. CurrencyFair will never ask you for your password, credit/debit card information or bank details through emails. Any account changes, transactions or adding bank accounts must always be completed by logging in securely through your CurrencyFair account. Try to remember what activities you recently carried out on CurrencyFair’s website and any recent communication you had with us. If the email is unrelated to known activity on your account, it might be a phishing attempt.
If you have received suspicious emails pertaining to be from CurrencyFair, do not open any attachments on the email and do not click on any links. Please forward these emails and notification of any other suspicious incidents to our Team via our Support Centre. We will respond to the same email string and send you confirmation of the legitimacy of the email once we have been able to verify the original sender. You can also check out our Support Centre for further information on using our site.
The growing online payments industry, sadly brings an increase in online payment crime. Protect yourself by only entering your personal information and bank details into websites that you trust. Any attempted or known attacks on our customer’s personal information will be communicated via the CurrencyFair blogs or our Support Centre. Alternatively, if you suspect fraud or an attack on your CurrencyFair account, please contact our Support Team through our Support Centre.
Password and Device Security
It is important that you keep your password and devices as secure as possible. Be sure to update to the latest version of your operating system, anti-virus software and internet browser. This will keep your information and devices protected against the latest known security attacks. Try to avoid using public WiFi areas as these are more liable to hacking. Change your password if you think that any of your private accounts have become vulnerable.