The safekeeping of client funds whilst in the custody of FX brokerages has become a much less discussed subject recently, as retail FX traders and brokerages alike have become accustomed to the segregated client accounts required by most regulatory authorities around the world.
Whilst this procedure ensures no misappropriation, as well as mitigates risk of loss should a firm become insolvent, there are indeed other factors to consider when handling client funds.
Tim Thompson, CEO of British payment services and risk management technology company NOIRE delves into the extremely important considerations regarding risk of hacking, and access to customer accounts and FX brokerage accounts by fraudsters.
Access any Forex forum and there is talk of disputes between clients and brokers on what has happened to money disappearing in accounts; withdrawals being made, transactions being cancelled, each blaming the other for the problem, but there could be something else going on. It is quite probable that many brokers are getting labelled as “scam” unjustifiably.
FOREX brokerage accounts are usually accessible online needing only a username and password in order to gain access to sensitive data and exposure to fraudulent withdrawals.
It can start in a number of ways; Fraudsters phishing customers details, through emails pretending to be from the broker and telephone calls, Trojan malware programs often downloaded for trading platforms which look legitimate but could be obtaining customers’ login details and passwords. Fraudsters do this on an industrial scale and gain access to many customer accounts across many businesses.
The fraudsters obtain lists of client’s logins and passwords details and begin trawling through them. Logging in and out of accounts checking balances, looking for accounts to target. This logging in and out of accounts is very rarely detectable. Brokers often check IP addresses, but these will be tumbled by the fraudster each time, by using a proxy to give a new IP in the country in which they want to appear. The fraudster narrows the list down of accounts to hit and then goes back sometimes weeks later, possibly to make a withdrawal.
This is about money leaving the account, and therefore NOIRE’s approach will identify straight away which accounts have been compromised, looking across all logins into accounts and linking them together. Based on characteristics we are able to identify which accounts have been accessed by hackers and fraudsters and therefore which accounts have been compromised and are at risk. The focus therefore should not just be on sending money into accounts, as with most payment providers, but making sure it is safe as well.
This is a guest editorial which was written and contributed by Tim Thompson, CEO of NOIRE