Security Center
Customer Security and Anti-Fraud Protection
The prevalence of online fraud and identity theft poses serious risks.
We know that TradeStation customers need to be able to access their accounts safely and securely online from a variety of devices while at home, the office, or on the go. TradeStation uses secure technologies and other internal measures to ensure that every time you access your account, you can do so with confidence. Here are just a few ways in which we work to keep your account secure.
Account and Trade Monitoring
We leverage sophisticated tools and employ highly trained anti-fraud and anti-money-laundering specialists to
continuously monitor our systems and customer accounts, aid in the detection of suspicious activities and ensure that we
are able to respond quickly.
Customer Alerts
We will notify you whenever significant changes are made to your customer profile or your accounts, such as changes to
your login credentials, contact information, account settings, and more.
Strict Privacy Policies
TradeStation Group, Inc. and its subsidiary companies are committed to protecting the confidentiality and security of
information we collect about you. We will not share non-public information about you with third parties outside of our
securities affiliate’s clearing firm(s) without your consent, or as is required to perform routine business operations,
such as processing transactions, account maintenance, legal investigations, and credit bureau reporting. To learn more
about how TradeStation protects your privacy, please read our Privacy Policy.
Encrypted Communications
Our secure websites and applications use a 256-bit data encryption (TLS/SSL) to protect your accounts while you access
and manage them online.
Text Messages and Social Media Messaging
TradeStation Group, Inc. and its subsidiary companies will not contact you through text or SMS messaging and we do not
solicit information nor ask you to click on links through text messages. We also do not begin conversations via social
media messaging. Customers should contact Client Services if they are in receipt of any type of text message or
beginning social media message representing it’s from TradeStation.
Advanced Firewalls
We utilize advanced hardware and software firewalls to prevent unauthorized parties from gaining access to our systems
and your personal information.
Unique Usernames and Strong Encrypted Passwords
To aid in the prevention of unauthorized access, all customers are required to select a unique username and a strong password when you open your first account. Passwords are required to meet minimum strength requirements, including overall length and a mixture of letters, numbers and special characters.
Strong Customer Login Verification Online
Whenever you attempt to log in from a web browser on an unknown device, you will be asked to answer one of your enhanced security questions after successfully entering your username and password to further validate your identity.
Session Timeouts
Our websites and mobile trading applications include an integrated timeout feature. After a period of inactivity, you will automatically be logged out to ensure the safety of your account and personal information.
Login Attempt Limitations
To deter possible threats from cybercriminals by way of scripted or computer-based attacks, we limit the number of failed concurrent login attempts permitted for any single user or from any specific device.
Extended Secure Website Verification
Whenever you are asked to enter your TradeStation login credentials online, it is critical that you can easily verify that the website is owned and operated by TradeStation. To make this possible, we have deployed extended verification security certificates (EV SSL) to our websites.
How You Can Protect Yourself
Identity theft and identity fraud refer to crimes in which someone wrongfully obtains and uses another person’s personal information in order to commit some form of fraud or deception, typically for economic gain. The consequences of identity theft and identity fraud can be very serious, often resulting in significant out-of-pocket expenses, a damaged credit rating and even denial of credit. It is therefore critical that you take measures to protect your money and reputation.
Use Only Trusted Computers and Devices
In general, it is advisable to avoid using public devices when accessing your account, as such devices may have been infected by a virus or other malware that could pose a risk.
Lock Your Computers and Devices When Not in Use
Require a password, PIN, fingerprint or other identification method to use your PC, tablet or mobile device.
Keep Your Computers and Devices Updated
Most major software companies regularly release updates or patches to their software to address security problems. You can minimize your exposure to attacks by keeping your computer updated. A best practice is to set your computer to receive automatic updates whenever possible.
Use Anti-virus and Anti-malware Software
Anti-virus software protects your system from viruses, malware, spyware and Trojan horse programs that can intercept and relay information found on your system without your consent. Enroll in automatic updating to ensure that you are protected from the latest threats as they are discovered.
Disable File and Printer Sharing
When you are not connected to a private network that you trust, it is recommended that you disable file and printer sharing on your device to avoid permitting unintended folder and file access.
Encrypt Your Data
As a best practice, encrypt the data on your portable PCs and mobile devices just in case you should ever lose a device by accident or theft.
Use a Hardware Firewall and/or a Personal Software Firewall
A firewall controls how information moves between a computer and the local network or Internet, to help ensure that only desired traffic is permitted. When properly configured, a hardware firewall can effectively hide the presence of the devices behind it, making it significantly more difficult for an intruder to communicate with them.
Use Mobile Security Software on Your Mobile Device
Mobile devices are used every day to access information, manage various accounts and perform other business online. To ensure you are better protected while on the go or in the event that you lose your device, we recommend installing mobile security software. In addition to providing additional protection from viruses, malware, and spyware, some mobile security software allows you to remotely manage your devices, such as locating a lost device by its GPS location or deleting all data in the event of theft.
As the TradeStation mobile app expands its capabilities, there are several new features that integrate directly with the operating system (such as Today Widgets, or Siri voice commands). For your protection, please ensure that your device(s) always remain locked when unattended.
Be Smart about the Mobile Apps You Install
Ensure that you are installing applications from trusted sources, and that you thoroughly review each application’s access permissions, as well as the developer’s privacy policy, before using the software.
Verify Email Sources and Use Spam Email Filtering Software
Many online scams today involve the receipt of email that appears to come from a trusted source. Always be vigilant with your email, especially when it is from an unknown source, as well as emails that appear to convey a sense of urgency or ask you to click on links. Whenever in doubt, simply browse directly to the sending organization’s website by typing its address into your web browser. Alternatively, you may verify the legitimacy of a suspicious email by contacting the sending organization directly through its provided contact information.
Legitimate businesses will never ask you for sensitive information by email, such as your username, password, Social Security number or account information. To help reduce the amount of undesirable email you receive, enable spam filtering within your email client or purchase anti-spam software.
Never Download or Open Email Attachments from Unknown Sources
Opening attachments received through an unsolicited email is one of the most common delivery mechanisms for viruses and other malware. Always confirm the source of the email and the attachment, and be certain to scan the attachment for viruses before downloading.
Use Social Media Responsibly
If you participate in social media, bear in mind that what you share may become public and could be used by a criminal to aid in perpetrating a crime. Most important, be selective about whom you connect with through social media. Avoid publicizing where you live, where you work or where you go to school. Avoid publicizing your current location. Be certain not to share private information that may have been used for secret questions, such as those used to reset a password. Regularly monitor your social media preferences and privacy settings.
Firm Imposter Scam
Scammers may try to reach out to you through a phone call, text message, email, or social media. They are taking advantage of the online presence of firms and impersonating firm representatives. They may create a phony online presence and attempt to collect personal information from you. In addition, scammers may also attempt to induce you to send payment, that may include but is not limited to, wiring money, or sending cryptocurrency. You will not be asked to send any form of payment by a TradeStation employee or representative until you complete the account opening process, and all forms of payment are processed through our secure portal. Please be advised that TradeStation is not liable for any payment that you may make directly to a scammer. The Federal Trade Commission has issued steps you can take if you believe that you have been a victim of a scam.
Monitor Your Account
Regularly review your account balances and positions. Take notice if statements do not arrive on time. Be sure to open in a timely manner all online and offline communications from the financial institutions with which you do business. Report suspected fraud immediately.
Maintain Accurate Account Information
In the event that we detect unusual or suspicious activity relating to your account, it is critical that we are able to contact you immediately. Should your contact information change, log in to the TradeStation Client Center and update your information (e.g., telephone numbers, email address, mailing address).
Username and Password Recommendations
- Never share your username or password with anyone.
- Don’t re-use usernames or passwords between different accounts
- Never use sensitive information as part of your username or password
- Avoid easy-to-guess or predictable passwords, such as those containing your name, birthday, phone number, pets’ names or Social Security number.
- Keep your passwords and reminders in a safe place. Print them and store them in a safe location in your home, or consider purchasing a software password-keeper solution.
- Consider changing your passwords periodically.
Two-Factor Authentication
Two-Factor Authentication is a security feature available in the Client Center that adds an extra layer of protection when accessing your TradeStation accounts. Once this feature is enabled, when you login from an untrusted device you will either be asked to approve the log in request from your mobile device, or you will be asked to enter a 6-digit verification code to verify your identity.
Avoid Phishing Attacks
Phishing is when someone attempts to steal personal or financial information by impersonating a trustworthy entity. Phishing often begins with an email or other communication asking for sensitive information, such as your username, password or other sensitive account information.
- Only enter your credentials when you are on a website that ends with .tradestation.com.
- Use search engines to find the “right” website for the business you are seeking. Search engines will correct misspellings in providing recommended results.
- Never enter information into an unsecured website.
- Be skeptical of emails peddling offers or making claims that seem too good to be true. Ask yourself if you have a real business relationship with the sender.
- Test your phishing knowledge and learn more about how to spot potential threats.
Avoid Using Unsecured Wireless (Wi-Fi) Networks
In order to make network access easier, public Wi-Fi hot spots often turn their security off. This means that any information you send from this hot spot likely will not be encrypted and could be intercepted or altered by a criminal. To avoid automatically joining these networks, change your device settings to only allow connections to secured networks, or simply disable your Wi-Fi adapter when not in use.
Do Not Share Your Account Number with Anyone
You should only provide your account number if you have directly contacted a trusted TradeStation representative for assistance, or if you must provide the account number to a known and trusted third party in order to authorize a desired action, such as transferring funds to or from another financial institution.
Request a Free Annual Credit Report
A free credit report is available to all U.S. residents every 12 months from the top three nationwide consumer credit reporting agencies: Equifax, Experian, and TransUnion. For more information, visit http://annualcreditreport.com/.
Consider Enrolling in an Identity Monitoring and Theft Prevention Service
These providers offer real-time monitoring of your identity as well as your credit, and may be able to prevent or alert you to potential threats as they occur.
Vulnerability Disclosure Policy
TradeStation is deeply committed to maintaining the security of our systems and protecting confidential and personal information from unauthorized disclosure.
While we appreciate you bringing security issues to our attention, please be advised that performing security testing against our systems without our written authorization is unlawful and could result in civil or criminal legal actions. Security researchers are requested to only engage in security testing activities when authorized.
If you have inadvertently found a vulnerability in one of our products or services and would like to report it to our security team, you can let us know by sending an email to ClientExperience@TradeStation.com and including the following information in your vulnerability report:
- A description of the nature of the vulnerability identified and how it was detected, including any information regarding exploitation of the vulnerability.
- The exact steps for us to follow to reproduce the issue.
- Screenshots and URLs to explain your findings
Once we receive the information, we will perform a thorough review and respond in a timely manner.
Please be aware that TradeStation does not offer rewards or “bug bounties” for vulnerability reports.
ID3008831D0723
