Customer Security and Anti-Fraud Protection

The prevalence of online fraud and identity theft poses serious risks.

At TradeStation, protecting the safety and security of your accounts and identity is of the utmost importance. As your partner in online security, we leverage our technologies and operational best practices in order to keep your valuable accounts and private information safe. Of course, there is much that you can do to better protect yourself online as well.

How We Protect You

We know that TradeStation customers need to be able to access their accounts safely and securely online from a variety of devices while at home, the office, or on the go. TradeStation uses secure technologies and other internal measures to ensure that every time you access your account, you can do so with confidence. Here are just a few ways in which we work to keep your account secure.

Account and Trade Monitoring

We leverage sophisticated tools and employ highly trained anti-fraud and anti-money-laundering specialists to continuously monitor our systems and customer accounts, aid in the detection of suspicious activities and ensure that we are able to respond quickly.

Customer Alerts

We will notify you whenever significant changes are made to your customer profile or your accounts, such as changes to your login credentials, contact information, account settings, and more.

Strict Privacy Policies

TradeStation Group, Inc. and its subsidiary companies are committed to protecting the confidentiality and security of information we collect about you. We will not share non-public information about you with third parties outside of our securities affiliate’s clearing firm(s) without your consent, or as is required to perform routine business operations, such as processing transactions, account maintenance, legal investigations, and credit bureau reporting. To learn more about how TradeStation protects your privacy, please read our Privacy Policy.

Encrypted Communications

Our secure websites and applications use a 256-bit data encryption (TLS/SSL) to protect your accounts while you access and manage them online.

Advanced Firewalls

We utilize advanced hardware and software firewalls to prevent unauthorized parties from gaining access to our systems and your personal information.

Unique Usernames and Strong Encrypted Passwords

To aid in the prevention of unauthorized access, all customers are required to select a unique username and a strong password when you open your first account. Passwords are required to meet minimum strength requirements, including overall length and a mixture of letters, numbers and special characters.

Strong Customer Login Verification Online

Whenever you attempt to log in from a web browser on an unknown device, you will be asked to answer one of your enhanced security questions after successfully entering your username and password to further validate your identity.

Session Timeouts

Our websites and mobile trading applications include an integrated timeout feature. After a period of inactivity, you will automatically be logged out to ensure the safety of your account and personal information.

Login Attempt Limitations

To deter possible threats from cybercriminals by way of scripted or computer-based attacks, we limit the number of failed concurrent login attempts permitted for any single user or from any specific device.

Extended Secure Website Verification

Whenever you are asked to enter your TradeStation login credentials online, it is critical that you can easily verify that the website is owned and operated by TradeStation. To make this possible, we have deployed extended verification security certificates (EV SSL) to our websites. Simply look for the green security verification indicator in your web browser’s address bar. If you do not see the TradeStation Securities, Inc. or TradeStation Technologies, Inc. display, you should not enter your login credentials or any other information about your accounts.

Examples

(as displayed by Google Chrome):

How You Can Protect Yourself

Identity theft and identity fraud refer to crimes in which someone wrongfully obtains and uses another person’s personal information in order to commit some form of fraud or deception, typically for economic gain. The consequences of identity theft and identity fraud can be very serious, often resulting in significant out-of-pocket expenses, a damaged credit rating and even denial of credit. It is therefore critical that you take measures to protect your money and reputation.

Use Only Trusted Computers and Devices

In general, it is advisable to avoid using public devices when accessing your account, as such devices may have been infected by a virus or other malware that could pose a risk.

Lock Your Computers and Devices When Not in Use

Require a password, PIN, fingerprint or other identification method to use your PC, tablet or mobile device.

Keep Your Computers and Devices Updated

Most major software companies regularly release updates or patches to their software to address security problems. You can minimize your exposure to attacks by keeping your computer updated. A best practice is to set your computer to receive automatic updates whenever possible.

Use Anti-virus and Anti-malware Software

Anti-virus software protects your system from viruses, malware, spyware and Trojan horse programs that can intercept and relay information found on your system without your consent. Enroll in automatic updating to ensure that you are protected from the latest threats as they are discovered.

Disable File and Printer Sharing

When you are not connected to a private network that you trust, it is recommended that you disable file and printer sharing on your device to avoid permitting unintended folder and file access.

Encrypt Your Data

As a best practice, encrypt the data on your portable PCs and mobile devices just in case you should ever lose a device by accident or theft.

Use a Hardware Firewall and/or a Personal Software Firewall

A firewall controls how information moves between a computer and the local network or Internet, to help ensure that only desired traffic is permitted. When properly configured, a hardware firewall can effectively hide the presence of the devices behind it, making it significantly more difficult for an intruder to communicate with them.

Use Mobile Security Software on Your Mobile Device

Mobile devices are used every day to access information, manage various accounts and perform other business online. To ensure you are better protected while on the go or in the event that you lose your device, we recommend installing mobile security software. In addition to providing additional protection from viruses, malware, and spyware, some mobile security software allows you to remotely manage your devices, such as locating a lost device by its GPS location or deleting all data in the event of theft.

As the TradeStation mobile app expands its capabilities, there are several new features that integrate directly with the operating system (such as Today Widgets, or Siri voice commands). For your protection, please ensure that your device(s) always remain locked when unattended.

Be Smart about the Mobile Apps You Install

Ensure that you are installing applications from trusted sources, and that you thoroughly review each application’s access permissions, as well as the developer’s privacy policy, before using the software.

Verify Email Sources and Use Spam Email Filtering Software

Many online scams today involve the receipt of email that appears to come from a trusted source. Always be vigilant with your email, especially when it is from an unknown source, as well as emails that appear to convey a sense of urgency or ask you to click on links. Whenever in doubt, simply browse directly to the sending organization’s website by typing its address into your web browser. Alternatively, you may verify the legitimacy of a suspicious email by contacting the sending organization directly through its provided contact information.

Legitimate businesses will never ask you for sensitive information by email, such as your username, password, Social Security number or account information. To help reduce the amount of undesirable email you receive, enable spam filtering within your email client or purchase anti-spam software.

Never Download or Open Email Attachments from Unknown Sources

Opening attachments received through an unsolicited email is one of the most common delivery mechanisms for viruses and other malware. Always confirm the source of the email and the attachment, and be certain to scan the attachment for viruses before downloading.

Use Social Media Responsibly

If you participate in social media, bear in mind that what you share may become public and could be used by a criminal to aid in perpetrating a crime. Most important, be selective about whom you connect with through social media. Avoid publicizing where you live, where you work or where you go to school. Avoid publicizing your current location. Be certain not to share private information that may have been used for secret questions, such as those used to reset a password. Regularly monitor your social media preferences and privacy settings.

Monitor Your Account

Regularly review your account balances and positions. Take notice if statements do not arrive on time. Be sure to open in a timely manner all online and offline communications from the financial institutions with which you do business. Report suspected fraud immediately.

Maintain Accurate Account Information

In the event that we detect unusual or suspicious activity relating to your account, it is critical that we are able to contact you immediately. Should your contact information change, log in to the TradeStation Client Center and update your information (e.g., telephone numbers, email address, mailing address).

Username and Password Recommendations

  • Never share your username or password with anyone.
  • Don’t re-use usernames or passwords between different accounts
  • Never use sensitive information as part of your username or password
  • Avoid easy-to-guess or predictable passwords, such as those containing your name, birthday, phone number, pets’ names or Social Security number.
  • Keep your passwords and reminders in a safe place. Print them and store them in a safe location in your home, or consider purchasing a software password-keeper solution.
  • Consider changing your passwords periodically.

 

Enable Two-Step Verification

Two-Step Verification is a security feature available in the Client Center that adds an extra layer of protection when accessing your TradeStation brokerage accounts. Once this feature is enabled, you will be required to provide two factors or means of authentication when you log in to your TradeStation account: Your user name and password and a six-digit security code from your Symantec VIP credential or token. Learn more.

Avoid Phishing Attacks

Phishing is when someone attempts to steal personal or financial information by impersonating a trustworthy entity. Phishing often begins with an email or other communication asking for sensitive information, such as your username, password or other sensitive account information.

  • Only enter your credentials when you are on a website that ends with .tradestation.com.
  • Look for the green security label next to your web browser’s address bar. If you do not see TradeStation Securities, Inc. or TradeStation Technologies, Inc. displayed, you should not enter your login credentials or any other information about your accounts.
  • Examples (as displayed by Google Chrome):
  • Use search engines to find the “right” website for the business you are seeking. Search engines will correct misspellings in providing recommended results.
  • Never enter information into an unsecured website.
  • Be skeptical of emails peddling offers or making claims that seem too good to be true. Ask yourself if you have a real business relationship with the sender.
  • Test your phishing knowledge and learn more about how to spot potential threats.

Avoid Using Unsecured Wireless (Wi-Fi) Networks

In order to make network access easier, public Wi-Fi hot spots often turn their security off. This means that any information you send from this hot spot likely will not be encrypted and could be intercepted or altered by a criminal. To avoid automatically joining these networks, change your device settings to only allow connections to secured networks, or simply disable your Wi-Fi adapter when not in use.

Do Not Share Your Account Number with Anyone

You should only provide your account number if you have directly contacted a trusted TradeStation representative for assistance, or if you must provide the account number to a known and trusted third party in order to authorize a desired action, such as transferring funds to or from another financial institution.

Request a Free Annual Credit Report

A free credit report is available to all U.S. residents every 12 months from the top three nationwide consumer credit reporting agencies: Equifax, Experian, and TransUnion. For more information, visit http://annualcreditreport.com/.

Consider Enrolling in an Identity Monitoring and Theft Prevention Service

These providers offer real-time monitoring of your identity as well as your credit, and may be able to prevent or alert you to potential threats as they occur.

Report Suspected Fraud

If you suspect that you may be the victim of fraud, or if you believe you have been presented with a suspicious email, website, or mobile application claiming to be provided by TradeStation, please follow the appropriate steps as outlined below as soon as possible.

What to Do If You Suspect Identity Theft or Account Fraud

If you believe you may be a victim of identity theft or account fraud, it is important that you take steps immediately to help minimize the problem.

  1. Call TradeStation Client Services Immediately
    Contact us to report your concerns so that we can investigate.
  2. Contact the Fraud Department at All Three Major Credit Bureaus
    Report to each bureau that you may be the victim of identity theft or account fraud. Ask each bureau to place a fraud alert on your credit line. Request information about additional services available to you, and what other rights you may have.

  3. Request a FREE credit report

    A free credit report should be available to you upon reporting suspected fraud to each of the credit bureaus. Alternatively, you can request a free report once a year from each of the three major credit bureaus through the following U.S. government-sponsored website: http://annualcreditreport.com/

    Review your credit report(s) carefully for anything out of the ordinary or unexpected. Report any inaccuracies or indications of fraud to the credit bureaus as soon possible.

  4. Close Any Account Opened or Used for Fraud
  5. Change Your Usernames and Passwords on All Online Accounts
  6. Create an Identity Theft Report with the Federal Trade Commission (FTC)
  7. File a Police Report

    When you file your police report, be sure to include a copy of your FTC Identity Theft Affidavit as well as any other evidence or proof of fraudulent activity that you may have. You will likely also need to provide a government-issued ID with a photo and proof of address (utility bill or pay stub) during processing. Be sure you request copies of your police report, including the report number, before you leave.

  8. Document Everything

    Maintain a detailed record of all information you collect during your investigation and reporting, as well as a complete record of all communications with government agencies, credit bureaus and your financial institutions.

How to Report a Suspicious Email

If you have received an email that you feel may be fraudulent, and want to confirm that the email was in fact sent by TradeStation, we can help.

  1. Call TradeStation Client Services Immediately
    Contact us to report your concerns so that we can investigate.
  2. Send Us a Copy of the Message
    You may forward or attach the original email. Be sure to include the full name and phone number associated with your TradeStation account. It will also be helpful to know if you clicked on any of the links or images within the email, and if after doing so you entered any sensitive information, such as your login credentials, Social Security number, date of birth, etc.
    Send the message to phishing@tradestation.com.

    If We Confirm the Email Is Fraudulent, Report the Email to the Authorities
    You may forward or attach the original email.

    • United States Computer Emergency Readiness Team (US-CERT)

      phishing-report@us-cert.gov
    • Federal Trade Commission
      spam@uce.gov
    • Anti-Phishing Working Group (APWG)

      reportphishing@antiphishing.org
  3. File a Complaint with the Federal Trade Commission (FTC)
    Follow the FTC link provided below. The FTC will use the information you provide in its own investigations, along with its law enforcement partners, to detect patterns of fraud and identity theft. Learn more about the FTC’s role in reducing and responding to phishing scams.
    https://www.ftccomplaintassistant.gov

How to Report a Suspicious Website

If you have discovered a website that you feel may be fraudulent, and want to confirm that the website is in fact owned and operated by TradeStation, we can help.

  1. Call TradeStation Client Services Immediately

    Contact us to report your concerns so that we can investigate.

    It will also be helpful to know if you clicked on any of the links or images within the website, and if after doing so you entered any sensitive information, such as your login credentials, Social Security number, date of birth, etc.

    Send the URL (website address) to phishing@tradestation.com.

  2. File a Complaint with the Federal Trade Commission (FTC)

    Follow the FTC link provided below. The FTC will use the information you provide in its own investigations, along with its law enforcement partners, to detect patterns of fraud and identity theft. Learn more about the FTC’s role in reducing and responding to phishing scams.

    https://www.ftccomplaintassistant.gov

  3. If You Feel You May Have Been Tricked by a Phishing Website

    You may forward or attach the original email. Be sure to include the full name and phone number associated with your TradeStation account. It will also be helpful to know if you clicked on any of the links or images within the email, and if after doing so you entered any sensitive information, such as your login credentials, Social Security number, date of birth, etc.

How to Report a Suspicious Mobile App

If you encounter a mobile application that you feel may be fraudulent, and want to confirm that the mobile app is in fact developed and offered by TradeStation or a TradeStation affiliate, we can help.

  1. Call TradeStation Client Services Immediately

    Contact us to report your concerns so that we can investigate.

    It will also be helpful to know if you clicked on any of the links or images within the website, and if after doing so you entered any sensitive information, such as your login credentials, Social Security number, date of birth, etc.

    Send the URL website address to phishing@tradestation.com.

  2. File a Complaint with the Federal Trade Commission (FTC)

    Follow the FTC link provided below. The FTC will use the information you provide in its own investigations, along with its law enforcement partners, to detect patterns of fraud and identity theft. Learn more about the FTC’s role in reducing and responding to phishing scams.

    https://www.ftccomplaintassistant.gov

  3. If You Feel You May Have Been Tricked by a Fraudulent App

    You may forward or attach the original email. Be sure to include the full name and phone number associated with your TradeStation account. It will also be helpful to know if you clicked on any of the links or images within the email, and if after doing so you entered any sensitive information, such as your login credentials, Social Security number, date of birth, etc.