if someone steals your account and logs in, they could not withdraw any money as it’s a linked account but they could make a bunch of trades instead right? how can this be stopped? is there a way to have a confirmation before trades are executed? (password or login code for example)
Won’t be an issue when 2fa launches.
Every time you place a trade T212 will send you a contract note to your email address asking you to check the transaction and if you don’t recognise anything you would have to get in touch with them ASAP. The likelihood of someone continuing to trade without you knowing is limited. T212 will put a stop to it if you report straight away.
I get a contract note email at a later date than the trade (maybe a day later) it doesn’t say anywhere on it to check it’s valid or anything like that. I can just imagine the conversation with support…
me: hey I bought some tesla shares, but it wasn’t me my account got hacked…(tesla shares have since tanked 20% straight after)
The only thing they would be able to check is the identifying info based on the computer and location that executed the trades etc.
Even then though, it’s a tricky one - as if you use a VPN or clear cookies or change locations etc, you would be back to square one.
I think this would be a hard one to argue against. It would be a strange thing to occur though, I would expect if someone has the means to hack your password on here - say by phishing, they would then attempt to get the funds sold off and transferred elsewhere. Can’t honestly see the logical point of a hacker exposing themselves. Much better for them to lie in wait and work out a way to siphon funds out of the account to another payment method.
So, don’t lose any sleep on it - as soon as 2fa is out, you will be covered a little bit more, but the threat never goes away. Such is life.
Well you can notice quiet easily if your account was breached and reach to support.
Also I would suspect that T212 can see more in depth details on accessor, thus could distinguish your common pattern vs the attacker.
There are more subtle yet efficient ways to increase security via risk management of Location/Device/IP. But fancy buzzwords push notifications and such are predominantly demanded
yeah good points, it is a strange thing I was just thinking about. Maybe not a hacker which is a bit far fetched but for instance another family member could access your laptop for instance (I don’t enter my password each time to login it’s stored). Don’t think my previous broker had any trade confirmation either. cheers.
Yea, in that case you would not be covered. They would put that down to user error more than likely as the password was compromised.
true, maybe a nice feature would be to set a trade limit where over that limit you need to re-enter password to confirm trades. anyway, nice to have.
Yes you would notice but not for a while. I think a nice thing would be a real time notification when any trade is made. Like with your bank when it pings when you withdraw something. At least then you could get on it straight away and notify T212 rather than a day later get an email.
edit> i think there is actually a notification?, forget all that.
I get notifications when my trades go through, both in t212 notifications, and a push notification if I’m out of app
Passwords shouldn’t be used for anything, as mentioned above, 2FA may be close to be released and it may mitigate a bit some problems.
Getting an email (so 90s) the day after showing that half million of your portfolio was sold or all your available funds were used to by Nikola shares, it’s not the most optimised way to handle people life savings.