Security


Overview

The security of your assets and personal information is of utmost concern to us and we are committed to taking the steps necessary to make certain you are protected from the moment you open up your account. To learn more about the framework of safeguards we’ve implemented as well as steps you can take to further your protection, please review the topics above.

How We Protect Your Account
  • Authentication: Each account is associated with a unique username/ password combination which must be entered to access secure applications such as the Trader Workstation and Account Management. We enforce strict rules for creating passwords, including a minimum character length and the use of both alphabetic and numeric characters to prevent others from deciphering your information. For added security, IB supports two-factor authentication through our Secure Login System. Participants receive a personal security device which provides a randomly-generated security code. This code is used in conjunction with the username and password to access secure areas. The security code provided by the device changes upon each login attempt, making attacks by hackers and snoopers virtually impossible. Click here for additional details on the Secure Login System.

  • Communicating via the Internet: IB incorporates Secure Socket Layer (SSL) technology into the Trader Workstation and our website to establish a secure transmission connection and ensure the confidentiality and integrity of information passed to and from your computer. We deploy SSL using the strongest level of encryption, 128-bit, which prevents eavesdropping or tampering of information relating to your trades, banking instructions, statements or communications.

    To enable SSL with the Trader Workstation, check the “Use SSL” box on the login screen. Note that checking this box may cause you to experience minor performance impacts depending on the capabilities of your PC. When visiting our website and prior to logging into Account Management, look for https:// instead of http:// before the www.interactivebrokers.com Web address. The extra "s" stands for secure. Some browsers display a lock or key icon along the bottom, also indicating a secure SSL connection.

  • IP Restrictions: To provide an additional layer of security, IB allows you to restrict user access to the Trader Workstation to a specific list of IP addresses. Where multiple traders have been designated for an account, the restrictions can be set at the individual trader level.

  • Failed Login Attempts: To protect your account from access by unauthorized individuals, IB will restrict account access following a set number of failed login attempts.

  • Automatic Logoff: To limit the timeframe by which your private information may remain untended, our Account Management and WebTrader applications will automatically log you off after a period of inactivity.

  • Statements: All statements are posted to our Account Management area which is accessed through an SSL application as described above. While we offer email statements to our customers as a convenience, we do not encourage this alternative as we cannot attest to the security of commercial email systems.

  • Monitoring: We employ state-of-the-art transaction monitoring systems and maintain a dedicated security team that is responsible for detecting suspicious activity. If an unusual or suspicious transaction is noted, a member of this team may contact you to confirm the validity of the transaction. If contacted, you will never be asked to provide your password and we encourage that you call back and request to speak to the security team employee via our toll free number (1–877-442-2757) in order to first confirm their identity.
Customer Responsibilities

IB goes to great lengths to keep our customer’s accounts secure, but the customer must also practice “safe computing” to prevent breaches. Your cooperation in observing the guidelines below is an important component of our security efforts.

  • Password Creation & Administration: Minimize the likelihood of unauthorized individuals obtaining your password through the following:
    • Create a strong password using the maximum characters available and avoiding simple or duplicate alphabetic and numeric sequences or passwords containing personal information. Do not share your password with anyone.
    • Change your password frequently and do not use the same password for multiple systems.
    • Don’t use notes on your monitor, keyboard or desk to help you remember your passwords.
    • Do not enable any application features that would automatically log you in or pre-fill the username or password fields.
  • Employ Safe Practices: Follow the practices below to minimize the likelihood of your account being compromised:
    • Lock your computer if you’re leaving it for a period of time by setting up a password protected screensaver. Always turn off your computer when you have finished using it.
    • Avoid accessing your account from public computers which may have been targeted by hackers and keystroke-capture software. If you must use a public computer, use the virtual keyboard on the login window to avoid having your keystrokes captured, log out after accessing your account, and never leave the computer unattended while logged in. It’s also a good practice to clear the browser cache after logoff so that no sensitive information remains stored on the computer.
    • Do not share files unless it's absolutely necessary. It's a smart idea to disable the Windows file and printer sharing features, but if you decide to use these, make sure that you configure the access permissions with strong passwords, and only share for specific users.
    • We recommend that you turn on your pop-up blocker and set the filter to the highest possible level. Then either add the IB web site to your list of "trusted" sites, or disable your pop-up blocker while using this site.
    • Regularly check for security updates and patches for your operating system and use the most current version of your browser.
    • Use email safely, and delete messages that don’t originate from a trusted source as they may contain harmful attachments or may be an attempt to fraudulently obtain sensitive information. Turn off the "preview pane" in your email system as this function can allow some viruses to be executed even if you never open the email.
  • Install Security Software: Use/install security tools as noted below:
    • You should install both a hardware and software Internet firewall on your computer to control the flow of traffic to your computer. This is especially important if you are operating with a broadband connection and therefore maintaining continuous Internet access.
    • Use antivirus software to identify and eliminate viruses you may have downloaded to your computer accidentally. As new viruses are constantly being created, you need to update your antivirus software regularly.
    • Use anti-spyware software to detect and remove spyware programs which can collect various types of personal information, monitor your browsing activity and interfere with the control of your computer.
  • Maintain Accurate Information: In the event that we detect unusual or suspicious activity relating to your account, communication with you is essential. Accordingly, you should always ensure that the contact information you have provided (e.g., telephone numbers, email address) remains accurate. To update any personal information, please log into Account Management and select the User Management and then User Information menu options.

  • Monitor Your Account: Regularly check your account balance and positions through the Trader Workstation and the daily statements available through Account Management. Immediately report anything suspicious toll free in the US at (877) 442-2757 or direct at (312) 542-6901.

  • Cooperate: In the event that your account is ever compromised, we recommend that you cooperate fully with our security team to investigate the source of any fraudulent activity, take the steps necessary to further protect the account and work to restore full account access.
Know the Threats
  • Phishing: Thieves use phishing to obtain sensitive information by masquerading as a trustworthy institution. This is typically carried out via email which contains a link to what appears to be an authentic website. These counterfeit sites prompt you to enter your personal information, which the thieves then use to access your accounts. Note that IB will never send an email requesting sensitive information such as your password. If you receive a suspicious email which identifies itself as originating from IB do not respond, and immediately notify our security team by calling toll-free in the US at (877) 442-2757 or direct at (312) 542-6901.

  • Spyware: This refers to software inadvertently downloaded from the Internet that covertly gathers information from your computer without your knowledge. Once installed, spyware monitors user activity on the Internet and transmits that information (including usernames and passwords) to an unauthorized recipient. You should install anti-spyware software on your computer to detect and remove spyware.

  • Viruses, Worms & Trojan Horses: These malicious programs can cause severe and irreparable damage to your hardware, software or files, and in some cases can open your system to unauthorized access and possibly allow confidential information to be compromised. These programs, which differ on how they spread and replicate, are best controlled by first ensuring that your operating system is up-to-date and then installing anti-virus software, making sure that you frequently download updates to obtain the latest fixes.

For further information about securing your home computer and protecting your privacy see:

CERT® Coordination Center
Home Network Security:
http://www.cert.org/tech_tips/home_networks.html

Security Focus - Securing Privacy, Part One: Hardware Issues:
http://www.securityfocus.com/infocus/1568

Security Focus - Securing Privacy, Part Two: Software Issues:
http://www.securityfocus.com/infocus/1573

Security Focus - Securing Privacy Part Three: Email Issues:
http://www.securityfocus.com/infocus/1579

Security Focus - Securing Privacy Part Four: Internet Issues:
http://www.securityfocus.com/infocus/1585

Secure Login System

Overview

To provide you with the highest level of online security, Interactive Brokers has implemented a Secure Login System under which access to your account is subject to two-factor authentication. Two-factor authentication confirms your identity using two security factors – something you know (your username and password combination) and something you have (an IB issued security device which generates a random, single-use security code). As both knowledge of your username/password and physical possession of the security device are required to login to your account, participation in the Secure Login System virtually eliminates the possibility of anyone other than you accessing your account.

IB provides a range of security devices, each tailored to meet the portability and security needs of your particular account. IB is enrolling groups of customers in phases, during which you will receive one of three different types of devices:

  • Security Code Card
  • Alpine Device
  • Gold/Platinum Devices

Subscription

If you haven’t already received a device you will need to log into Account Management and select the Secure Login System link in the User Management menu. A subscription page will appear providing an overview of the Secure Login System and the device assigned to your account, along with a link to confirm your subscription.

Delivery

The delivery schedule depends on the type of security device you will be receiving. Security Code Cards1 are shipped several times a week via regular mail. Alpine Devices2 are shipped several times a week via express mail. Platinum/Gold3 security devices are shipped every day via express mail if your request has been completed prior to 13:00 ET on a US business day. Depending on your location and the capabilities of the shipper, a delivery tracking number will be made available after 18:00 ET on the shipping date. You can view this tracking number by clicking the Activate IB Security Device link available in the User Management menu in Account Management after that time or by calling technical assistance at 1-877-442-2757, Option 2, then 6.

Activation

After you receive the security device, log into Account Management and select either Activate IB Security Device4 or Security Code Card Activation5 from the User Management menu. What you see depends on the type of device that you received. From there, follow the instructions to supply information you received upon subscription or from the device itself.

Once your device has been activated, each login attempt to either Account Management or Trader Workstation will require the two authentication factors – your user name and password combination and the security code generated by your device. When you successfully log in, your account will be secured with full perimeter coverage, protecting both cash and positions from unauthorized access. Additional information regarding the Secure Login System may be found in the FAQ section.

Account Type Qualification Specifics
Individuals All individuals will receive a secure device. There are three variations of the device which will be explained to customers during the subscription process.
Advisors All Advisors and their sub accounts will receive a secure device.
Institutions Master and Sub accounts will receive a device tailored to their access permissions.
Brokers Brokers who wish to participate in the Secure Login System will receive devices. Masters will receive the most secure device, while their customers will receive white labeled devices.

IB Security Devices

Click one of the following links to learn how to use your IB security device:

Accounts without any additional security are limited in the amount of money that can be withdrawn or transferred in one day, and in any five day period. Clients using the more sophisticated Alpine Devices are able to withdraw larger amounts. Our top level Gold and Platinum systems are available to clients with substantial balances providing state-of-the-art protection and allowing unlimited funds withdrawals.

To reduce the need for multiple devices we introduced the ability to share a security device between multiple usernames registered to the same individual.

We strongly suggest that clients with balances above 500,000 USD subscribe to our Gold or Platinum systems, while clients with balances between 100,000 and 500,000 USD may find that our Alpine Device provides the appropriate combination of convenience and security.

Withdrawal Limits for IB Customers

Security Device
Maximum Withdrawal per Day
 Maximum Withdrawal in 5 Business Days
None 50K USD
 100K USD
Security Code Card
 200K USD 600K USD
Alpine Device 500K USD 1.5M USD
Gold Unlimited Unlimited
Platinum Unlimited Unlimited


Notes:
  • [1] Security Code Card: This resembles a credit card with 224 alpha-numeric codes.
  • [2] Alpine Device: This is a small blue oval device with an LCD and keychain clip.
  • [3] Gold/Platinum: This is a black rectangular device which has a numeric keypad and an LCD and resembles a small calculator.
  • [4] The Activate IB Security Device link will be displayed in the User Management menu in Account Management if you were sent an Alpine or Gold/Platinum device.
  • [5] The Security Code Card Activation link will be displayed in the User Management menu in Account Management if you were sent a Security Code Card.

Secure Login System FAQs

Please note that the information below is subject to change and should be referred back to for the most up-to-date information.

Can I start the enrollment process prior to IB sending me an invitation?
If your account equity exceeds $100,000 (or US equivalent) and you haven’t already received an invitation, you may subscribe by logging into Account Management and selecting the Secure Login System menu item. Other customers may request an invitation by sending an IB Inquiry Ticket through Account Management or contacting the Secure Login System Department at 1- 877- 442-2757, option 6.

Prior to submitting a request we recommend that you verify that the email address listed for your account in Account Management is accurate and that your Internet Service Provider has not routed an email invitation into your spam folder.

Does it cost anything to participate in the Secure Login System?
The is no charge to participate in the Program, however, if your device is lost, damaged or stolen or if you close your account and fail to return the device, a charge will be assessed to cover its cost. This charge, which is a function of the device provided, ranges from 40.00 – 150.00 USD.

Is participation in the Secure Login System mandatory?
IB strongly urges all customers to participate in the Program, although participation is voluntary. You should be aware, however, that if you choose not to accept the security device and participate IB will not compensate you or credit your account in the event it is compromised by hackers or identity thieves. In addition, if you choose not to get an IB Security Device, please be aware of the following:

  • Customers who are not signed up for an IB Security Device can only withdraw a maximum of 50,000 USD in any one day.
  • Customers who are not signed up for an IB Security Device must wait 10 days to wire funds from their account after any change to the banking instructions for their account and must wait 10 days to withdraw funds by check after any change to their address information.
  • Under the IB Customer Agreement, customers are responsible for all transactions initiated using their user name and password.

Customers choosing not to participate are required execute a Notice and Acknowledgement agreement confirming their understanding and agreement with these terms. To request this agreement please send an IB Inquiry Ticket (Located in Account Management) selecting the main category of “Account Services” and “Security Device: Enrollment/Termination/Replacement” for the secondary category.

I successfully confirmed my enrollment invitation but have not yet received a security device. What should I do?
Most deliveries can be tracked by obtaining the tracking number provided through the Activate IB Security Device Link in Account Management and then verifying the delivery status using that number and the tracking page on designated shipper’s website. In addition, while we make every effort to ensure that your address is current before shipping, you should also verify through Account Management that the address listed for your account is accurate.If either your address or the tracking information is inaccurate, please contact the Secure Login System Hotline at 1 (203) 618-4006.

Is it safe to send the security device by mail?
Yes. The security device does not become operational until: a) you have activated it using the confidential information provided to you at the time you subscribed or b) a specific number of days have elapsed since the device was sent, depending on the type of device. The Bronze device is activated after 14 days; all others are activated after 7 days. Even if the device was intercepted, nobody could access your account without having both your confidential security information and your IB Username and Password.

Once I’ve received my security device, when am I required to activate it?
Once Secure Login Devices have been shipped via regular mail or overnight delivery, users will have fourteen days (for a Bronze device) and seven days (for all other levels of device) by which to activate the device before account access becomes restricted. If you have received your device and are unable to activate it for any reason, including the lapse of this seven or fourteen day period, please contact the Secure Login System Department at 1- 877- 442-2757, option 6.

How do I operate my security device?
IB will issue you one of four types of security devices and your Account Management and Trader Workstation login prompts are synchronized to operate with a specific device. Instructions for operating these devices are available within Account Management and through the links below:
Bronze security device
Silver security device
Gold/Platinum security device

I’ve typed in the correct Security Code but cannot log in.
Try reloading your browser and logging in again, making sure that you’ve correctly entered your User Name, password and the Security Code from your device. If you continue to have problems, please contact the Secure Login System Hotline at 1 (203) 618-4006.

Will my security device work when traveling?
As long as you have Internet access and can reach the Interactive Brokers website (www.interactivebrokers.com) your security device should be operational regardless of your physical location.

What if I need to log in and don’t have the security device within my possession?
If you do not have your device but require access to either Account Management or Trader Workstation, please contact the Secure Login System Department at 1- 877- 442-2757, option 6. We will verify your identity and provide you with temporary access.

Can multiple IB accounts be managed by a single security device?
A common security device can be used to access multiple accounts as long as the user identification of the accounts is identical. To request this functionality log into Account Management and then select the User Management and Secure Login Device Sharing menu options. You may then specify the User Names and passwords of the account for which you would like to share a single device. Please note that for some customers, review and approval by Interactive Brokers staff will be required prior to processing your request.

Can joint owners of a single IB account each receive a security device?
Joint account holders may request a device by sending an IB Inquiry Ticket through Account Management or contacting theSecure Login System Department at 1- 877- 442-2757, option 6. When sending your Inquiry Ticket, please select the main category of “Account Services” and “Security Device: Enrollment/Termination/Replacement” for the secondary category.

How do turn my security device off?
You can either push the button or wait approximately 60 seconds after which time the device will shut off automatically.

Does the security device require any special care?
The device is designed to withstand the stress from normal handling and use, but is susceptible to damage if exposed to water, extreme temperatures and weight loads or being dropped from excessive heights. The device also contains tamper-proof features which may cause it to malfunction if you attempt to open it.

Where should I store my security device?
Our security devices are portable by design so that you can access your account whenever you’re away from your home or office. Depending on the device, you may wish to attach it to your key-chain or carry in a wallet or purse. For security purposes we do not recommend storing the device alongside your computer.

How long will the battery in my security device last?
For security devices which are battery operated, with the battery designed to last between 3 -5 years. When it begins to run low, a “BATT” message will be displayed at which point you should contact the STP Hotline at 1 (203) 618-4006 for a replacement.

What should I do if my security device is lost, damaged or stolen?
In the event your device is lost, damaged or stolen you should immediately contact the STP Hotline at 1 (203) 618-4006. Once we have verified your identity arrangements will be made to ship you a replacement and provide you with interim access. Also note that IB assesses a charge to cover the cost of lost, damaged or stolen devices. This charge, which is a function of the device provided, ranges from 40.00 – 150.00 USD.

How do I return the security device if I close my account?
If you close your IB account or end your enrollment in the Secure Login System, please package the IB Security Device securely and return it to Interactive Brokers via regular mail or overnight courier at the following address:

Interactive Brokers LLC
ATTN: Identity Secure Login Device Return
Two Pickwick Plaza
Greenwich, CT 06830

If I lose my security device and someone finds it are they able to access my account?
Anyone attempting to log into your account with the device will also need your User Name and password. It is important that you do not affix this sensitive information to your device or share it with anyone. Also remember to contact the STP Hotline at 1 (203) 618-4006 to report the lost device.

Are there any limitations associated with the security device?
Because physical possession of the device is necessary to access your account, the account aggregation services offered by other financial institutions (e.g., Yodlee, CashEdge) will be blocked and may result in restricted access to your account as a result of excessive failed login attempts. As a reminder, the IB Customer Agreement specifically prohibits customers from allowing anyone to access their account unless IB has been notified and agrees to provide such access.

What is the best way to contact IB with questions regarding the Secure Login System?
For general questions about the STP program please send an IB Inquiry Ticket (Located in Account Management) or select the Technical Assistance option in the IB phone menu. When sending your Inquiry Ticket, please select the main category of “Account Services” and “Security Device: Enrollment/Termination/Replacement” for the secondary category. If you are enrolled in the Program and unable to access your account, please contact the STP Hotline at 1 (203) 618-4006.

Withdrawal Limits

STP Device
Maximum Withdrawal per Day
 Maximum Withdrawal in 5 Business Days
None 50K USD
 100K USD
Security Code Card
 200K USD 600K USD
Alpine Device 500K USD 1.5M USD
Gold Unlimited Unlimited
Platinum Unlimited Unlimited
Report Suspicious Activity

If you believe that your account has been compromised, you should immediately notify IB by calling toll-free in the US at (877) 442-2757 or direct at (312) 542-6901 and requesting to speak to a member our Security Team. We will take the necessary actions to secure your account and investigate the source of any fraudulent activity and work to restore full account access.

Interactive Brokers Group Privacy Statement

The Interactive Brokers Group does not sell or license information about Interactive Brokers customers to third parties, nor do we sell customer lists or customer e-mail addresses to third-party marketers.

At IB, we understand that the confidentiality and security of the personal information that you have shared with us is important to you. That's why we have developed specific policies and practices that are designed to protect the privacy of your personal information. By opening an account with IB or by utilizing the products and services that are available through IB, you have consented to the collection and use of your personal information in accordance with the privacy policy set forth below. We encourage you to read this privacy statement carefully.

In order to provide brokerage services and in compliance with regulatory requirements, IB collects certain personal, non-public information from you. This includes information that you provide during the IB account application process (e.g., your name, e-mail address, telephone number, birth date, social security number, investment objectives, etc.), and acquired as a result of the transactions you conduct through the IB system. We safeguard the confidentiality of your information in a number of ways. For example:

  • We do not sell or license lists of our customers or the personal, non-public information that you provide to us.

  • We restrict access to the personal, non-public information that you have shared with us to those IB employees, agents, and affiliates who need to know such information in connection with the services that IB provides to you.

  • We maintain strict employment policies that prohibit employees who have access to your personal, non-public information from using or disclosing such information except for business purposes.

  • We take substantial precautions to safeguard your personal, nonpublic information. For example, the IB system can be accessed only by authorized IB personnel via valid user names and passwords. In addition, our Internet-based systems include security measures such as encryption and firewalls.
    IB uses the personal, nonpublic information that we collect from you to service your account (e.g., to qualify you for trading the products and using the services available through the IB system and to execute and confirm your IB transactions). In doing so, we may share such information with our employees, agents, and affiliates.

IB also collects and uses information acquired from "cookies." "Cookies" are bits of textual information that are sent electronically from a web server to your browser and are stored on your computer. They do not identify you individually nor do they contain personal information about you, unless you have identified yourself or provided the information by, for example, opening an account or registering for an on-line service. IB may use cookies to measure and identify website traffic patterns and to track the performance of web features and advertisements. By providing IB with a better understanding of how you and others use IB's websites and other web services, cookies enable IB to improve the navigation and functionality of its websites and to present the most useful information and offers to you. IB may share information obtained from cookies with its employees, agents and affiliates, but does not sell such information to unaffiliated third parties. IB may permit other companies or their third party ad servers to set cookies on your browser when you visit an IB website. Such companies generally use these cookies as we do.

We do not disclose personal, nonpublic information to individuals or entities that are not affiliated with IB, except as provided by law. For example, among other reasons we may disclose or report such information: where necessary to authorize, effect, administer, or enforce transactions that you request or authorize; to maintain and administer your account; to provide you with account confirmations, statements and records; to maintain appropriate archival records; where we believe that disclosure is required by applicable law, rules or regulations; to cooperate with law enforcement or regulatory or self-regulatory organizations; to enforce our customer and other agreements; to meet our obligations, or to protect our rights and property.

Finally, if you choose to subscribe to any of the Trader's Toolbox suite of third-party services that are provided through the IB website, we may disclose such information to the service providers as necessary for them to provide the services that you have requested. IB requires these service providers to enter into confidentiality agreements with IB that limit their use of the information that they receive. Such agreements prohibit the service provider from using IB customer information that they receive other than to carry out the purposes for which the information was disclosed. If you have any questions about these policies, please contact IB Customer Service through the IB website at the Customer Service Contact Page.