Customer Security and Anti-Fraud Protection

The prevalence of online fraud and identity theft poses serious risks.

At TradeStation, protecting the safety and security of your accounts and identity is of the utmost importance. As your partner in online security, we leverage our technologies and operational best practices in order to keep your valuable accounts and private information safe. Of course, there is much that you can do to better protect yourself online as well.
How We Protect You

We know that TradeStation customers need to be able to access their accounts safely and securely online from a variety of devices while at home, the office, or on the go. TradeStation uses secure technologies and other internal measures to ensure that every time you access your account, you can do so with confidence. Here are just a few ways in which we work to keep your account secure.

Account and Trade Monitoring

We leverage sophisticated tools and employ highly trained anti-fraud and anti-money-laundering specialists to
continuously monitor our systems and customer accounts, aid in the detection of suspicious activities and ensure that we
are able to respond quickly.

Customer Alerts

We will notify you whenever significant changes are made to your customer profile or your accounts, such as changes to
your login credentials, contact information, account settings, and more.

Strict Privacy Policies

TradeStation Group, Inc. and its subsidiary companies are committed to protecting the confidentiality and security of
information we collect about you. We will not share non-public information about you with third parties outside of our
securities affiliate’s clearing firm(s) without your consent, or as is required to perform routine business operations,
such as processing transactions, account maintenance, legal investigations, and credit bureau reporting. To learn more
about how TradeStation protects your privacy, please read our Privacy Policy.

Encrypted Communications

Our secure websites and applications use a 256-bit data encryption (TLS/SSL) to protect your accounts while you access
and manage them online.

Text Messages and Social Media Messaging

TradeStation Group, Inc. and its subsidiary companies will not contact you through text or SMS messaging and we do not
solicit information nor ask you to click on links through text messages. We also do not begin conversations via social
media messaging. Customers should contact Client Services if they are in receipt of any type of text message or
beginning social media message representing it’s from TradeStation.

Advanced Firewalls

We utilize advanced hardware and software firewalls to prevent unauthorized parties from gaining access to our systems
and your personal information.

Unique Usernames and Strong Encrypted Passwords

To aid in the prevention of unauthorized access, all customers are required to select a unique username and a strong password when you open your first account. Passwords are required to meet minimum strength requirements, including overall length and a mixture of letters, numbers and special characters.

Strong Customer Login Verification Online

Whenever you attempt to log in from a web browser on an unknown device, you will be asked to answer one of your enhanced security questions after successfully entering your username and password to further validate your identity.

Session Timeouts

Our websites and mobile trading applications include an integrated timeout feature. After a period of inactivity, you will automatically be logged out to ensure the safety of your account and personal information.

Login Attempt Limitations

To deter possible threats from cybercriminals by way of scripted or computer-based attacks, we limit the number of failed concurrent login attempts permitted for any single user or from any specific device.

Extended Secure Website Verification

Whenever you are asked to enter your TradeStation login credentials online, it is critical that you can easily verify that the website is owned and operated by TradeStation. To make this possible, we have deployed extended verification security certificates (EV SSL) to our websites.

How You Can Protect Yourself

Identity theft and identity fraud refer to crimes in which someone wrongfully obtains and uses another person’s personal information in order to commit some form of fraud or deception, typically for economic gain. The consequences of identity theft and identity fraud can be very serious, often resulting in significant out-of-pocket expenses, a damaged credit rating and even denial of credit. It is therefore critical that you take measures to protect your money and reputation.

Use Only Trusted Computers and Devices

In general, it is advisable to avoid using public devices when accessing your account, as such devices may have been infected by a virus or other malware that could pose a risk.

Lock Your Computers and Devices When Not in Use

Require a password, PIN, fingerprint or other identification method to use your PC, tablet or mobile device.

Keep Your Computers and Devices Updated

Most major software companies regularly release updates or patches to their software to address security problems. You can minimize your exposure to attacks by keeping your computer updated. A best practice is to set your computer to receive automatic updates whenever possible.

Use Anti-virus and Anti-malware Software

Anti-virus software protects your system from viruses, malware, spyware and Trojan horse programs that can intercept and relay information found on your system without your consent. Enroll in automatic updating to ensure that you are protected from the latest threats as they are discovered.

Disable File and Printer Sharing

When you are not connected to a private network that you trust, it is recommended that you disable file and printer sharing on your device to avoid permitting unintended folder and file access.

Encrypt Your Data

As a best practice, encrypt the data on your portable PCs and mobile devices just in case you should ever lose a device by accident or theft.

Use a Hardware Firewall and/or a Personal Software Firewall

A firewall controls how information moves between a computer and the local network or Internet, to help ensure that only desired traffic is permitted. When properly configured, a hardware firewall can effectively hide the presence of the devices behind it, making it significantly more difficult for an intruder to communicate with them.

Use Mobile Security Software on Your Mobile Device

Mobile devices are used every day to access information, manage various accounts and perform other business online. To ensure you are better protected while on the go or in the event that you lose your device, we recommend installing mobile security software. In addition to providing additional protection from viruses, malware, and spyware, some mobile security software allows you to remotely manage your devices, such as locating a lost device by its GPS location or deleting all data in the event of theft.

As the TradeStation mobile app expands its capabilities, there are several new features that integrate directly with the operating system (such as Today Widgets, or Siri voice commands). For your protection, please ensure that your device(s) always remain locked when unattended.

Be Smart about the Mobile Apps You Install

Ensure that you are installing applications from trusted sources, and that you thoroughly review each application’s access permissions, as well as the developer’s privacy policy, before using the software.

Verify Email Sources and Use Spam Email Filtering Software

Many online scams today involve the receipt of email that appears to come from a trusted source. Always be vigilant with your email, especially when it is from an unknown source, as well as emails that appear to convey a sense of urgency or ask you to click on links. Whenever in doubt, simply browse directly to the sending organization’s website by typing its address into your web browser. Alternatively, you may verify the legitimacy of a suspicious email by contacting the sending organization directly through its provided contact information.

Legitimate businesses will never ask you for sensitive information by email, such as your username, password, Social Security number or account information. To help reduce the amount of undesirable email you receive, enable spam filtering within your email client or purchase anti-spam software.

Never Download or Open Email Attachments from Unknown Sources

Opening attachments received through an unsolicited email is one of the most common delivery mechanisms for viruses and other malware. Always confirm the source of the email and the attachment, and be certain to scan the attachment for viruses before downloading.

Use Social Media Responsibly

If you participate in social media, bear in mind that what you share may become public and could be used by a criminal to aid in perpetrating a crime. Most important, be selective about whom you connect with through social media. Avoid publicizing where you live, where you work or where you go to school. Avoid publicizing your current location. Be certain not to share private information that may have been used for secret questions, such as those used to reset a password. Regularly monitor your social media preferences and privacy settings.

Firm Imposter Scam

Scammers may try to reach out to you through a phone call, text message, email, or social media. They are taking advantage of the online presence of firms and impersonating firm representatives. They may create a phony online presence and attempt to collect personal information from you. In addition, scammers may also attempt to induce you to send payment, that may include but is not limited to, wiring money, or sending cryptocurrency. You will not be asked to send any form of payment by a TradeStation employee or representative until you complete the account opening process, and all forms of payment are processed through our secure portal. Please be advised that TradeStation is not liable for any payment that you may make directly to a scammer. The Federal Trade Commission has issued steps you can take if you believe that you have been a victim of a scam.

Monitor Your Account

Regularly review your account balances and positions. Take notice if statements do not arrive on time. Be sure to open in a timely manner all online and offline communications from the financial institutions with which you do business. Report suspected fraud immediately.

Maintain Accurate Account Information

In the event that we detect unusual or suspicious activity relating to your account, it is critical that we are able to contact you immediately. Should your contact information change, log in to the TradeStation Client Center and update your information (e.g., telephone numbers, email address, mailing address).

Username and Password Recommendations

  • Never share your username or password with anyone.
  • Don’t re-use usernames or passwords between different accounts
  • Never use sensitive information as part of your username or password
  • Avoid easy-to-guess or predictable passwords, such as those containing your name, birthday, phone number, pets’ names or Social Security number.
  • Keep your passwords and reminders in a safe place. Print them and store them in a safe location in your home, or consider purchasing a software password-keeper solution.
  • Consider changing your passwords periodically.

Two-Factor Authentication

Two-Factor Authentication is a security feature available in the Client Center that adds an extra layer of protection when accessing your TradeStation accounts. Once this feature is enabled, when you login from an untrusted device you will either be asked to approve the log in request from your mobile device, or you will be asked to enter a 6-digit verification code to verify your identity.

Avoid Phishing Attacks

Phishing is when someone attempts to steal personal or financial information by impersonating a trustworthy entity. Phishing often begins with an email or other communication asking for sensitive information, such as your username, password or other sensitive account information.

  • Only enter your credentials when you are on a website that ends with .tradestation.com.
  • Use search engines to find the “right” website for the business you are seeking. Search engines will correct misspellings in providing recommended results.
  • Never enter information into an unsecured website.
  • Be skeptical of emails peddling offers or making claims that seem too good to be true. Ask yourself if you have a real business relationship with the sender.
  • Test your phishing knowledge and learn more about how to spot potential threats.

Avoid Using Unsecured Wireless (Wi-Fi) Networks

In order to make network access easier, public Wi-Fi hot spots often turn their security off. This means that any information you send from this hot spot likely will not be encrypted and could be intercepted or altered by a criminal. To avoid automatically joining these networks, change your device settings to only allow connections to secured networks, or simply disable your Wi-Fi adapter when not in use.

Do Not Share Your Account Number with Anyone

You should only provide your account number if you have directly contacted a trusted TradeStation representative for assistance, or if you must provide the account number to a known and trusted third party in order to authorize a desired action, such as transferring funds to or from another financial institution.

Request a Free Annual Credit Report

A free credit report is available to all U.S. residents every 12 months from the top three nationwide consumer credit reporting agencies: Equifax, Experian, and TransUnion. For more information, visit http://annualcreditreport.com/.

Consider Enrolling in an Identity Monitoring and Theft Prevention Service

These providers offer real-time monitoring of your identity as well as your credit, and may be able to prevent or alert you to potential threats as they occur.

Vulnerability Disclosure Policy

TradeStation is deeply committed to maintaining the security of our systems and protecting confidential and personal information from unauthorized disclosure.

While we appreciate you bringing security issues to our attention, please be advised that performing security testing against our systems without our written authorization is unlawful and could result in civil or criminal legal actions. Security researchers are requested to only engage in security testing activities when authorized.

If you have inadvertently found a vulnerability in one of our products or services and would like to report it to our security team, you can let us know by sending an email to ClientExperience@TradeStation.com and including the following information in your vulnerability report:

  • A description of the nature of the vulnerability identified and how it was detected, including any information regarding exploitation of the vulnerability.
  • The exact steps for us to follow to reproduce the issue.
  • Screenshots and URLs to explain your findings

Once we receive the information, we will perform a thorough review and respond in a timely manner.

Please be aware that TradeStation does not offer rewards or “bug bounties” for vulnerability reports.

ID3008831D0723