Cybercrime risks when trading

22 Jul 2022

Thanks to Anil Singhvi and Zee Business for highlighting the cybercrime risks when trading the markets. Cybercrime has gone up across banking to broking to social media. We must be extra vigilant. Here’s everything we’re doing at Zerodha.

Money cannot be withdrawn from trading accounts to 3rd party bank accounts. To move money, fraudsters create artificial losses by trading illiquid options (buy high, sell low) or buying scammy penny stocks. Our best bet is to find ways to block such suspicious trades.

We ask for a TOTP when orders are placed for illiquid options; it has helped, but not enough. We’re about to launch a new feature that will not allow orders for options to be placed at abnormal prices—may be a first across brokers globally. I’ll share the details soon.

Our avg call wait times on support lines which used to be high, are now down to less than 2 mins. Our support team has also been sensitised to react immediately whenever a cybercrime incident is reported. A customer need not call us to disable trading; we offer a kill switch.

We notify users through email whenever there’s a login to Kite from a new location, just like Gmail, Netflix, etc. Password resets are possible only via links sent to the investor’s registered email address. We also notify users whenever a password is changed.

We don’t have RMs calling customers, making it tough to spoof anyone claiming to be one. We use every opportunity to educate customers on cybersecurity risks through blogs and social media posts. Couple of them: Beware of the Phishing Scam, Stock market scams everyone should be aware of.

Incidents anyways will reduce from Sep 31st when OTP/TOTP/Biometric becomes mandatory when logging in. But all these measures will only work if users are careful enough not to share their account access by believing get-rich-quick schemes, which is how most frauds happen.

View on Twitter →