Customer asset protection
Extensive cyber-security framework is implemented in order to ensure that strict measures and practices are in place to protect customer assets against any eventualities and threats. We are conducting periodical stress tests and security audits to ensure compliance with the strictest security standards.
We use the following security tools and measures:
- 2FA (provided by Google Auth) to ensure account security and prevent any unauthorised access to user’s account.
- Mandatory Bitcoin address whitelisting feature
- Cold storage of digital assets with Multisignature technology
- Hardware security modules with rating of FIPS PUB 140-2 Level 3 or higher
- Full risk check after every order placement and execution
- Encrypted SSL (https) to encrypt and secure our website’s traffic.
- All passwords are cryptographically hashed (using bcrypt with a cost factor of 12) while all other sensitive data is encrypted.
- Cloudflare to mitigate potential distributed denial-of-service (“DDoS”) attacks.
- Regular tests and check-ups by our technical team.
- On-going and IT security assessments are executed to keep up to date with new potential vulnerabilities.
mciinvestments trading engine has been designed to meet the highest online-trading industry standards. All systems have been uniquely coded to minimize latency and increase order execution speed. System automatically monitors all risks associated with buying power, buying power factor, maximum order size, maximum position size, P/L loss thresholds, odd lot allowance, and executes full risk check after every order placement. mciinvestments prides itself on having one of the most advanced and reliable trading software on the market.
Start trading in 40 seconds!
The majority of customer digital assets (Bitcoin) are held in our offline storage system (“Cold Storage”). Only a small portion of digital assets are held in our online wallet (“Hot Wallet”).
We use Multi-signature access (“Multisig”) to provide both security against attacks and tolerance for losing access to a key or facility, eliminating single points of failure. All fund transfers from Cold Storage to Hot Wallets are handled manually and require the coordinated actions of multiple employees.
A dual factor authentication (also known as 2FA or two-step verification) is a security process that requires the user to provide two different authentication factors to verify themselves. It gives a higher level of assurance than single-factor authentication (SFA) methods, that require to only provide one factor (usually a password).
It’s one of the best ways to secure your account and the setup process is very easy so we strongly recommend you to enable 2FA for your account immediately after you complete the registration process. Our 2FA system uses a TOTP solution which means it requires a Google Authenticator app. It’s more secure and reliable than using SMS as 2FA solution.
Follow these steps to enable 2FA:
- Download the Google Authenticator app for either iOS or Android
- Go to to System Preferences menu
- Click ‘Enable GA’ button in Google Authenticator section
- Backup you secret key and confirm it by clicking on the box next to ‘I backed up a 16-digit code’
- Confirm the setup by entering PIN code generated by 2FA
Next time you will be asked to provide a code from Google Authenticator to access your account or withdraw funds.
Please note that in order to disable your 2FA you will have to contact our support at firstname.lastname@example.org. This procedure may take up to 5 business days.
Withdrawal address whitelisting
We offer Customers additional account level protections such as crypto Address Whitelisting. This feature adds an additional layer of protection by allowing customers to whitelist specific withdrawal addresses.
By doing so, withdrawals will be restricted to addresses only included in the whitelist. In the unlikely event that your mciinvestments account is compromised, an unauthorized user will not be able to withdraw digital assets to a different address.
Follow these easy steps to whitelist your wallet address:
- Go to Account section and choose Withdraw menu
- Click “Destination address” dropdown menu. Next, click ‘Add new address’
- In the pop up window fill up the label and the Bitcoin address you are willing to use for withdrawals. Press ‘Add’ to continue.
- Now you need to go to your email inbox. You will receive an email with confirmation link. Click on it to whitelist the address. Please note that the link is only active for an hour.
- The BTC address you confirmed will be added to the Whitelist and withdrawal of funds will be possible only to that specific address.