Security

Security

Security Policies

In PrizmaFX, the security of funds and our client’s information is our topmost priority. Our security team is continually improving our end-to-end security measures, bettering auditing processes, and reducing the ‘attack surface’ of our infrastructure. Please note that we cannot disclose too many details of the security measures implemented on the platform for security and proprietary reasons.

User Account Protection

Some of the security measures highlighted below are in place by default, and others can be activated based on the security level you need.

Two-factor authentication (2FA)

You can add an extra layer of security to your account and protect the various sensitive operations such as logging in, generating API keys, and withdrawing. Configure two-factor authentication using Google Authenticator, Twilio, or a U2F Security Key.

Universal 2nd Factor (U2F)

Use a physical Security Key to take advantage of the ultra-secure FIDO Universal 2nd Factor (U2F) open authentication standard.

Advanced verification tools to monitor the integrity of your account
  • Login data is saved and analyzed for unusual activity
  • An intelligent system detects IP Address changes to prevent session hijacking
  • Email notifications report logins and include a link to instantly freeze your account if you suspect malicious activity
  • Limit access to your account based on IP address
Withdrawals protection
  • Security system monitors withdrawals by IP address and other user behavior patterns, triggering manual admin inspection on withdrawals that appear unusual
  • Withdrawal confirmation step that is immune to malicious browser malware
  • Define an address whitelist to ensure no withdrawals can go anywhere else
Advanced API key permissions

Create API keys with advanced read/write permissions on a per-feature basis. Unleash the full power of the platform through our REST and WebSockets APIs.

Email Encryption with OpenPGP

Want more protection? Encrypted email communication (PGP) adds an extra layer of privacy and security.

Storage of funds

We keep all funds on so-called cold accounts. This means they are not directly connected to exchange servers directly. This ensures that no third-parties can ever get access to these funds. furthermore, all accounts are properly encrypted.

Up-to-date systems to host the platform

Our servers network is protected using always up-to-date software and the best possible practices.

Automatic backup of the database once a day

Once a day, the database of the platform is backed up, encrypted and compressed as an archive.

Duplication of backup data automatically

As soon as a new backup is ready (database, log files,…), it is sent to others servers in several physical locations.

Protection from DDoS attacks

We are protected by automatic Distributed Denial of Service protection to ensure that trading cannot be halted by outside attacks.