Vulnerabilidad en SSL ("Heartbleed Bug") - Preguntas Frecuentes

CUÁL ES EL PROBLEMA? QUÉ ES «HEARTBLEED»?

Una vulnerabilidad en la implementación del código abierto de los protocolos SSL y TLS permite a una persona no autorizada leer las contraseñas y llaves de encripción en la memoria del servidor.

QUÉ ES SSL?

Es un protocolo que sirve para instruir máquinas en cómo encriptar y decriptar intercambios da datos entre redes.

HA AFECTADO  «HEARTBLEED» a IB?

No se espera ningún impacto.

Los pocos servidores de IB que usaban la versión afectada de OpenSSL han sido actualizados y corregidos tan pronto como la vulnerabilidad fue detectada y el parche distribuido.

PROTEGE MEJOR EL SLS EN ESTA SITUACIÓN O SIMILARES?

El sistema de ingreso seguro (SLS) añade una protección extra al acceso con sus credenciales (usuario y contraseña). El usuario y la contraseña no son la única línea de defensa contra accesos no autorizados.

Usando su SLS al acceder le asegura que es usted la única persona que puede acceder a la cuenta.

DEBO CAMBIAR MI CONTRASEÑA?

Al haber tomado IB todas las medidas de seguridad, no es necesario, su contraseña no ha sido afectada por esta vulnerabilidad.

Aunque cambiar la contraseña regularmente es una buena medida de seguridad, no tiene que hacerlo ahora a causa de lo informado sobre «Heartbleed».

¿Cómo devolver el dispositivo de seguridad a Interactive Brokers ?

En caso de que deba devolver* su dispositivo de acceso seguro a Interactive Brokers (debido a daño, rotura, consolidación o cierre de cuenta), siga las instrucciones a continuación:

  1. Descargue e imprima el formulario de devolución de dispositivo de acceso seguro
  2. Complete el formulario y envíelo junto con su dispositivo 
  3. Envíe su paquete por correo a la dirección correspondiente que se indica a continuación

Para su protección, le recomendamos utilizar un sobre acolchado para su devolución, y un servicio de mensajería y paquetería que ofrezca un número de rastreo (p. ej., UPS, FedEx, DHL o UPS Express Mail solamente) debido a que usted será responsable de la evolución del token. Deje que transcurran de 3 a 5 días hábiles luego del envío para que su cuenta refleje la recepción por parte de IBKR del dispositivo devuelto. Tenga en cuenta que los plazos de entrega pueden variar debido a demoras de las empresas de mensajería y paquetería.

*Actualmente, el único dispositivo que debe devolverse es la tarjeta de seguridad digital+ con el número de serie IB3000xxx.

Medidas adicionales para las devoluciones por reemplazo
Si se trata de una devolución por reemplazo y no el cierre de una cuenta, llame a nuestro equipo de asistencia para seguridad al número que figura a continuación para informarnos acerca de su dispositivo defectuoso y le proporcionaremos un código de seguridad temporario que le permitirá acceder a su cuenta hasta que reciba su nuevo dispositivo de acceso seguro. IBKR ofrece varios tipos de dispositivos y las consideraciones de reemplazo relacionadas con cada uno se describen a continuación:

Para usuarios de tarjetas de seguridad digital+ (TSD+):
Si está devolviendo una tarjeta de seguridad digital+ (anexo 1), y necesita un dispositivo de reemplazo, deberá iniciar sesión en Client Portal y solicitar una TSD+ nueva (consulte las instrucciones aquí).

Anexo 1

 Tarjeta de seguridad digital+ 

Para usuarios con tarjeta de código de seguridad:

Estos tipos de dispositivos (anexo 4) no deben devolverse a IBKR y pueden destruirse y eliminarse. Si necesita un dispositivo de reemplazo, le recomendamos activar la autenticación con IB Key a través de IBKR Mobile (consulte las instrucciones aquí).

Anexo 4

Tarjeta de Código de Seguridad

 

Dirección de correo electrónico y contactos:

EE. UU./Canadá
Europa
Dirección postal:
Interactive Brokers, LLC.
Attn: Token Return Department
3 Pickwick Plaza
Greenwich, CT 06830
USA

Contacto en EE. UU.:
1 (877) 442-2757 (línea gratuita)
1 (312) 542-6901 (discado directo)

Contacto en Canadá: 
1 (877) 745-4222 (línea gratuita)
1 (514) 847-3499 (discado directo)
Dirección postal:
Interactive Brokers(U.K.)LTD.
Attn: Token Return Department
Gotthardstrasse 3
CH-6301 Zug
Switzerland


Contacto en la UE:   
00800-42-276537 (número gratuito)
+41-41-726-9500 (discado directo)

Contacto en Rusia:
8-800-100-8556 (número gratuito)
+41-41-726-9506 (Pyсский)
Asia
Australia
Dirección postal:
Interactive Brokers, LLC.
Attn: Token Return Department
Suite 1512,
Two Pacific Place
88 Queensway Admiralty 
Hong Kong

Contacto:
+852-2156-7907 (廣東話)
+86 (21) 6086 8586 (普通话)
Dirección postal:
Interactive Brokers, LLC.
Attn: Token Return Department
PO Box R229
Royal Exchange, NSW, 1225
Australia


Contacto:
+61 (2) 8093-7300
Japón
Dirección postal:
Interactive Brokers Securities Japan, Inc.
Attn: Token Return Department
Kasumigaseki Building 25F,
2-5 Kasumigaskei 3 Chome, 
Chiyoda Ku, Tokyo 100-6025
Japan

Contacto:
+81 (3) 4588 9710 discado directo (en inglés)
送り先:
インタラクティブ・ブローカーズ証券株式会社  
〒100-6025
東京都千代田区霞ヶ関3-2-5
霞ヶ関ビルディング25階
セキュリティデバイス部 
接触:
+81 (3) 4588 9700 直通 (日本語)

 

Cierre de cuenta
Se proporciona acceso a Client Portal a los fines de revisar o imprimir extractos de actividad y formularios fiscales luego de que haya devuelto el dispositivo y cerrado su cuenta.  Una vez que se haya cerrado, podrá conectarse sin el dispositivo de seguridad y solo necesitará su nombre de usuario y contraseña existentes.

Las preguntas respecto de los dispositivos de seguridad podrán dirigirse al grupo de seguridad a cualquiera de los números telefónicos que se indican en el cuadro arriba.
 
Para obtener información respecto de las tarifas de reemplazo para dispositivos de seguridad que se hayan extraviado, robado o dañado, o que no se hayan devuelto al cierre de la cuenta, consulte el artículo KB1861.

 

Information Relating to Customer Protection of Assets

The below information applies to trading of non-US index options, OTC CFDs and non-US index futures (when combined with non-US index options)

 

Interactive Brokers (U.K.) Limited


Customer Assets
Interactive Brokers (U.K.) Limited (“IBUK)’’ is authorised and regulated by the Financial Conduct Authority (“FCA“), register no. 208159. IBUK is a wholly owned subsidiary of Interactive Brokers Group (IBG LLC). IBUK provides client money and client asset services in accordance with FCA Client Assets regulations “CASS”.

Client money is protected as follows:
Client money rules apply to all regulated firms that receive money from a client, or hold money for a client in the course of carrying out MiFID business and/or designated investment business.

Client money is entirely segregated from IBUK’s own money. In the event of a failure of an authorised firm, clients’ monies held in the segregated accounts will be returned to the clients rather than being treated as a recoverable asset by general creditors. If there was a shortfall, the client may be eligible to claim for compensation from the Financial Services Compensation Scheme (“FSCS”).

Client money is ring-fenced in separate bank accounts which are held in trust on behalf of the clients. These accounts are distributed across a number of banks with investment grade ratings to avoid a concentration risk with any single institution. When IBUK makes the selection and appointment of a bank to hold client money, it takes into account the expertise and market reputation of the bank, its financial standing and any legal requirements or market practices related to the holding of client money that could adversely affect clients' rights.

IBUK will allow client money to be held in a client transaction account by an exchange, a clearing house or an intermediate broker but only if the money is transferred to them for the purpose of a transaction or to meet a client’s obligation to provide collateral for a transaction.

Each day, IBUK performs a detailed reconciliation of client money held in client money bank accounts and client transaction accounts and its liabilities to its clients to ensure that client monies are properly segregated and sufficient to meet all liabilities in accordance with the FCA’s CASS rules. All monies credited to such bank accounts are held by the firm as trustee (or if relevant, as agent).

FCA regulations also require IBUK to maintain a CASS Resolution Pack to ensure that in the unlikely event of the firm's liquidation, the Insolvency Practitioner is able to retrieve information with a view to returning client money and assets to the firm's clients on a timely basis.

Financial Services Compensation scheme

Interactive Brokers (U.K.) Limited (“IBUK”) is authorised and regulated by the Financial Conduct Authority (“FCA”) as an investment firm and a participant in the Financial Services Compensation scheme (“FSCS”). Certain eligible clients qualify for
compensation under the FCA Compensation rules.

The main points relating to eligibility are:

  • FSCS pays compensation only to eligible claimants when an authorised firm is in default and will carry out an investigation to establish whether or not this is the case.
  • FSCS pays compensation only for financial loss and the limits for U.K. Investment firms are covered below.
  • The FSCS was set up mainly to assist private individuals, although smaller businesses are also covered.
  • Larger businesses are generally excluded.

Investments

FSCS provides protection if an authorised investment firm is unable to pay claims against it e.g. when an authorised investment firm goes out of business and cannot return assets to its clients. Assets classified as investments for authorised investment firms under the FSCS include stocks and shares, futures, options, cfds, other regulated instruments and money deposited by clients.

Compensation Limits

The actual level of compensation you receive will depend on the basis of your claim. The FSCS only pays compensation for financial loss. Compensation limits are per person per authorised firm. Compensation levels are subject to change and for current details please refer to the FSCS website at http://www.fscs.org.uk / .
 

The below information applies to customers who were or are continuing to trade all products (except metals and OTC CFDs) through IB LLC.

 

Interactive Brokers LLC (“IBLLC”)


Customer Assets
Customer money is segregated in special bank or custody accounts, which are designated for the exclusive benefit of customers of IBLLC. This protection (the SEC term is “reserve” and the CFTC term is “segregation”) is a core principle of securities and commodities brokerage. By properly segregating the customer's assets, if no money or stock is borrowed and no futures positions are held by the customer, then the customer's assets are available to be returned to the customer in the event of a default by or bankruptcy of the broker.


Securities accounts with no borrowing of cash or securities
Securities customer money is protected as follows:

  • A portion is deposited at 14 large U.S. banks in special reserve accounts for the exclusive benefit of IBLLC's customers. These deposits are distributed across a number of banks with investment-grade ratings so that we can avoid a concentration risk with any single institution. No single bank holds more than 5% of total customer funds held by IBLLC.
  • A portion may be invested in U.S. Treasury securities, including direct investments in short-term Treasury bills and reverse repurchase agreements, where the collateral received is in the form of U.S. Treasury securities. These transactions are conducted with third parties and guaranteed through a central counterparty clearing house (Fixed Income Clearing Corp., or “FICC”). The collateral remains in the possession of IBLLC and held at a custody bank in a segregated Special Custody Account for the exclusive benefit of customers. U.S. Treasury securities may also be pledged to a clearing house to support customer margin requirements on securities options positions.
  • Customer cash is maintained on a net basis in the reserve accounts, which reflects the net credit balances of customers in excess of customer debit balances. To the extent any one customer maintains a margin loan with IBLLC, that loan will be fully secured by stock valued at up to 200% of the loan.
  • Current SEC regulations require broker-dealers to perform a detailed reconciliation of customer money and securities (known as the “reserve computation”) at least weekly to ensure that customer monies are properly segregated from the broker-dealer's own funds.

Customer-owned, fully-paid securities are protected in accounts at depositories and custodians that are specifically identified for the exclusive benefit of customers. IBLLC reconciles positions in securities owned by customers daily to ensure that these securities have been received at the depositories and custodians

Commodities accounts

Commodities customer money is protected as follows:

  • A portion is pledged to futures clearing houses to support customer margin requirements on futures and options on futures positions or held in custody accounts identified as segregated for the benefit of IB's customers.
  • A portion is held at commodities clearing banks/brokers in accounts identified as segregated for the benefit of IBLLC customers to support customer margin requirements.
  • Cash in commodities accounts is protected in accordance with US commodities regulations. CFTC rules prohibit an FCM from commingling customer funds with its own money, securities or property. Customer funds must be separately accounted for and segregated as belonging to commodity or option customers. The titles of accounts in which customer funds are deposited must clearly indicate this and show that the funds are segregated as required by the Commodity Exchange Act (“CEA”) and CFTC Rules. Customer funds may not be obligated to anyone except to purchase, margin, guarantee, secure, transfer, adjust or settle trades, contracts or commodity option transactions of commodity or option customers. These requirements also extend to U.S. customers trading on foreign exchanges.

Securities accounts with margin loans

For customers who borrow money from IBLLC to purchase securities, IBLLC is permitted by securities regulations to pledge or borrow stock valued at up to 140% of the value of the loan. Typically, IBLLC lends out a small portion of the total stock it is permitted to lend out.

  • As an example, at June 30, 2011, IBLLC lent $800 million value of customers' stock out of the $13.0 billion made available to it by margin customers.
  • When IBLLC lends customers' stock, it must put additional money into the special reserve accounts for the exclusive benefit of customers. In the example above, the full value of $800 million of customer stock that was lent was segregated in the special reserve accounts.

Account Protection

Customer securities accounts at IBLLC are protected by the Securities Investor Protection Corporation (“SIPC”) for a maximum coverage of $500,000 (with a cash sublimit of $250,000) and under IBLLC's excess SIPC policy with certain underwriters at Lloyd's of London for up to an additional $30 million (with a cash sublimit of $900,000) subject to an aggregate limit of $150 million. Futures, and options on futures are not covered. As with all securities firms, this coverage provides protection against failure of a broker-dealer, not against loss of market value of securities.

For the purpose of determining a customer account, accounts with like names and titles (e.g. John and Jane Smith and Jane and John Smith) are combined, but accounts with different titles are not (e.g. Individual/John Smith and IRA/John Smith).

SIPC is a non-profit, membership corporation funded by broker-dealers that are members of SIPC. For more information about SIPC and answers to frequently asked questions (such as how SIPC works, what is protected, how to file a claim, etc.), please refer to the following websites:


http://www.SIPC.org

http://www.finra.org/InvestorInformation/InvestorProtection/SIPCProtecti...

or contact SIPC at:

Securities Investor Protection Corporation
805 15th Street, N.W. - Suite 800
Washington, D.C. 20005-2215
Telephone: (202) 371-8300
Facsimile: (202) 371-6728

 

How to send documents to IB using your smartphone

Overview: 

Interactive Brokers allows you to send us a copy of a document even if you do not currently have access to a scanner. You can take a picture of the requested document with your smartphone.

Below you will find the instructions on how to take a picture and send it to IB per email with the fllowing smartphone operating systems:

iOS (iPhone)

Android (i.e. Samsung Galaxy, HTC One X, Sony Xperia, Motorola Droid)

Windows Phone (i.e. Nokia Lumia, HTC Titan, Samsung Focus)

 If you already know how to do so, please consult the instructions about the information you will need to send us aside from the document picture. Click HERE - Where to send the email to and what to include in the subject.

iOS
1. Press the power button to turn your iPhone screen on. Tap, hold and slide upwards the
Camera icon on the bottom right of your screen then drag it upwards to access the Camera.

slide up from the lock screen to take a picture

- If you do not have the Camera icon, you may access the Camera app from the home screen
of your iPhone.
2. Place your iPhone above the document and take the desired portion or page of the document
and tap on the Camera button (designated with 1 on the below illustration - Fig. 3) to take a
photo. Then you need to access the picture - tap the image in the lower left-hand corner (number 2 in the
illustration)

Tap here to take a picture

3. Exit to the home screen by pressing the round Home button on the face of the iPhone.
4. Open the Photos app
5. Next, tap the album ‘Camera Roll’. Make sure that the picture is clear and the document
is well legible, if it isn’t, please repeat the previous two steps.
6. Touch once the picture to make the menus appear and tap the share icon
designated with 1 in the illustration below.

Share button iOS

5. Select the first option - Email Photo. Please consult the following instructions for the next step - what address you should send the picture to and what else to include aside from the document, HERE.
Note: to send emails your phone has to be configured for that. Please contact your email
provider if you are not familiar with this procedure.


Android
1. Open your applications list and start the camera app. Depending on your phone model, make or setup it might be called differently.
2. Place your phone over the document and take the desired portion or page of the document and
tap the icon for the camera. (The generic button will look like the one shown below.)

Tap to take a picture
3. Press the Home key to go back to the idle screen. Go back to the apps list and start the Gallery
application. On some phones it may be called Pictures or Photos.
4. Open the album called Camera or All pictures. The last image in either of those should be the
document you just took a picture of. Tap the screen once to bring up the buttons and tap the share
icon, which generically should look as shown below.

Share on Android
5. In the sharing menu that will be displayed now tap on Email. Please consult the following instructions for the next step - what address you should send the picture to and what else to include aside from the document, HERE.
Note: to send emails your phone has to be configured for that. Please contact your email
provider if you are not familiar with this procedure.

Send per email

 

Windows Phone
1. Press the camera button in the Desktop menu of Windows phone. (If you do
not see the camera in the desktop menu, please scroll to the right and choose
camera in the listed applications)
2. Take a picture by pressing the trigger button on the side of the phone.
3. Open the picture by scrolling to the left and press the ‘...’ menu item
at the bottom task bar to see the available options.
4. Please choose send and the configured Email account you would like to use.
5. In the upcoming email, please add the destination email address, the
subject and the text you would like to send and press the ‘Send email’ button in
the bottom menu. Please consult the following instructions for the next step - what address you should send the picture to and what else to include aside from the document, HERE.
Note: to send emails your phone has to be configured for that. Please contact your email
provider if you are not familiar with this procedure.


WHERE TO SEND THE EMAIL AND WHAT TO INCLUDE IN THE SUBJECT
The email has to be created observing the below instructions:
1. In the ‘To:’ field type...
a. newaccounts@interactivebrokers.com if your you are a resident of a non-European country
b. newaccounts.uk@interactivebrokers.co.uk if you are a European resident
2. The subject field must contain all of the below:
a. Your account number (it usually has the format Uxxxxxxx, where x are numbers) or your
username
b. The purpose of sending the document. Please use the below convention:
i. PoRes for a proof of residential address
ii. PID for a proof of identity

How to request a Digital Security Card+ (DSC+) replacement

Overview: 

The below steps are required in order to:

  • Replace a Digital Security Card+ which has been lost, stolen or has become inoperable
  • Request a Digital Security Card+ alongside your current security device (if you are a new or existing Client with equity above $500,000, or equivalent)
Background: 

1. Notify IBKR Client Services- Contact IBKR Client Services to obtain a temporary account access. This service can only be provided via telephone and requires the identity of the account holder to be verified, as detailed in KB70.

2. Obtain an Online Security Code Card - Activate an Online Security Code Card, which offers enhanced protection and full Client Portal functionality for an extended period of 21 days. Please consult KB1873 should you need guidance for this specific step.

3. Request the DSC+ replacement - Once you have completed the Online Security Code Card activation, please remain in the Secure Login System section of the Client Portal and order your replacement DSC.

 

Request a DSC+

1. Click on the button Request Physical Device.

2. The shipping address will be shown in the device information screen. If your address is outdated or invalid, you can amend it by clicking on Change Address and following the on-screen instructions. If you do not need to update your address, please proceed to step 3.

3. Enter a four-digit Soft PIN1 for your DSC+. Please make sure to remember the PIN you are typing since it will be necessary to activate and to operate your device. When applicable and desired, you may change the account on which the 20 USD deposit will be kept on hold2.  Complete this step by clicking on Continue.

4. The system will show you a summary of your selection. Please make sure the information displayed is correct. Should you need to perform changes, click on the white Back button under the information field (not your browser back button), otherwise submit the request by clicking on Continue.

5. You will receive a final confirmation containing the estimated shipment date3. Click on Ok to finalize the procedure.

Notes

1. For PIN guidelines, please consult KB2269.

2. The Security token and the shipment are both free of charge. Nevertheless, when you order your device, we will freeze a small amount of your funds (20 USD).  If your device is lost, intentionally damaged, stolen or if you close your account without returning it to IBKR, we will use that amount as a compensation for the loss of the hardware. In any other case, the hold will be released once your device has been returned to IBKR. More details on KB1861.

3. For security reasons, the replacement device is set to auto-activate within three weeks from the shipment date. IBKR will notify you when the auto-activation is approaching and when it is imminent.

 

References
  • See KB1131 for an overview of the Secure Login System
  • See KB2636 for information and procedures related to Security Devices
  • See KB2481 for instructions about sharing the Security Login Device between two or more users
  • See KB2545 for instructions on how to opt back in to the Secure Login System
  • See KB975 for instructions on how to return your security device to IBKR
  • See KB2260 for instructions on activating the IB Key authentication via IBKR Mobile
  • See KB2895 for information about Multiple 2Factor System (M2FS)
  • See KB1861 for information about charges or expenses associated with the security devices
  • See KB69 for information about Temporary passcode validity

 

Security Device Replacement Charge

Account holders logging into their account via IBKR's Secure Login System are issued a security device, which provides an additional layer of protection to that afforded by the user name and password, and which is intended to prevent online hackers and other unauthorized individuals from accessing their account. While IBKR does not charge any fee for the use of the device, certain versions require that the account holder return the device upon account closing or incur a replacement fee.  Existing account holders are also subject to this replacement fee in the event their device is lost, stolen or damaged (note that there is no fee to replace a device returned as a result of battery failure). 

In addition, while IBKR does not assess a replacement fee unless a determination has been made that the device has been lost, stolen, damaged or not returned, a reserve equal to the fee will placed upon the account upon issuance of the device to secure its return.  This reserve will have no effect upon the equity of the account available for trading, but will act as limit to full withdrawals or transfers until such time the device is returned (i.e., cannot withdraw the reserve balance).

Outlined below are the replacement fee associated with each device.

SECURITY DEVICE REPLACEMENT FEE
Security Code Card1 $0.001
Digital Security Card + $20.00 

For instructions regarding the return of security devices, please see KB975

 

1 The Security Code Card is not required to be returned upon account closing and may be destroyed and discarded once remaining funds have been returned and the account has been fully closed. Access to Client Portal after closure for purposes of viewing and retrieving activity statements and tax documents is maintained using solely the existing user name and password combination. This type of two-factor security is no longer being issued.

¿Cómo puedo devolver el dispositivo de acceso seguro a Interactive Brokers?

Si por alguna razón necesita devolver su dispositivo de acceso seguro a
Interactive Brokers, por favor, siga las siguientes instrucciones.

1. Descargue e imprima el “Formulario de Devolución de Acceso
Seguro

2. Complete el formulario y haga un paquete con el dispositivo.
3. Envie su paquete a la dirección indicada abajo.

Para su seguridad, se recomienda utilizar una compañía que ofrezca un
número de rastreo (por ejemplo UPS, FedEx, DHL o USPS), ya que
usted será responsable de la devolución del token. Por favor, espere tres días
después
del envío para que su cuenta refleje la recepción por parte de IB del
dispositivo. Por favor, tenga en cuenta que el tiempo de entrega puede variar
debido a los retrasos del operador de carga.

Acción Adicional para Las Devoluciones de Reemplazo
Si se trata de una devolución para reemplazo y no por el cierre de una
cuenta, por favor llame a nuestro equipo de soporte técnico al 1-877-442-
2757, opción 2 y luego opción 6 para que nos notifique de su aparato
defectuoso y le proporcionaremos con un código temporal de seguridad que
le permitira seguir teniendo acceso a su cuenta hasta que reciba su nuevo
dispositivo de acceso seguro.

Para los usuarios de Platino:
Si esta devolviendo un dispositivo seguro de Platino (negro en forma de
una calculadora cuadrada) y requiere un dispositivo de reemplazo tendrá que
ir al Menú Gestión de Cuenta o Account Management, para solicitar un
nuevo dispositivo. Esto es necesario debido a las características de seguridad
de este dispositivo. Sólo se puede solicitar un nuevo
dispositivo después de que IB haya reconocido que ha recibido el
dispositivo devuelto.
Esto se debe ha que un solo dispositivo a la vez puede estar vinculada a su
cuenta. Una vez ordenado, por favor asegúrese de imprimir la página de
confirmación que contiene su número de PIN y la frase de única que se
necesita para activar el nuevo dispositivo.

Para los usuarios de los Alpine:
Si va a devolver un dispositivo de Alpine conexión segura (azul de forma
ovalada) IB reemplaza el dispositivo con base en las respuesta positiva de
"Sí" a las preguntas del questionario de dispositivos STP Formulario Return:
"¿Es necesario un dispositivo de reemplazo?"
No hay medidas adicionales que debe tomar en la página web.
Para preguntas y aclaraciones, por favor póngase en contacto con uno de
nuestros especialistas en seguridad al 1-877-442 2757, opción 2 y luego la
opción 6 o envie un correo electrónico a tac@interactivebrokers.com
Dirección postal para clientes de EE.UU. y Canadá: Dirección postal de
la UE y los clientes asiáticos:

Mailing Address for US & Canadian Client:

 

Interactive Brokers, LLC.
Attn: Token Return Department
2 Pickwick Plaza
Greenwich, CT 06860
Mailing address for EU, & Asian Clients: 

 

Interactive Brokers (U.K.) LTD

Attn: Token Return Department

Gotthardstrasse 3

CH-6301 Zug

Switzerland

 

Securities Account Protection for Interactive Brokers India Customers

Customer accounts domiciled under Interactive Brokers India Pvt. Limited,(IBI) are awarded different account protection services than our IB-LLC and IB-UK clients. There are two major exchanges, the National Stock Exchange of India (NSE) and the Bombay Stock Exchange (BSE), each one has established their own guidelines for investor grievances against exchange members and/or sub –brokers.

National Stock Exchange of India (NSE)

The NSE has established an Investor Protection Fund with the objective of compensating investors in the event of defaulters' assets not being sufficient to meet the admitted claims of investors, promoting investor education, awareness and research. The Investor Protection Fund is administered by way of registered Trust created for the purpose. The Investor Protection Fund Trust is managed by Trustees comprising of Public representative, investor association representative, Board Members and Senior officials of the Exchange.

The Investor Protection Fund Trust, based on the recommendations of the Defaulters' Committee, compensates the investors to the extent of funds found insufficient in Defaulters' account to meet the admitted value of claim, subject to a maximum limit of Rs. 11 lakhs (1.1 million USD) per investor per defaulter/expelled member.

Bombay Stock Exchange (BSE)

Currently trading is not offered on the BSE by Interactive Brokers.

Security considerations following SLS opt out

Overview: 

Account holders who have elected to opt out of IBKR's Secure Login System (SLS) effectively relinquish the protections afforded by Two-Factor Authentication. They are strongly encouraged to utilize alternative security measures, with one of those being the IP Restrictions. By selecting this setting through Client Portal, you're telling Interactive Brokers that you only want access to your trading platforms from a specified IP address. In addition, should you have multiple authorized traders for a given account, these restrictions can be set at the individual trader level by the master user of the account. 

 

Preliminary checklist:

Before setting up the IP Restrictions, you will need to:

  • Know your WAN IP Address. That is the IP address exposed on the external (Internet) side of your network and it is different from your local IP address (called as well LAN IP address). If you trade from a company office, you can ask your IT or Networking department for the WAN IP address of your computer. If you connect to the Internet through a private broadband/cable/satellite connection you can get this information from your ISP (Internet Service Provider).
  • Make sure that your IP address is static. This means your IP address will always remain the same, and will not change upon router/modem reboot or after a certain time period. The same entities which provided you with the WAN IP address, can as well clarify whether it is a static or dynamic one.
  • Be aware that IP Restrictions are not effective immediately. Our systems apply the filters during their daily overnight restart. It can take up to 24 hours until they are active, depending on the time you submit your IP Restrictions request. The same applies when you modify or remove existing IP Restrictions. Please be sure to consider this when you are planning your course of action.
  • The IP Restrictions will be applied to ALL Trading Platforms offered by IBKR. It will not affect Client Portal access, which will remain accessible from any IP address.

Note:

Please take note that the technical ability to misrepresent one's IP address exists, and full account protection is only ensured by using SLS Two-Factor Authentication (ibkr.com/sls).

If you have any questions on the topic, please feel free to contact IBKR's Technical Assistance Center.

How to set the IP Restrictions:

  1. Login to Client Portal and click the menu icon in the top-left corner.
  2. From the left side menu, click on Settings, then on User Settings. Then click on the wheel (configure) icon next to IP Restrictions.
  3. You will see a brief description of the effects of IP Restrictions. To set up a new IP Restriction, click on Add IP Restriction.
  4. Select the Trader from the drop-down list and enter the IP Address (in the format xxx.xxx.xxx.xxx) you want to allow for him. Then click on Continue.
  5. If you logged into Client Portal without using the Two-Factor Authentication, you will now receive an email1 containing a Confirmation Number. Enter it in the Confirmation Number field. Once done, click on Continue to submit the request. If you logged in to the Client Portal using a security device, please proceed directly to point 6.
  6. If the operation completed successfully, you will see a confirmation screen. Click OK.
  7. The system will now list your active IP Address restrictions. Should you want to create an additional one, click again on Add IP Restriction, otherwise navigate away from this section

 

Opt-out and IP Restrictions for Penny Stocks traders:

Clients who have elected to perform an opt-out, thus using the Two-Factor Authentication only for the Client Portal, must activate the IP Restrictions in order to be able to activate Penny Stocks Trading Permissions.


Additional best practices for securing your computer and your network

  • When logging into the TWS, activate the checkbox “Use SSL” on the login screen. SSL (Secure Socket Layer) guarantees that all the information exchanged between your computer and our servers is protected using 128-bit encryption.
  • Use a firewall to prevent unauthorized access to the services exposed by your network or/and computer. During the firewall set-up, please make sure you authorize the host/ports listed in section DESKTOP TWS of KB2816.
  • Use antivirus software to identify and eliminate viruses which might have infected your computer.  As new viruses are constantly being created, you need to update the threats database of your antivirus software regularly.
  • Use anti-malware software to detect and remove spyware/malware programs which can collect various types of personal information, monitor your browsing activity and interfere with the control of your computer. Nowadays many antivirus solutions include a built-in anti-malware protection.
  • Refrain from using wireless connections (Wi-fi) which are public, unsecured or not operated by you. If the use of a unsecured network (e.g. public Wi-Fi hotspot) becomes necessary, do not log into any financial institution account you may have, including your IBKR account.

 

Notes:
1. If you have not received the email, please make sure it did not land in the Spam/Junk folder of your mailbox and possibly add the email addresses donotreply@interactivebrokers.com and help@interactivebrokers.com to the trusted senders list. You can then request a new email to be sent to you with the button Resend Confirmation Number.

 

Tips for selecting your security questions and answers

The security questions represent just one component of the security framework which IB has put into place to protect your account. We offer the following simple tips for selecting your security questions and answers in order to make the most effective use of this security measure:

1. Choose questions having answers that you can remember in the future and answer consistently.

2. Use one-word answers whenever possible.

3. Be careful with spaces. If you use "San Diego" as an answer to one of your security questions, the system will reject "SanDiego."

4. Avoid using quirky or nonsensical answers as they'll likely to be difficult to remember later.

5. Select a question which cannot be easily guessed or researched, has many possible answers and where the probability of guessing the correct answer is low.

6. Select a question for which the answer is unlikely to be known by others such as a family member, close friend, relative, ex-spouse, or significant other.

7. Choose a question having an answer which is stable and not likely to change over time.

Syndicate content