Independent Reserve Security
We take security seriously, it is at the forefront of everything we do. There is no product puffery here.
Platform Security Features
- 2-Factor Authentication on login supports google authenticator, with optional SMS backup.
- Ability to change username and email address at any time.
- Username can be freely chosen. We encourage users to not use their email address as username to improve security.
- Email notifications are sent on each login.
- Instant account suspension from email link for unauthorised logins.
- Duress password to suspend an account.
- Additional security information is requested on login attempts from different IP addresses.
- Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
- SMS notifications on account security detail changes (like email change or password changes).
- Cryptocurrency address whitelisting - Withdrawals to new addresses require email confirmation.
- Browser whitelisting - Email confirmation for logins from new browsers.
- Bot shield – Automatic account protection from brute force attacks.
- Optionally PGP signed emails to verify email validity.
- All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
- Uploaded documents are visibly watermarked (all verification documents and support message attachments).
- Uploaded documents are encrypted by physically dispersed keys (all verification documents and support message attachments).
- Uploaded documents (all verification documents and support message attachments) are only accessible by admins with special permission for KYC verification purposes and are watermarked to protect the document.
- Full encryption of support chat text messages.
- All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
- Secure connections are always enforced when accessing the website or API from any device.
- Top tier data centres with geographically dispersed disaster recovery backup servers.
- No off the shelf systems, designed from the ground up to be a secure crypto platform with security as the number one consideration.
- Intrusion detection monitoring for unauthorised system access.
Hot Wallet Security
- 97%+ of cryptocurrency is stored in cold storage, with constant automated monitoring.
- Hot wallet private keys are multi-layer encrypted using geographically dispersed keys.
- Continuous monitoring and address reconciliation between system accounts and the blockchain.
- System explicitly designed to never expose hot wallet private keys, even to administrators.
Cold Storage Security
- 97%+ of cryptocurrency is stored in cold storage.
- Cold storage is held in multiple geographically dispersed vaults, each with extensive physical security.
- Cold storage requires multiple employees and approvals for physical access.
- Proprietary offline storage with multiple encryption layers and multiple redundancies.
- Multi-signature withdrawals always requiring more than one person for execution.
- Survivorship procedures to recover cold storage funds in case of a catastrophic event.
- Regular penetration testing is conducted on the system.
- Bug bounty in place.
- Administrators have tiered access to the system.
- Administrators action relating to user accounts is audited and requires multi-level approvals.
- Administrators action relating to user accounts or value transfer requires multi-level approvals.
- Regular Police checks conducted on all administrators with system access.
External Penetration Testing
- December 2017
- February 2018
- May 2018
- September 2019
- February 2021
- August 2021
Please report any security vulnerabilities to firstname.lastname@example.org
Protecting your account
Please see our blog article on measures you can take to protect your account: https://blog.independentreserve.com/knowledge-base/protect-your-account