Security

2-Factor Authentication on login supports google authenticator, with optional SMS backup.
Ability to change username and email address at any time.
Username can be freely chosen. We encourage users to not use their email address as username to improve security.
Email notifications are sent on each login.
Instant account suspension from email link for unauthorised logins.
Duress password to suspend an account.
Additional security information is requested on login attempts from different IP addresses.
Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
SMS notifications on account security detail changes (like email change or password changes).
Cryptocurrency address whitelisting - Withdrawals to new addresses require SMS confirmation.
Browser whitelisting - Email confirmation for logins from new browsers.
Bot shield – Automatic account protection from brute force attacks.
Optionally PGP signed emails to verify email validity.

All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
Uploaded documents are visibly watermarked (all verification documents and support message attachments).
Uploaded documents are encrypted by physically dispersed keys (all verification documents and support message attachments).
Uploaded documents (all verification documents and support message attachments) are only accessible by admins with special permission for KYC verification purposes and are watermarked to protect the document.
Full encryption of support chat text messages.
All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
Secure connections are always enforced when accessing the website or API from any device.
Top tier data centres with geographically dispersed disaster recovery backup servers.
No off the shelf systems, designed from the ground up to be a secure crypto platform with security as the number one consideration.
Intrusion detection monitoring for unauthorised system access.

97%+ of cryptocurrency is stored in cold storage, with constant automated monitoring.
Hot wallet private keys are multi-layer encrypted using geographically dispersed keys.
Continuous monitoring and address reconciliation between system accounts and the blockchain.
System explicitly designed to never expose hot wallet private keys, even to administrators.

97%+ of cryptocurrency is stored in cold storage.
Cold storage is held in multiple geographically dispersed vaults, each with extensive physical security.
Cold storage requires multiple employees and approvals for physical access.
Proprietary offline storage with multiple encryption layers and multiple redundancies.
Multi-signature withdrawals always requiring more than one person for execution.
Survivorship procedures to recover cold storage funds in case of a catastrophic event.

Regular penetration testing is conducted on the system.
Bug bounty in place.
Administrators have tiered access to the system.
Administrators actions relating to user accounts or value transfer are audited and require multi-level approvals.
Regular Police checks conducted on all administrators with system access.

Please report any security vulnerabilities to security@independentreserve.com

Please see our blog article on measures you can take to protect your account: https://www.independentreserve.com/blog/knowledge-base/protect-your-account

Independent Reserve Security