Independent Reserve security

Account security

• 2-Factor Authentication on login supports google authenticator, with optional SMS backup.
• Ability to change username and email address at any time.
• Username can be freely chosen. We encourage users to not use their email address as username to improve security.
• Email notifications are sent on each login.
• Instant account suspension from email link for unauthorised logins.
• Duress password to suspend an account.
• Additional security information is requested on login attempts from different IP addresses.
• Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
• SMS notifications on account security detail changes (like email change or password changes).
• Cryptocurrency address whitelisting - Withdrawals to new addresses require SMS confirmation.
• Browser whitelisting - Email confirmation for logins from new browsers.
• Bot shield – Automatic account protection from brute force attacks.

System security

• All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
• Uploaded documents are visibly watermarked (all verification documents and support message attachments).
• Uploaded documents are encrypted by physically dispersed keys (all verification documents and support message attachments).
• Uploaded documents (all verification documents and support message attachments) are only accessible by admins with special permission for KYC verification purposes and are watermarked to protect the document.
• Full encryption of support chat text messages.
• All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
• Secure connections are always enforced when accessing the website or API from any device.
• Top tier data centres with geographically dispersed disaster recovery backup servers.
• No off the shelf systems, designed from the ground up to be a secure crypto platform with security as the number one consideration.
• Intrusion detection monitoring for unauthorised system access.

Hot wallet security

• 97%+ of cryptocurrency is stored in cold storage, with constant automated monitoring.
• Hot wallet private keys are multi-layer encrypted using geographically dispersed keys.
• Continuous monitoring and address reconciliation between system accounts and the blockchain.
• System explicitly designed to never expose hot wallet private keys, even to administrators.

Cold storage security

• 97%+ of cryptocurrency is stored in cold storage.
• Cold storage is held in multiple geographically dispersed vaults, each with extensive physical security.
• Cold storage requires multiple employees and approvals for physical access.
• Proprietary offline storage with multiple encryption layers and multiple redundancies.
• Multi-signature withdrawals always requiring more than one person for execution.
• Survivorship procedures to recover cold storage funds in case of a catastrophic event.

Operational

• Regular penetration testing is conducted on the system.
• Bug bounty in place.
• Administrators have tiered access to the system.
• Administrators actions relating to user accounts or value transfer are audited and require multi-level approvals.
• Regular Police checks conducted on all administrators with system access.