Security Concerns

It is a good thing to be concerned for the security of your trading account. In fact, our security features are much better than those offered by some of the brokers in the industry. And you will find that hardly any trading software company or stock broker gives so much detailed insight of their security features to clients.

Reason for concerns

For web based trading platforms, our system asks for login credentials of your trading account. Obviously, this will raise questions about trading account security. Hence we have written this article to give our users an insight into our security.

Why is it needed?

All web based trading platforms are highly secured. So any outside system like AutoTrader cannot interact with your trading platform without proper access. People use AutoTrader APIs for automated trading or multi-account trading purposes; which requires actions to be performed in their trading account by communicating with their respective web based trading platforms.

If AutoTrader does not have credentials, then all communication with the trading platform will result in an error. And users will not be able to trade into trade into their accounts via AutoTrader.

How does it work?

AutoTrader uses the credentials entered by you to automatically login into the trading platform. It then perform actions requested by users or their trading strategies. Some of those common actions are:

  • Place/modify/cancel order
  • Read live portfolio

These credentials are saved by AutoTrader in stocksdeveloper’s database in an encrypted form.*

Just to give our users a look inside our system, here is a screenshot from our test database which shows sensitive information saved in an encrypted format.

Admin
encrypted-crendetials
Credentials stored in Encrypted format

* Encrypted form means the credentials are converted into (junk characters) that are meaningless to the user reading it. Only the system can understand it. Only the administrator has access to the database, but even he/she sees your credentials as a sequence of junk characters, which are meaningless.

One way hashing technique (BCrypt) ensures that the password can never be converted back to plain text format. API Key & trading account credentials are stored with two-way encryption as users might need to view it.

  • Trading account credentials are stored with two-way encryption. This is because the system needs to read them back while communicating with your trading platform.
  • AutoTrader Web’s internal API Key (which provides API access to AutoTrader Web) is stored with two-way encryption. This is because users might need to view it in case they forget the key.
  • User’s login password for AutoTrader Web is stored using one way hashing technique (BCrypt). It ensures that the password can never be converted back to plain text format.

Portfolio & Trading Data

  • Our system does NOT store your portfolio or trading data in our database
  • When you view your portfolio data in our system, it works like this:
    • Our server fetches the data from your broker
    • The data is immediately send to the user (his/her browser)
    • Once the data is sent, it is immediately erased from our server’s memory (RAM)
    • The data is not stored on any persistent device

Other security features

Detailed logs

Our system provides a detailed milliseconds level log of every activity done by you in our system. These logs are extremely useful in investigating issues or to understand the origin of orders etc.

This gives complete transparency to the users. They know that have a proof of everything happening in their account. In case of any issues, logs help users understand whether the problem was with broker system or our system. In fact, on a few rare occasions we have seen user’s providing us these logs as a proof for any problem that they had faced. Our team promptly fixed the issues.

Cutting Edge Technology

AutoTrader-Web has been built using the latest versions of Spring framework. Spring is the most widely used application development framework for Java. Spring security module provides many built-in security features for the web application. The details about those features can be found here. Our servers use latest & stable version of Java 11.

Our vision is to always use the latest cutting edge technologies.

Network Security (SSL/HTTPS)

AutoTrader-Web’s server uses SSL/HTTPS, so all communication between your computer & the server is encrypted.

Uses Google’s infrastructure

Our website as well as back-end services are hosted on Google cloud’s Mumbai data center. They use security measures offered by Google & have been placed behind firewalls. This makes sure our services are not only secured but also deliver high performance with low latency along with 99% up-time.

Backup Servers

All of our services exposed online have primary & backup server. This makes sure that even if we have an issues with one of our servers, there will still be a backup server which will allow users to trade.

Primary Server

Backup Server

What are the Risks?

Will stocksdeveloper trade in my account without my permission?

NO, never. This is our policy, all actions taken by our systems will always be as a result of our user’s actions. Example, users placing orders via excel utilities, users’ trading strategies placing orders.

Our staff has no access to your trading account. And our systems are built in such a way that they will never trade on their own.

You can always check all the activity into your trading platform and try to reconcile them with the activity done by you or your trading strategies.

If you ever face a scenario for which you do not find an explanation, you can always write to us.

Finally you can always change your trading platforms credentials. We can never change your credentials for following two reasons:

  1. Your credentials are saved in encrypted form, so we cannot read it
  2. Changing of trading platform credentials requires additional authentication via email or sms (which is going to be yours)

Will stocksdeveloper withdraw funds from my account?

No, we cannot do that. Please understand that a trading account is linked to your own bank account. So any withdrawal made will result in the amount being credited to your own bank account.

Will stocksdeveloper share my trading activity or portfolio statistics?

No.

Trading activity is stored only for logging and investigation purposes, which is useful for users to debug trading strategies and issues. This is only accessible to the user from Actvity screen.

Portfolio statistics are not stored in the database at all & they are not shared with anyone.

Why should a user trust us?

Stocksdeveloper is driven by a passion for technology, our focus is always on developing world class software. There is not much we can do, apart from trying to explain every detail to the users to gain their trust.

But, if you still have doubts then you can always use broker specific APIs. Nowadays there are many brokers who provide their own APIs. But doing so will not give you broker independence & the ability to manage multiple trading accounts from a single system.

What should a user do, if he/she has a doubt?

This is applicable if you have entered your trading account credentials in AutoTrader Web. If for some reason, you are doubtful about security; then you should immediately change your trading platform password.

Remember trading platform password change requires access to your email, so there is no way AutoTrader team can change your password.

Once you have changed your password, you are safe as AutoTrader Web will have an old password. Once last thing to do is to simply delete your trading account from AutoTrader Web.

Questions

If you have any other questions, feel free to contact us.