Partner With Us NRI

Open Free Trading Account Online with ICICIDIRECT

Incur '0' Brokerage upto ₹500

How to protect your trading account against cybercrime / data breaches

5 Mins 07 Dec 2021 0 COMMENT


Let's hope you never see yourself in this situation. Like any other day, you go online to check your trading account details. And your jaw suddenly drops. There is minimal to nil balance in your account. But you know for sure that neither the market nor any of your investments have fallen in value. So, you quickly check the statement and collapse in shock. You see a list of money transfers from your trading account to an outside bank account. Neither did you authorize these transactions, nor did you receive notifications regarding the transfers. Unfortunately, you've just fallen prey to identity theft, hacking or cybercrime.

Why you should not take your trading account for granted

Your online trading account gives you instant access to check your information at any time, allows you to buy and sell securities and transfer money to and from your savings account. It offers you convenience and a host of benefits and features. But if you haven't been practising online safety measures, you could fall prey to malicious activity from lurking online cybercriminals.

For instance, as recent as last week, a popular online US stock trading platform, Robinhood, suffered a massive data breach with more than 5 million customer email addresses and 2 million customer names hacked, including a smaller set of more specific customer information. With the help of sophisticated software, malware and viruses, hackers infiltrated financial information of millions of customers.

What happens in a data breach?

When a trading account is hacked, cybercriminals or fraudsters obtain information to gain unauthorized access to the account. They then steal assets and securities or could misappropriate information to render the trading account invalid.

How do online frauds and identity thefts take place?

Hackers use malicious programs to attack unprotected and vulnerable computers of online investors.

For instance, you may have received an email that appeared genuine from a hacker. You probably think it to be an authentic link, attachment or URL. You click on it and, without your knowledge, launch a backend program or virus that begins to steal information back to the thief's computer. The virus or program monitors your computer activity, logs your keystrokes, thus allowing the identity thieves to obtain your credentials for all your financial accounts, including your trading account.

How can you detect if there is an issue?

The most crucial step is to monitor your account vigilantly. That means you need to go through your account and read your statements carefully. 

Signs that point out identity theft or cybercrime include:

  • Unauthorized transactions, transfers and unfamiliar deposits

  • Misplaced funds or investments

  • Suspicious updates or unauthorized modifications to account information such as a change in email, mobile number or address

  • Sudden notifications from your brokerage company indicating a change to your trading account that you did not authorize

  • Omitted account statements

  • Unfamiliar savings account added to your trading account

If you notice any of the above signs, your trading account may have been compromised. In this case, you would need to reach out to your brokerage company immediately. While the firm takes the necessary steps to get you the requisite assistance, you must change your username and password for the breached trading account and every other financial account you use with the same login.

How to safeguard your trading account?

  • Know what you're clicking. With phishing getting more sophisticated, an ideal way to safeguard yourself from a malicious attack is to ensure you do not click on any unverified emails. Even if you are 100% sure the link is valid, it's always safe to avoid clicking. Instead, you may want to go to the financial firm's website or app to confirm the information sent to you.

  • Use robust passwords. Do not save your passwords on your computer, do not share them or make a note of it anywhere that can be easily viewed and stolen. Use strong and different passwords for different accounts and change your passwords regularly.

  • Do not use a public computer. As a trader wanting to keep tabs on the market at any time or place, you may be tempted to use a shared computer. However, that could be risky. For one, there may be no assurance about the network security or if the computer you're using has been infected with malicious software.

  • Always enable two-step verification or multifactor authentication. How can you eliminate the likelihood of a cybercriminal taking over your trading account? Opt for multifactor or two-step verification -- you will need to enter your password, provide your password with a thumbprint, and an OTP sent as a text to your smartphone to access your trading account. 

  • Maintain up-to-date information. Enable alerts on every financial activity and all financial transactions. Doing so can ensure you receive instant notification of any suspicious account activity, thus allowing you to react instantly to unauthorized transactions.

  • Update your computer security. Install effective and robust antivirus, antispam and spyware detection features, especially if you are in the business of engaging in online financial transactions. If you're using a computing terminal, ensure it has up-to-date security software. Remember to configure the software for automatic updates and patching. If you're using a smartphone device, install security updates the moment you receive an update notification. Look to improve the safety of your system periodically to ensure it is up to date on online security.

How iSec protects your trading account

At ICICI Direct, we are committed to developing robust defence mechanisms and procedures to address these concerns. We are highly sensitive and cautious about cyber security practices and understand our responsibility in securing the customer's personal information and other related details.

To achieve this objective, ICICI Direct has invested in technology systems designed to offer responsive and reliable solutions that:

  • Manage customer privacy and information security

  • Safeguard assets and businesses

  • Ensure compliance with applicable laws

Our robust and resilient Information Security processes ensure confidentiality, integrity, and data availability at all levels of infrastructure and applications.

We focus on all verticals of cyber security and follow an established framework to address cyber security relating to:

  • Application security

  • Data security

  • Infrastructure and network security

  • Governance

  • Risk

  • Compliance

  • Detection

  • Mitigation

At ICICI Direct, we understand that cyber security is a constantly evolving area, hence making sustained investments in upgrading our systems and strengthening the cybersecurity team's breadth, depth, and capabilities.

We do this through:

  • Regular reviews of our information security framework

  • Measures to enhance team member awareness

  • Periodic application control reviews that cover Vulnerability Assessment and Penetration Testing involving external firms where necessary

In addition, every new application is subjected to Application Security Life Cycle (ASLC) testing. Periodic audits are conducted by the Internal Audit Group covering network security, database security and web servers. Additionally, we are also subject to SEBI-mandated Half Yearly Systems Audit and Cyber Security Audit.

While we constantly strive to put in place best-in-class controls relating to cyber security, we understand that due to the complexity of systems and sophistication of threat actors, it can be difficult to ensure complete safety at all times. Hence, we put in significant efforts and infrastructure to monitor our networks and identify threats and attacks through 24 x 7 monitoring systems.


At ICICI Direct, we hold cyber security as one of our topmost priorities and hence remain always cautious regarding the same. We constantly work towards enhancing our security posture.
Secure your financial information and protect your trading account today. Implement these simple safety measures and guard yourself against cybercriminals, malicious hackers and sophisticated thieves.


ICICI Securities Ltd. ( I-Sec). Registered office of I-Sec is at ICICI Securities Ltd. - ICICI Venture House, Appasaheb Marathe Marg, Prabhadevi, Mumbai - 400 025, India, Tel No : 022 - 6807 7100. The contents herein above shall not be considered as an invitation or persuasion to trade or invest.  I-Sec and affiliates accept no liabilities for any loss or damage of any kind arising out of any actions taken in reliance thereon. The contents herein above are solely for informational purpose and may not be used or considered as an offer document or solicitation of offer to buy or sell or subscribe for securities or other financial instruments or any other product. Investments in securities market are subject to market risks, read all the related documents carefully before investing. The contents herein mentioned are solely for informational and educational purpose.