Partner With Us NRI

How to protect your trading account against cybercrime / data breaches


Let's hope you never see yourself in this situation. Like any other day, you go online to check your trading account details. And your jaw suddenly drops. There is minimal to nil balance in your account. But you know for sure that neither the market nor any of your investments have fallen in value. So, you quickly check the statement and collapse in shock. You see a list of money transfers from your trading account to an outside bank account. Neither did you authorize these transactions, nor did you receive notifications regarding the transfers. Unfortunately, you've just fallen prey to identity theft, hacking or cybercrime.

Why you should not take your trading account for granted

Your online trading account gives you instant access to check your information at any time, allows you to buy and sell securities and transfer money to and from your savings account. It offers you convenience and a host of benefits and features. But if you haven't been practising online safety measures, you could fall prey to malicious activity from lurking online cybercriminals.

For instance, as recent as last week, a popular online US stock trading platform, Robinhood, suffered a massive data breach with more than 5 million customer email addresses and 2 million customer names hacked, including a smaller set of more specific customer information. With the help of sophisticated software, malware and viruses, hackers infiltrated financial information of millions of customers.

What happens in a data breach?

When a trading account is hacked, cybercriminals or fraudsters obtain information to gain unauthorized access to the account. They then steal assets and securities or could misappropriate information to render the trading account invalid.

How do online frauds and identity thefts take place?

Hackers use malicious programs to attack unprotected and vulnerable computers of online investors.

For instance, you may have received an email that appeared genuine from a hacker. You probably think it to be an authentic link, attachment or URL. You click on it and, without your knowledge, launch a backend program or virus that begins to steal information back to the thief's computer. The virus or program monitors your computer activity, logs your keystrokes, thus allowing the identity thieves to obtain your credentials for all your financial accounts, including your trading account.

How can you detect if there is an issue?

The most crucial step is to monitor your account vigilantly. That means you need to go through your account and read your statements carefully. 

Signs that point out identity theft or cybercrime include:

  • Unauthorized transactions, transfers and unfamiliar deposits

  • Misplaced funds or investments

  • Suspicious updates or unauthorized modifications to account information such as a change in email, mobile number or address

  • Sudden notifications from your brokerage company indicating a change to your trading account that you did not authorize

  • Omitted account statements

  • Unfamiliar savings account added to your trading account

If you notice any of the above signs, your trading account may have been compromised. In this case, you would need to reach out to your brokerage company immediately. While the firm takes the necessary steps to get you the requisite assistance, you must change your username and password for the breached trading account and every other financial account you use with the same login.

How to safeguard your trading account?

  • Know what you're clicking. With phishing getting more sophisticated, an ideal way to safeguard yourself from a malicious attack is to ensure you do not click on any unverified emails. Even if you are 100% sure the link is valid, it's always safe to avoid clicking. Instead, you may want to go to the financial firm's website or app to confirm the information sent to you.

  • Use robust passwords. Do not save your passwords on your computer, do not share them or make a note of it anywhere that can be easily viewed and stolen. Use strong and different passwords for different accounts and change your passwords regularly.

  • Do not use a public computer. As a trader wanting to keep tabs on the market at any time or place, you may be tempted to use a shared computer. However, that could be risky. For one, there may be no assurance about the network security or if the computer you're using has been infected with malicious software.

  • Always enable two-step verification or multifactor authentication. How can you eliminate the likelihood of a cybercriminal taking over your trading account? Opt for multifactor or two-step verification -- you will need to enter your password, provide your password with a thumbprint, and an OTP sent as a text to your smartphone to access your trading account. 

  • Maintain up-to-date information. Enable alerts on every financial activity and all financial transactions. Doing so can ensure you receive instant notification of any suspicious account activity, thus allowing you to react instantly to unauthorized transactions.

  • Update your computer security. Install effective and robust antivirus, antispam and spyware detection features, especially if you are in the business of engaging in online financial transactions. If you're using a computing terminal, ensure it has up-to-date security software. Remember to configure the software for automatic updates and patching. If you're using a smartphone device, install security updates the moment you receive an update notification. Look to improve the safety of your system periodically to ensure it is up to date on online security.

How iSec protects your trading account

At ICICI Direct, we are committed to developing robust defence mechanisms and procedures to address these concerns. We are highly sensitive and cautious about cyber security practices and understand our responsibility in securing the customer's personal information and other related details.

To achieve this objective, ICICI Direct has invested in technology systems designed to offer responsive and reliable solutions that:

  • Manage customer privacy and information security

  • Safeguard assets and businesses

  • Ensure compliance with applicable laws

Our robust and resilient Information Security processes ensure confidentiality, integrity, and data availability at all levels of infrastructure and applications.

We focus on all verticals of cyber security and follow an established framework to address cyber security relating to:

  • Application security

  • Data security

  • Infrastructure and network security

  • Governance

  • Risk

  • Compliance

  • Detection

  • Mitigation

At ICICI Direct, we understand that cyber security is a constantly evolving area, hence making sustained investments in upgrading our systems and strengthening the cybersecurity team's breadth, depth, and capabilities.

We do this through:

  • Regular reviews of our information security framework

  • Measures to enhance team member awareness

  • Periodic application control reviews that cover Vulnerability Assessment and Penetration Testing involving external firms where necessary

In addition, every new application is subjected to Application Security Life Cycle (ASLC) testing. Periodic audits are conducted by the Internal Audit Group covering network security, database security and web servers. Additionally, we are also subject to SEBI-mandated Half Yearly Systems Audit and Cyber Security Audit.

While we constantly strive to put in place best-in-class controls relating to cyber security, we understand that due to the complexity of systems and sophistication of threat actors, it can be difficult to ensure complete safety at all times. Hence, we put in significant efforts and infrastructure to monitor our networks and identify threats and attacks through 24 x 7 monitoring systems.


At ICICI Direct, we hold cyber security as one of our topmost priorities and hence remain always cautious regarding the same. We constantly work towards enhancing our security posture.
Secure your financial information and protect your trading account today. Implement these simple safety measures and guard yourself against cybercriminals, malicious hackers and sophisticated thieves.


ICICI Securities Ltd. ( I-Sec). Registered office of I-Sec is at ICICI Securities Ltd. - ICICI Venture House, Appasaheb Marathe Marg, Prabhadevi, Mumbai - 400 025, India, Tel No : 022 - 6807 7100. The contents herein above shall not be considered as an invitation or persuasion to trade or invest.  I-Sec and affiliates accept no liabilities for any loss or damage of any kind arising out of any actions taken in reliance thereon. The contents herein above are solely for informational purpose and may not be used or considered as an offer document or solicitation of offer to buy or sell or subscribe for securities or other financial instruments or any other product. Investments in securities market are subject to market risks, read all the related documents carefully before investing. The contents herein mentioned are solely for informational and educational purpose.

Most Popular

  • 21 Jun 2022
  • ICICI Securities

Should you invest in Mutual Funds SIPs or FDs?

Choosing between a Systematic Investment Plan and a Fixed Deposit comes down to risk appetite and investment goal. Nevertheless, mutual fund SIP investments can be beneficial in many ways. This article will outline the difference between the two investment instruments and which one you should choose.

  • 21 Jun 2022
  • ICICI Securities

How to choose the best SIP investment?

Systematic Investment Plans (SIPs) are an option to make regular investments in mutual funds. Before heading to make an investment in SIP mutual funds, consider these factors to find the one that perfectly justifies your financial goals. 

  • 21 Jun 2022
  • ICICI Securities

How does long term capital gains tax impact you?

Certain assets, such as real estate and shares, attract long term capital gains (LTCG) tax. Here’s what you need to know about LTCG tax and how it can impact your finances.

  • 21 Jun 2022
  • ICICI Securities

Choosing between stock market and fixed deposit investments

Choosing the right investment option is critical for meeting personal financial goals. This article will highlight the difference between choosing stock market investments and fixed deposits—the aspects to consider, the risk-return profile, and what would fit into your portfolio.

  • 21 Jun 2022
  • ICICI Securities

Are Small-Cap funds good investments?

The best small-cap funds outperformed large-cap and mid-cap mutual funds last year. Now that the markets are turning bearish, is it a good idea to invest in small-cap mutual funds? Here’s an overview of these equity mutual funds to help you make an informed decision.

  • 17 Jun 2022
  • ICICI Securities

What Does the US Fed's Biggest Rate Hike Mean?

On 15th June 2022, the US Federal Reserve hiked interest rates by 75 basis points, the biggest hike since 1994. Why did it do so? What are its implications for India? Read on to find out more.

  • 15 Jun 2022
  • ICICI Securities

What is ESG investing and everything you need to know about it

In the last few years, since climate awareness and social justice have piqued people’s interest worldwide, ESG investment has increased. This article talks about ESG investing and the options available for ESG investment in India.

  • 15 Jun 2022
  • ICICI Securities

The Latest ESG Reporting and Framework in India

In May 2021, India introduced a new environment, social, and governance (ESG) guideline for the top 1,000 listed companies by market capitalisation. The Business Responsibility and Sustainability Report (BRSR) will be mandatory for these companies from FY 2022-23. Here’s what you should know about this ESG guideline.

  • 15 Jun 2022
  • ICICI Securities

Difference Between ESG and SRI Investing

When it comes to value investing, the two terms—ESG investing and SRI investing—are often confused. However, ESG investing strategies are different from SRI investing strategies. Read more to find out what sets the two apart and how you can decide which approach to adopt.

  • 14 Jun 2022
  • ICICI Securities

Four ways to ensure you leave your children a financial legacy

It is a moment of pride for parents to see their children earn their own money and lead a life with dignity. No words can express the joy to see your children grow, but how do you touch their life when you are gone? You can do that by leaving behind a financial legacy for your children to inherit. Here are four ways you can align your financial plan such that you leave behind something for your children.