OANDA Faces its Own Platform Outages after FXCM Reports Cyber Hacking
OANDA customers were unable to access their accounts today after the broker suffered an internal network problem.
On the same day that FXCM announced an incident of cybercrime and that customer accounts were breached, OANDA has suffered its own technical problems. Apparently unrelated to FXCM’s problems, OANDA customers were unable to access their accounts for nearly two hours and were directed to call customer support for the closing of any open positions.
According to OANDA, the platform outage was related to “an internal network issue” and customer data was secure and not breached by external parties. Although unrelated to the cybersecurity problems faced by FXCM, the platform outage represents another case of technical failures for a major broker or trading exchange over the last few months.
Join the iFX EXPO Asia and discover your gateway to the Asian Markets
The outage was related to an internal network issue. All customer data and financial records are fully secure.
Suggested articles
GIBX Mining Farm and IPFS Mining Pool Opening Up New OpportunitiesGo to article >>
— OANDA (@OANDA) October 1, 2015
Over the summer, stock exchanges suffered multiple trading outages. Among them, the NYSE suffered a four hour outage in July, that they attributed to a software update failure. Arguably experiencing the greatest problems has been the Moscow Exchange which has experienced multiple outages over the last few months at its data centers, the most recent ones occurring last month.
Overall, the outages represent one of the bigger vulnerabilities affecting the trading industry. On the one hand, advancements in technology have made it easier and cheaper for a wider spectrum of participants to connect to exchanges and liquidity providers. On the other hand, these increasingly complicated networks of data connection have thinned the line between operating a smooth network and one with complications. Adding to this are cybersecurity problems such as fraudsters attempting to breach company databases, as well as DDoS attacks. The result is that volumes on electronic trading networks are rising across the multi-asset spectrum, but it is becoming harder for IT professionals to maintain these networks.
Some major brokers like IB have platform status webpage. This is a good way of informing clients of any downtimes or problems. I wish OANDA could have same kind of a status page.
Whitelisting will become more important. Many automated traders trade from VPS or other cloud solutions, so an a ability for the firewall to whitelist certain IP addresses or cross-connections would certainly reduce attacks that come from the public internet.
I feel brokers should start looking at registering machine addresses ( MAC address) of traders that wanna trade on the platform . So this way that machine can be on any IP and is allowed access and if any machine that is not registered would not be allowed access the platform .. i believe this will tremendously reduce platform abuse by hackers .
Two-factor authentication is much better solution to this problem. However OANDA is not too willing to implement it although it was suggested by me numerous times. That’s how much they care about the security. There’s no point discussing other security measures until their view on security will change.
The back office should have 2FA for certain features.
Not just back office. Client’s access to the platform and funds as well.
Majority of retail traders will still connect to the platform directly from their PCs. And majority of them have dynamic IPs. So I don’t think it’s a good solution.
However I agree that restricting access by IP address would be a nice security feature to have. InteractiveBrokers has this feature – they allow you to configure which IPs or subnets are allowed to access the account. I wish OANDA would have the same feature.
The majority of [automated] orderflow will come from vps or some other cloud service, not dynamic IP. But yes, a combination of machine identification, 2FA for certain client login services (like deposit/withdraw/transfer requests).