Security Centre - protecting your money, your investments and your account

Security lock

The security of your financial assets and your account is of the utmost importance to us. As a company regulated by the Financial Conduct Authority (FCA) we ensure all our systems and practices meet industry requirements. In addition, we have further security procedures of our own, so you can be confident of our commitment to the safety and security of your account at all times, including from any unauthorised access.

This page will cover the following information:

  • Keeping your money and investments safe
  • Answering your questions about the security of your account
  • Keeping your data and your account safe
  • How you can help keep your account safe from attack

Keeping your money and investments safe

Ongoing security for the safety of your investments 

Ensuring the safety of your investments and placing deals on your behalf is at the heart of what we do. We don’t select investments on our own, or your, behalf, so the success of our business depends on the service we provide for you, a responsibility we take very seriously.

All our client cash and investments are held separately from the company, for your benefit, and we cannot call on or use these assets for our own business. All our client investments are ring fenced in a nominee account and our client cash is held within Trust accounts.

Your investments are held in a nominee account

All our clients’ investments are held within a nominee account, Investor Nominees Limited, which is a wholly owned subsidiary of Interactive Investor. All your assets are held within this nominee account and we have robust systems and controls to ensure that the nominee company is compliant with the relevant regulations and is managed appropriately.

Keeping client investments entirely separate within a nominee account ensures that in the unusual event of default on our part, 100% of your stocks and shares will be returned to you by the nominee company. Client assets ring fenced in this way would not be treated as a recoverable asset by creditors of Interactive Investor.

Your cash is held in a trust account

All of our customers' cash is held in accounts that have full trust status protection, across a range of major UK banks. Holding the money in Trust accounts means we have no access to it for our own business and any potential creditors of Interactive Investor would have no right to it.

Cash is protected by the Financial Services Compensation Scheme to a maximum of £75,000 per bank (effective 1st January 2016).  

We continually review the banks we use to ensure we achieve the best levels of security for our customers. We monitor a range of banks so that we can effectively anticipate and respond to changes to economic and institutional conditions.

We take a conservative approach when choosing which banks to work with and diversify our client money amongst a panel of up to 12 major UK banks. Our Treasury Management Policy is reviewed on a monthly basis at Board Level.

Additional protections

As well as having these robust measures in place there are several other ways in which our business is set up to offer protection for your account and assets:

  • As we do not act as a bank we have no exposure to any under-performing assets, including sub-prime
  • Our business is managed with conservative principles, with rigorous internal controls and audit procedures
  • All operational activities are subject to ongoing monitoring by our compliance department.  This independent check is backed up by periodic review by our external auditors.  We also submit detailed monthly reports on stock and cash positions to the FCA
  • We reconcile all client stock and cash positions against an external record on a daily basis and in line with industry standards and regulatory rules 
  • We have been providing financial services online since 1995 and have a long-serving employee base
  • We hold additional, comprehensive insurance policies for further protection in case of internal and external fraud 
  • We do not lend any stock held in your account
  • As a FCA regulated firm we are required to maintain a minimum capital balance determined by the size and type of activities we undertake. Interactive Investor maintains a capital surplus significantly above these minimum requirements.

Frequently Asked Questions - about the security of your account

Q If I have an ISA and a trading account, what level of protection do I have for my assets?

A All client cash and assets are held separately from the company and ring fenced, for your benefit. We do not have any call over the assets. In the unusual event of a default on our part, 100% of your stock would be returned to you by the nominee company.

In line with industry practice, we contribute to the Financial Services Compensation Scheme (FSCS) fund and are within the scope of the scheme in the event of default.  We have robust systems and controls to ensure that the nominee company is compliant with relevant rules and regulations.

These arrangements are in line and consistent with all stockbroking firms in the UK. 

Client money is placed in a client money bank account which has client money status and is ring fenced from funds held by the firm.  We do not have any call over this cash and it cannot be used by the firm. 

Cash is protected by the FSCS to a maximum of £75,000 per bank.  So if we held cash at five banks you are effectively covered to £75,000 for each bank in the event of default.

Q How safe is my cash?

A Your cash is held in client money bank accounts that have trust status.  We cannot use this cash for our own means and it is ring fenced from our company assets.

Daily reconciliations are carried out and subject to management sign off.  These processes are regularly monitored by independent parties including Compliance and Internal Audit.

Q What if you hold cash in multiple banks?  Will I still receive just £75,000 in the event of default?

A – We diversify client money amongst a panel of up to 12 investment-grade banks. You can claim up to £75,000 per bank.

Q How safe is the nominee, and what level of protection does Interactive Investor provide?

A The nominee company (Investor Nominees Limited) is a subsidiary of Interactive Investor. We do not have any call over the assets and these are ring fenced. We have robust systems and controls to ensure that the nominee company is compliant with relevant rules and regulations and is managed appropriately. Daily reconciliations are carried out and subject to management sign off. These processes are regularly monitored by independent parties including Compliance and Internal Audit.

As the assets of the nominee company are ring-fenced from the firm’s assets, if there were any default on our part, all the assets would remain intact and be returned to you. These arrangements are in line and consistent with all stockbroking firms in the UK.

In line with industry practice we also contribute to the Financial Services Compensation Scheme (FSCS) fund and are within scope of the scheme. In addition, we have substantial additional insurance policies to protect your cash and assets from a comprehensive range of issues.

Keeping your data and your account safe

Our obligations as a regulated company

As a company regulated by the Financial Conduct Authority we ensure all our systems and practices meet industry requirements. These measures, together with our own security practices, are in place to help ensure the safety of your account, including from any unauthorised access.

How we protect you and your data from attack

The security of your account is of the utmost importance to us and we are fully committed to giving you the best protection online. This includes using the latest and most appropriate technology to ensure that our online services are provided in a safe and secure environment. This includes:

Encrypting your data

We use the latest encryption technology on the trading services sections of our site to stop anyone from seeing your details, payment card details or transaction information.

For more information see our security page.

Secure login

Our secure account login process requires you to authenticate yourself with your name and password. You will also add your pin number details through a secure keypad entry system, set up to protect your account against keyloggers. If we detect repeated incorrect attempts to login we will lock your account – it can only be reactivated by you calling our contact centre.

Secure online sessions and timed exits

All your trading activity is done within a secure session. If you leave your account without activity for a period of time, we will automatically log you out.

Keeping your personal details safe

We store personal data securely on internal networks and the networks of our agents. These are not directly accessible from the internet.

We will never ask for your account details to be sent by email and our agents will never have access to your entire password.

For more information see our security and privacy pages.

How you can help keep your account safe from attack

We do all we can to protect the security of your account and we encourage all our investors to work in partnership with us. As a general rule, it is considered good practise to change your account and website passwords on a monthly basis – see more about managing passwords

You can change your login credentials for your trading account within ‘Security Details’ as part of the Account Admin section.

It also helps to be aware of the different types of potential attacks. As well as online attempts to undermine your account or financial information, some fraudsters operate illegal shares sales, known as ‘boiler room’ schemes, by phone or post.

We’ve outlined below the main types of attack to be aware of and what you can do to protect yourself and your account.

‘Boiler room’ investment or share sales

What is it?

The term ‘boiler room’ is used to describe illegal, aggressive misselling of shares that are worthless, vastly overpriced or ones traded in very limited volumes/markets. The purpose of the sales pitch is to defraud investors and it is typically done with a high-pressure approach.

Unfortunately there has been an increase in boiler room scams in recent years.

What happens?

These shares sales frauds typically start with a phone call from a person posing as a salesperson for shares in companies you are unlikely to have heard of.

Shares sales fraudsters tend to be very persistent and can be very convincing – even providing authentic-looking websites and information for the company shares they are selling. They will frequently offer gifts and free reports and will often succeed by wearing down the investor until they eventually agree to invest.

If you fall foul of this particular type of fraud there is unfortunately little chance of compensation and you are almost certain to lose any money invested. These scams are almost always operated from foreign countries (whatever the salesperson says). This means the fraudsters are not regulated by an authority which might protect or provide compensation for the victim.

What you can do to protect yourself

You should be particularly cautious if any approach to sell investments directly to you is unsolicited, you are being offered unrealistically high returns on investments, and/or you are asked to keep the approach confidential.

You should always check the validity of any scheme you intend to invest in. Pay particular attention if you find it difficult or impossible to get hold of any real evidence of the scheme’s legitimacy, or find that telephone numbers are untraceable mobile/cell numbers.

If you think you may have been approached by a fraudulent sales person you can check on the FCA website to see if the company they claim to be from is legitimate.

If you have any suspicions, you should check with the relevant authority that the company the salesperson claims to represent is on a regulator’s register - and that it is allowed to give financial advice and to make investment sales. If it is not, of you are unable to find this information, you should ignore or terminate any future calls.

Even if the company is on a register, you should not assume that the salesperson actually works for that company. Do your own independent checks and call the firm the salesperson claims to work for on a number not given by the salesperson.  Any genuine salesperson will not mind a customer undertaking their own checks.

Identity theft

What is it?

Identity theft is when someone uses your personal details to pretend to be you, often using them for financial gain.

You can be vulnerable to identity theft on social networking sites and when using other online services, as well as in the real world.

What happens?

Once an identity fraudster has your personal details they can access some or several of your accounts, removing money or buying services or goods which you are charged for but, never see.

What you can do to protect yourself

There are a number of precautions you can take, both online and offline, to make sure no one gets hold of your personal details.

Protecting yourself online and on the phone

  • Create strong passwords and usernames – with numbers and lower and upper case letters
  • Use different details for different account logins and never disclose them to anyone
  • Verify who you’re speaking to on the phone or online
  • Check your bank and trading statements regularly and report any transactions you don’t recognise
  • Don’t be afraid to say ‘no’ if you think someone is trying to trick you out of information
  • Avoid using the auto-complete option when filling in forms online – your browser stores your details to do this and that information is easy for thieves to access.
  • Don’t post personal details on chat rooms, forums or social networking sites
  • If you use internet cafes, make sure no one can see any screens showing personal details, and always log off from accounts if you move away from your computer

Password Management

  • Create strong passwords and usernames – with numbers and lower and upper case letters.
  • Don't choose words or dates obviously associated with you - people can often find out a lot about you online – from your date of birth to your pet's name.
  • Don’t rely on words that can be found in a dictionary – hacking algorithms usually use dictionary entries as the first  line of attack.
  • Use a mixture of unusual characters - you can use a word or phrase that you can easily remember but with replaced characters, eg, Myd0gha5N0n05e!.
  • Have different passwords for different sites and systems - if one account gets compromised, this does not give automatic access to all your other accounts.
  • Keep your passwords safe - writing them down can be highly insecure.
  • Where possibly, consider changing your passwords on a regular basis – many experts recommend a monthly password change.

Protecting yourself offline

  • Read your bank statement as soon as you receive it and report any transactions you don’t recognise.
  • Check any statements carefully and securely store statements, bills and confidential letters.
  • Shred personal information you want to throw away – a common way fraudsters get hold of people’s details isn’t online, but by going through their rubbish.
  • Redirect your post using the Royal Mail Redirection Service if you move home.
    Shield your PIN when using Cashpoints or in shops
  • Don’t use a cashpoint if you suspect it’s been tampered with – signs include anything sticking out of, or a sticky substance around, the card slot.
  • Consider obtaining credit reference reports from providers such as Experian

Malware

What is it?

Malware is the term used for any kind of software that is designed to be used by attackers to gather your personal information (for malicious intent) or cause disruption to your computer or systems in some way.

Even with anti-virus software and firewalls, malware can sometimes get through to cause damage to your computer, track what you do online and give criminals access to your security details. Types of malware include:

  • computer viruses,
  • trojans,
  • spyware,
  • scareware.

Computer viruses

Computer viruses are mostly a threat if you don’t have anti-virus software, which is specifically designed to protect your computer against them.

What are they?

Computer viruses are software programmes that have the potential to damage your computer and, in some cases, track what you do online and pass back information, including your security details, to hackers.

You might notice you have a virus on your computer if it starts performing uncharacteristically – or you notices changes you can’t account for. For example it may slow down significantly, you may notice that files have been changed or deleted. Or you may even see messages and pop ups being displayed (or even music playing on its own) that you haven’t initiated.

Other types of malware include Trojans, Spyware and adware and scareware.

Trojans – are software programmes that pretend to be something they are not. Essentially they are harmful programs, often disguised as downloadable files such as screensavers, tools or applications.

Spyware - secretly tracks what you do online to get information about your browsing habits, and might display unwanted advertising, while Adware installs pop-ups and advertising on your computer. Spyware and adware can be relatively harmless, but they can scan your hard disk to get your personal details and can slow down your computer.

Scareware is designed to trick you into installing malware software. Typically it does this by delivering pop ups which tell you your computer has been infected and inviting you to buy software that remove the issue. Whereas, the software you buy  is likely to contain malware.

What you can do to protect yourself

To project you from any type of computer virus you should always be cautious about sites you visit, links you click on, and be extremely cautious about any files you download or install – especially if you haven’t requested them.

  • Ensure you have up-to-date anti-virus software installed
  • Use the latest version of any software you use, such as your internet browser
  • Avoid clicking on links or downloading files from sources you don’t know, haven’t requested or aren’t confident about
  • Only buy software from sources you trust

Useful contacts