Regulations Mandating Two-Factor Protection

Overview: 

Regulators in certain jurisdictions have imposed requirements that brokerage clients use Two-Factor Authentication when accessing their account. These requirements currently impact residents of Hong Kong and India with details provided below.

Hong Kong-based accounts

On 27 Oct 2017, the Securities & Futures Commission of Hong Kong (SFC) issued revised guidelines aimed at reducing the information security risks associated with internet trading.  All registered and licensed persons engaged in internet trading are required to comply. The Hong Kong Monteary Authority (HKMA) simultaneously issued a circular on the same day requiring all registered institutions to implement the requirements listed in the guidelines.

Per article 1.1 of the SFC guidelines, all clients are required to be enrolled in Two-Factor Authentication. As a result, we are no longer able to provide Hong Kong accounts with the ability to opt out of the Secure Login System.

 

India-based accounts

On March 25, 2014 the National Stock Exchange of India (NSEI) issued a circular with new requirements for stock brokers that operate in India. Per regulation 3b, all brokers must implement Two-Factor Authentication for Indian clients. As a result, we are no longer able to provide India accounts with the ability to opt out of the Secure Login System.

How to reactivate or transfer the IBKR Mobile authentication?

Overview: 

This article details the steps needed to reactivate the IB Key authentication via IBKR Mobile.

This state of the application or its installation might be due, but not limited to, reinstallation of the app or the purchase of a new phone.

 

You can perform the reactivation without the involvement of IBKR Client Services in the following cases:

 

Case A) Reactivation on the same smartphone

  • You uninstalled and reinstalled the IBKR Mobile app on the same smartphone

Please click on one of the links below according to your phone operating system.

  • Android: IBKR Mobile PIN + Access to the mobile phone number originally used for the app activation
  • Apple iOS: Smartphone PIN / Fingerprint / FaceID + Access to the mobile phone number originally used for the app activation

 

Case B) Reactivation on a different smartphone

  • You are replacing your smartphone with a new one
  • You have lost your smartphone and you are now in possession of a new one
  • You activated the IBKR Mobile authentication on your primary smartphone but you now want to transfer
    the activation (either temporarily or permanently) to the secondary one.

Please click on one of the links below according to your phone operating system.

  • Android: Access to the mobile phone number originally used for the app activation
  • Apple iOS: Smartphone PIN / Fingerprint / FaceID + Access to the mobile phone number originally used for the app activation
 
Note: In the above cases (A, B) you will always be able to reactivate / transfer the IBKR Mobile Authentication (IB Key) when you possess an additional physical security device currently active for your user. With this setup, you will not need to have access to the mobile phone number originally used for the app activation, since the system will automatically prompt you to operate your physical security device instead of sending you a text message (SMS) during the reactivation / transfer procedure.
 

    In any other case, we would kindly ask you to request a temporary account access by contacting IBKR Client Services (Secure Login department) on the phone number best suitable for your location, among the ones listed on ibkr.com/support

     

References:

  • See KB2879, KB2260 for General information about IBKR Mobile Authentication (IB Key)
  • See KB2260 for instructions on how to install/activate/operate the IBKR Mobile app
  • See KB2278 for instructions on how to operate your IB Key on an Apple iPhone
  • See KB2277 for instructions on how to operate your IB Key on an Android smartphone: 
  • See KB3279 for instructions on how to log in to IBKR Mobile when IB Key is enabled on another phone

 

Mobile Phone Verification during the account application

Introduction

IB requires that clients verify their mobile phone in order to receive account and trade related communication directly via SMS.  Clients who fail to verify their phone will be subject to trade restrictions pending completion of this process. Verification is performed online and the steps for doing so are outlined below.
In case your account has been already opened but your mobile number has not been yet verified, please jump directly to KB2552 to complete the verification process.

 

Phone Verification

When completing your Interactive Brokers Account Application, you will see a blue bar at the top of the page that says "CONFIRM MOBILE NUMBER."

You can click on that bar any time during steps 1-4.   Once you do, you will see this window:

Once you have entered your full number, it will be recognized and a confirmation message is sent immediately.  Validate your phone number by entering the SMS Code received in the Confirmation Code field and click Submit.

If you are unable to do this during the application process, you can always confirm it on the Application Status page

 

Please consider the following as certain restrictions may apply:

  • SMS messages may be blocked if you participate in your Countries NDNC (National Do Not Call) registry.
  • Due to fraud prevention measures, virtual number providers may be blocked.
  • Some carriers may restrict the Hours of delivery for SMS messages.

 

Multiple 2-Factor System (M2FS)

Overview

This page covers specific points on what the Multiple 2-Factor System (M2FS) is and how it functions. For general questions on the Secure Login System, please refer to KB1131.

 

Table of contents

 

What is M2FS?

M2FS allows any client to maintain more than one active security device at the same time. You no longer need to choose between a physical security device and the IBKR Mobile app as either can be used interchangeably. If you already possess an active security device, any further device activation will result in both devices remaining simultaneously active.

 

Back to top 

Activation

 

In case you currently use the Security Code Card / Digital Security Card+: if you use a physical security device, you may download and activate the IBKR Mobile app. Please refer to the directions for Android and iOS.

In case you currently use the IBKR Mobile app: If you use the IBKR Mobile app and have an account with a balance equal or greater than USD 500K, you qualify for the Digital Security Card+ . You may log in to Client Portal and request the DSC+ by following the instructions here.

 

Back to top  

Operation

Once you have both a physical device and the IBKR Mobile app enabled, M2FS is represented by a drop-down menu upon login. You can now choose the device you wish to authenticate with, following the below steps:

1. Enter your username and password into the trading platform or Client Portal login screen and click Login. If the credentials have been accepted, a drop down will appear, allowing you to Select Second Factor Device. If you log in to the TWS, please notice that the M2FS is supported from version 966.

TWS:

Client Portal:


 

2. Once you select a security device, you will now be presented with the corresponding screen for authentication. Refer to the directions for:

- IB Key via IBKR Mobile (iOS) 
- IB Key via IBKR Mobile (Android)
- Security Code Card
- Digital Security Card+
 

3. If the second factor authentication succeeds, the Log-in will now automatically proceed.

 

Back to top

Withdrawal limits

The device used to authenticate your withdrawal will define your withdrawal limits, according to the below table:

Security Device
used for Withdrawal

Maximum Withdrawal
Per Day

Maximum Withdrawal
in Five Business Days

Security Code Card1 USD 200,000 USD 600,000
IBKR Mobile app USD 200,000 USD 600,000
Digital Security Card1 USD 1,000,000 USD 1,500,000
Digital Security Card+ Unlimited Unlimited
Gold Device1 Unlimited Unlimited
Platinum Device1 Unlimited Unlimited

1: Represents a legacy device that is no longer issued.

Example: You have both the IBKR Mobile app and the Digital Security Card+ enabled and you need to withdrawal more than USD 200K. You can use either device to login to Client Portal but you will be required to use the Digital Security Card+ to confirm your withdrawal request.

 

Back to top

Benefits

M2FS provides even more flexibility to IBKR's Secure Login System by allowing you to choose what security device you want to authenticate with. In addition to the convenience of using a device which is trusted and routinely accessible, you can eliminate delays associated with authenticating at times a trade needs to be entered quickly.

 

Back to top 

IBKR Mobile Authentication as a Two-Factor Solution

Overview: 

At IBKR, we are committed to protecting your account through the use of 2-Factor log in protection. With 2-factor protection, account access is provided through use of "Something you Know" (i.e. entry of user name and password combination) along with "Something you Have" (i.e., a tool which generates a random code to be entered after the user name and password).  This 2-Factor protection is intended to mitigate the risk of online hackers (who've acquired your password via malware or social engineering) accessing your account.

While IBKR offers multiple 2-Factor options, IBKR Mobile Authentication is generally viewed as the most convenient to access and operate. Outlined below are some of the convenience factors offered by this app.

 

1. Always Available: 
Your smartphone is always with you, as well as your tool to grant you secure access to your IBKR account.

2. Convenient:
No additional devices to carry, track and watch out for. In the event of loss or change of phone, IBKR Client Services can assist you to get the app back up and running at a moment’s notice.

3. Quick Activation:
A couple of minutes within the download of the app, you can already use it to authenticate into your account.

4. No Shipping, Delivery or Return:
No delivery delays, no return of devices with depleted batteries. A quick download suffices.

5. Secure, but quick and No-Hassle Login with our Seamless Authentication:
When logging into the Trading Platforms or the Client Portal, you only need to enter your username and password - IBKR will send you a notification and you will use the IB Key protocol to complete the authentication, via your mobile biometrics or PIN, depending on your configuration.

6. Allows for multiple users to authenticate with the same app:
If you have one security device for your personal IBKR account, one for your joint account with your spouse and one for your business account you will be happy to know that you can activate the same app for all those users (and more).

7. Available for every smartphone, everywhere:
IBKR Mobile can be downloaded from the Apple App Store if you have an iPhone. Android phone users can get the app as usual from the Google Play store. Clients in China can obtain the application on both Baidu and the 360.cn stores.

8. Works even Offline:
Should your phone be offline (e.g. when on vacation or with a bad reception), you can still use IBKR Mobile Authentication. Even though Seamless Authentication won't be accessible, the application can generate the codes you need to access your account and trade.

9. Secure delivery for your Password Reset:
With IBKR Mobile installed and the IB Key authentication activated, you can have the IBKR Client Services send you a temporary password to your phone in a secure way without exposing it through text messages and other means of communication.

10. Small footprint:

IBKR Mobile can be downloaded even on the most restrictive data plans and be installed on your smartphone without hogging resources. The application size and its operational use of resources are limited to the absolute minimum, while not compromising on its security.

 

For a general overview of IBKR Mobile Authentication including installation, activation and operation, please see KB2260.

IBKR Mobile Authentication (IB Key) recovery

Background: 

The recovery procedure explained in this article is required in case:

A) You have reinstalled the IBKR Mobile app on the same smartphone
B) Your smartphone Operating System has been updated

 

Procedure:

In order to re-enable IB Key authentication via IBKR Mobile, please click on one of the below links, according to your smartphone Operating System

 

Apple iOS

  1. Launch the IBKR Mobile app. Whenever possible, the app will ask you to recover the setup. Tap Yes
  2. According to your phone hardware capabilities, you will be prompted to provide the security element originally used to secure the app (Fingerprint, Face ID, PIN). Please follow the on-screen instructions for this step
  3. If the reactivation has been successfully completed, you will see a confirmation message. Tap Done to finalize the procedure

 Back to top

 

 

Android

  1. Launch the IBKR Mobile app. Whenever possible, the app will ask you to recover the setup. Tap Recover Setup
  2. Review the Recovery directions and tap Continue
  3. Enter your credentials and tap Initialize Recovery
  4. You will receive an text message (SMS)containing an Activation Token. Enter it in the Activation Code field. According to your phone operating system and hardware capabilities, you might be prompted to provide as well the security element you originally used to secure the app (PIN, Fingerprint). Once done, tap Submit
  5. If the reactivation has been successfully completed, you will see a confirmation message. Tap Done to finalize the procedure
     

Back to top

 
 
References
  • See KB2260 for general instructions on how to use IBKR Mobile Authentication
  • See KB3073 for instructions on how to migrate the IB Key / IBKR Mobile authentication to a new smartphone

Cache Maintenance for IB apps on Android

Background: 

This procedure has proved to work as a solution for several issues, since it produces a complete reset of the malfunctioning IBKR app.

 

For Android OS 6.0 (Marshmallow) and higher

1.  Go to your phone's Settings Menu

2.  Below the Phone section, select Applications MOVED TO... Application Manager
Select Applications  Application Manager
 

3.  Scroll down and select the corresponding IB app which needs to be reset.

 

4.  Tap on Storage

 

5.  Tap on Clear Data MOVED TO... OK
   
 

6.  Confirm Data has been cleared.

 

7.  Reboot the phone

8.  Re-Launch app

 

 

For Android OS 5.0 (Lollipop) and previous versions

  1. Go to your phone Settings Menu
  2. Below the Device section, select Apps
    Select Apps
     
  3. Scroll down and select the corresponding IB app which needs to be reset.
      
     
  4. Tap on Clear data MOVED TO... OK
    Clear App data  Delete app data -> OK
     
  5. Confirm Data has been cleared
    Confirm Data cleared
     
  6. Reboot Phone
  7. Re-Launch app


Note: If after clearing the cache, manually adjusting the permissions and restarting your Android Device, the issue persists, please contact IB Customer Service  for further troubleshooting.


Related Articles:

  • For IB Key on Android overview refer to KB2277
  • For IB Key Recovery process on Android refer to KB2748

 

Verification of Mobile Telephone Numbers

Background: 

Clients who have completed the steps of verifying their mobile telephone numbers with IB will be able to receive account related communications directly to their phones in the form of a text message (SMS). This will help to reduce the need to access the Account Management Message Center for information on items such as Funding. In addition, a verified mobile number is a prerequisite for using the IB Key Authentication via IBKR Mobile or the SMS as second factor authentication.

Verification of a mobile number may be done through one of the following methods:

  • Set up messaging for your mobile telephone number. Please see KB2552 for details
  • Activate the IB Key Authentication via IBKR Mobile on your smartphone. Please see KB2260 for details

 

How to verify your mobile phone number

Overview: 

This article explains how to verify your mobile phone number.

If the verification of your phone number was not completed during the account application, you can complete it at any time by following these steps:

  • Log in to Account Management.
  • From the side menu, click on Settings and then on User Settings. Click on the configuration gear correspondent to Mobile Number. If you are using the Classic Account Management, this section can be reached from the top menu Manage Account -> Account Information -> Details -> Profile, by clicking on the link "Modify"

  • Click on VERIFY
  • Open your phone's messages app and you will find the SMS with the Confirm Code we sent to you.
    NOTE: message delivery time may vary and in some circumstances it can take few minutes.
     
  • Enter the Confirm Code you have received into the Confirmation Number field, then click CONTINUE.
     
  • If the code has been accepted, a green check mark will appear under the column SMS Verified. Click CONTINUE to finalize the procedure.
  • If your user does not have an active SLS device, it will be automatically enrolled in SMS for Two-Factor Authentication shortly afterwards. For instructions about login authentication via SMS, please see KB3196.
     

How to opt back into the Secure Login System

Overview: 

Clients who have performed an opt-out from the Secure Login System (SLS) program expose themselves to certain risks and are therefore subject to certain restrictions (e.g. ability to trade Pink Sheet and OTCBB stocks). Considering this, along with the protection benefits afforded through a complete SLS protection, you may decide to opt back into the Secure Login System.  The following article provides the step-by-step instructions for accomplishing this.

Background: 

Please notice that in order to modify the security settings for an account, the primary user needs to login to the Client Portal. In case your user is not allowed to change the security settings, the system will show you a notice and will point you to the user which has such rights.

In order to opt back into the Secure Login System, please proceed as follows:

1. Open your browser and go to the web page ibkr.com.

2. Click on Log In > Portal Login
 
3. Enter your credentials and complete the authentication using your security device
 
4. In the left side menu, click on Settings > User Settings. Then, within the Security box, click the Configure "gear" icon next to Secure Login System1
 
5. You will see a box titled "Secure Login Settings". Within that box, click on the Configure "gear" icon. This will take you to the settings for Secure Login not required for trading.
 
6. Select the radio button next to "I want to always use my Secure Login Device when logging in" and click on Continue
 
7. You will receive a confirmation that your settings have been updated. Click on OK to finalize the procedure

 

Notes

1. If you are using the Classic version of the Client Portal, click on the top menu Manage Account, then Security >Secure Login System > SLS Opt Out. There select the radio button to Opt Back In on the line correspondent to your user.

 

References
  • See KB1131 for an overview of the Secure Login System
  • See KB1943 for instructions on requesting a replacement Digital Security Card+
  • See KB2636 for information and procedures related to Security Devices
  • See KB2481 for instructions about sharing the Security Login Device between two or more users
  • See KB975 for instructions on how to return your security device to IBKR
  • See KB2260 for instructions on activating the IB Key authentication via IBKR Mobile
  • See KB2895 for information about Multiple 2Factor System (M2FS)
  • See KB1861 for information about charges or expenses associated with the security devices
  • See KB69 for information about Temporary passcode validity

 

Syndicate content