About Us: Security

Password protection is everywhere, with the average person having 23 online accounts requiring a password.

With so many to remember it’s not surprising that many people use the same password for multiple accounts and rely on memorable words, dates or phrases.

However, using a pets name or your birthday just isn’t secure enough.

If you want to create a super secure password follow the tips below:

Use 12 characters minimum

While there are no set parameters around password length, 12-14 characters is considered the optimum.

Use numbers, symbols, capital letters and lower case letters to build your password
A mixture of different character types makes your password harder to crack, so vary it up and use a combination of all the factors mentioned above.

Don’t use personal information

Passwords based on personal information are far easier to crack than passwords based on random collections of words or characters.

However, even if you avoid using your birthdate or pets names in your passwords it’s still essential to restrict who has access to your private information online.

To safeguard your information you should check the privacy settings on your social media profiles, review the privacy policies of websites you use and refrain from taking part in online quizzes or games which ask for access to your social media accounts.

Make passwords complex

The more complex your password the less likely it is to be cracked. Use words and phrases with no direct connection to you and replace letters with special characters and numbers where possible.

As an example, bLu8sWan37?? meets the requirements above and would take a computer 63,000 years to crack. Adding a third word, making the password [email protected], would push the time taken to crack it to 380 quadrillion years.

Use a password checker

Review the strength of your password by running it through a secure online checker.

Don’t reuse passwords

An unfortunate side effect of making your passwords super secure is that they’re often harder to remember but don’t use this as an excuse to use one password for multiple accounts.

If a fraudster manages to crack your password for one account and you use it across multiple platforms they could potentially access them all.

Use a variety of passwords for maximum security.

Never share your password

Try to commit your passwords to memory and never write them down or share them with anyone.

You should also aim to change your passwords fairly regularly.

If you have any concerns that your password may have been compromised change it immediately.

At TorFX we will never ask for your password, and you should never share it with us.

Follow these top tips to maintain computer, mobile and tablet security.

Anti-virus software

Always have active anti-virus software on your devices and update your software and applications on a regular basis.

Password protection

Always protect your home Wi-Fi with a secure password (see our section on password security for more information).

Forget me

When using a computer, tablet or mobile which isn’t yours, never tick the ‘Remember me’ option. Always log out of a device when you’ve finished using it.

Public networks

Only connect to public networks you trust, and don’t use them where possible. Using mobile data is generally more secure than connecting with public Wi-Fi.

Always check your surroundings before logging into secure sites in a public place.

Click bait

Links or pop-ups commonly interrupt your experience when browsing the web – so you need to be careful not to click on them.

Suspicious links or pop-ups typically use prizes, urgency or threats to encourage you to click (with messages like ‘Click here to win £1000’ or ‘Your account is under attack’.

Use unexpected security questions

Many sites ask you to set security questions/secret answers, and the questions are often things like ‘Mother’s maiden name’.

Be aware that any information you’ve shared on social media or other web resources could be accessed by fraudsters, so avoid any security questions which can be answered with information in the public domain.

Where at all possible pick questions that only you know the answers to.

Enter web addresses manually

When visiting a website type the address directly into the search bar to make sure you’re going to the right place.

If clicking on a link to a website following a web search, be on the lookout for these signs of authenticity.

• Invalid security certificates popping up in your browser may be a sign that you’re visiting an untrustworthy site.
• Check the URL carefully. Fraudsters can create ‘fake’ websites using slightly different spellings, characters and punctuation.
• The address bar or links you hover over should contain ‘https://’ – a sign of page security.
• A locked padlock symbol in the address bar indicates that the data shared between you and the site you’re using is encrypted and secure. This isn’t a guarantee of the site’s authenticity though, so check all the factors mentioned above.

Transfer security

When making an international payment you should always be confident that the recipient of your funds is legitimate.

Be sure to verify your recipient’s details and their reason for transfer. If you aren’t 100% comfortable with the payment don’t be rushed into making it.

When you receive an email it’s important to verify that it’s from a legitimate source.

We send several different types of emails to make sure you have access to all the information you need to plan your currency transfers for the right time, and there are points you can check to ensure the email you’ve received is from our team.

Give any email you receive from us a proper scan before clicking any of the links within it.

If there’s anything unusual about the communication or anything you would like to check, contact your Account Manager directly or email [email protected]

What should you look out for?

• Branding/design – All our emails contain certain characteristics, like our logo and brand colours.
• Receiving two emails in quick succession which provide alternative instructions – Always get in touch with us if that happens
• Unusual requests – If you receive an unusual or unexpected communication always get in touch to confirm it’s legitimate.
• Spelling and grammar – The occasional typo does happen, but an email from us should never be riddled with spelling or grammatical errors.
• Tone – We aren’t pushy or threatening in our emails, and we’ll never try to scare you into acting quickly.
• Email signature and address – Our sender’s email addresses end in ‘@torfx.com’
• Links take you to unexpected places – Our email links typically take you to our website, our online service or our app listings. If you aren’t sure where a link is going to take you and you’re using your computer, hover over it with your mouse and check the URL. If you aren’t confident in the link within the email type in the URL manually or go directly to the online service/app.
• Attachments – Strange instructions to open attachments or download software could be a fraudster trying to sneak malware onto your device.
• Unexpected prizes – If you receive a communication that claims you’ve won a completely unexpected prize don’t click any links in the email or reply to it directly. Contact your Account Manager or email [email protected] and we’ll let you know if it’s a genuine prize.
• Check it before you click it – Don’t click on email links or attachments unless you’re completely confident that the email is from a trusted source.

Receiving unsolicited phone calls and texts is something we’ve all had experience of, but some scam calls can sound very convincing.

These simple steps can help protect you from fraudulent calls and texts.

Before answering a call

Fraudsters can make themselves appear genuine using legitimate caller IDs.

Enter the number into a search engine to check whether it belongs to a real company/a company you’re comfortable talking to.

If you think a call is from us but you aren’t sure, check the numbers listed on the contact section of our website. You can also add your Account Manager’s number to your address book so you always know it’s them calling.

After you’ve picked up

When on a call never ever give out passwords or key security information, no matter who the person on the other end of the phone claims to be.

Text messages

We will send you occasional texts under very specific circumstances, for example if you’ve set a rate alert or have requested a One Time Pin.

If you receive a text message asking you to reply with a password, to call an unfamiliar number, or to click on a link, ignore it and contact your Account Manager by phone or email.

Tactics to prepare for

With any unsolicited calls or emails look out for these particular traits and tactics:

• Creating panic – Warnings about suspicious behaviour or the implication that ‘an unknown device has accessed your account’.
• Urgency – Never respond to pressure to make you do something quickly.
• Language and attitude – The person you’re speaking to may appear helpful, friendly or professional, but this could be their attempt to make you feel that they’re credible and trustworthy.
• Following up a text with a phone call – Fraudsters use this tactic to add credibility.

Our online service and app have a number of inbuilt features to protect your transactions.

Online Service and App

• PIN entry – We’ll ask you to enter your PIN at crucial points in the transfer process (like adding a recipient or making a transfer).
• Transactional emails – We’ll send you an email confirming any transactions you make, so you’ll have a record of the latest activity on your account.
• Your activity – You can view your recent and historic activity within the app and our online service.
• You can also check all the devices that have accessed your account.

App Only

• Biometric authentication – Depending on the handset you own, you can secure your app with touch or face ID.

Before making a currency transfer you should be confident in the company you’re using. We were established in 2004 and are authorised by the FCA as an Electronic Money Institution (Firm Reference Number 900706).

If you’re making a transfer to a person you don’t know that well, always run through questions like the following:

• Do I really know this person? If I don’t, is there any way I can prove that they are who they say they are?
• Why would I need to send money to claim an inheritance or win a prize draw?
• Why does my relative/friend/associate suddenly need money? Is their request for funds genuine?
• Am I 100% sure I should be sending money to someone I met online?
• Why am I paying for a tax I’ve never heard of before?
• Why do I need to transfer money to claim from an investment?

Other things to consider…

• If you get a request to change bank details for an existing recipient always check with the supplier verbally before making the change or sending your funds.
• When making payments for bonds or investments it’s important to undertake due diligence on the regulated status of the investment.
• Follow advice from Action Fraud.

When making a transfer always take into account the three steps promoted by Take Five to Stop Fraud.

1. STOP
   Take a moment, stop and think before parting with personal information or your funds.
2. CHALLENGE
   Only criminals will try to panic or rush you. Remember that it’s fine to reject, refuse or ignore requests for funds if you’re not comfortable with them.
3. PROTECT
   If you think you’ve fallen for a scam, contact your bank immediately and report it to Action Fraud.

If you have any doubts about the recipient of your funds or the reason you’re making your transfer, don’t make the transaction.