Security Features of KeepChange.io
Our top priority at KeepChange.io is security. We have many vital features that help secure our customers and our platform.
Hashed Passwords: Customer passwords are hashed and stored in our database. This prevents disclosure of customers’ passwords.
2-Step Verification: Customers can activate a second factor for authentication. So, even if an attacker finds a customer’s password, he won’t be able to use it. Currently customers can use Google Authenticator app to generate these second factor passwords.
Email Guard: This option will need customers to click on a link that is sent to their email address. This adds another level of security to customers account. Every time they try to login on a new device, they will be required to click on a link. In effect they must have access to their email inbox.
Cold Storage: We use cold storage. At least 98% of customers’ funds are stored offline. It is a 3 of 6 multi signature wallet. It brings a lot of miner fees and internal cooperation to us, but for security, it worths its burden.
Hot Wallet: At most, 2% of customers’ funds are stored in our hot wallet. This is required for customers to be able to send their money to other wallets.
3 Block Confirmations: We need three confirmations for processing deposits. This is a good balance between security and usability.
Check Customer Balance: We check customer balance on every single transaction. This prevents any invalid account state.
Prevent Concurrency Issues: We use strict serializability in our internal database transactions. This prevent any form of concurrency issues that could create an invalid state.
Hard Disk Encryption: All customer data stored on our hard disks are encrypted.
Network Encryption: We have a distributed infrastructure. To secure communication between different parts, we use end-to-end encryption. This prevents eavesdropping on network layer.
Insurance Fund: We put 10% of our revenue aside, as a kind of insurance. So in the unlikely event that our hot wallet gets rubbed, we would compensate it by this insurance fund.
We are constantly monitoring security vulnerabilities. We are updating our platform, infrastructure, and our practices. We will inform you of any future security improvements.
