Security Best Practices


There are several ways to protect against security breaches on your account. This article will outline the best practices that customers should follow, as well as some of the features on your account.

Account Security

In recent times, there has been a noticeable increase in cyberattacks targeting individuals and businesses alike. Phishing attempts, where attackers pose as trustworthy entities to trick individuals into revealing sensitive information, have become more sophisticated and prevalent. Social engineering tactics, which exploit human psychology to gain unauthorized access, are also on the rise.

To help you protect yourself, your accounts and your valuable data, the following precautions are recommended:

  1. Be Sceptical of Unsolicited Communications: Be cautious when receiving emails, messages, or phone calls from unknown or unexpected sources. Verify the authenticity of the communication before sharing any sensitive information.
  2. Keep Your Workstation Clean from Malware: Regularly update your antivirus software and perform system scans to ensure your workstation is free from malware. Avoid downloading attachments or clicking on links from unfamiliar sources.
  3. Use Strong and Unique Passwords: Ensure that your passwords are strong, unique, and not easily guessable. Consider using a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable information, such as birthdays or names.
  4. Educate Yourself on Common Tactics: Stay informed about the latest phishing and social engineering tactics. Familiarize yourself with common red flags and warning signs to recognise potential threats.
  5. Verify Requests for Sensitive Information: If you receive a request for sensitive information, especially financial or personal details, verify the legitimacy of the request by contacting the requesting party through trusted means before providing any information.
  6. Enable Two-Factor Authentication (2FA): Wherever possible, enable two-factor authentication for your accounts. This additional layer of security significantly enhances the protection of your accounts, even if your password is compromised.

Account Details

Always ensure that your account details are up to date, as this will be used to communicate changes and improvements on the platform. Your default email address is also used as the recovery email address for resetting your password - how to update your account details.

Two-Factor Authentication (2FA)

To enhance your accounts security, Two-Factor Authentication is available on your Master and Sub-Accounts.

To enable Two-Factor Authentication, navigate to "Settings" - "Profile Settings" on the left-hand side of your control panel. Once in "profile Setting" select the "Security" tab. From the "Security" tab you can enable Two-Factor Authentication and input your email address that you would like the verification code sent to. Once you have confirmed the email address by re-typing it (copy paste has been disabled) you can click "Accept".

To enable the changes selected please ensure you click "Update Settings" at the bottom of the page before you navigate away from the security tab or logout.

One thing to note about enabling 2FA on your Sub-Account is that it can only be done via the Master Account and not directly on the specific Sub-Account. When you navigate to your "Sub Account" menu on the left hand-side of your control panel and select "list", you will find all your Sub-Accounts. From your list of Sub-Accounts, you can select the 3 dots in the action column and navigate to "Settings", once in settings the process is exactly the same as the Master Account whereby you will find the "security" tab and be able to enable and update your 2FA details.

IP Whitelisting

IP whitelisting adds an extra layer of security by restricting access to only authorized IP addresses. This helps prevent unauthorized users, hackers, or malicious entities from gaining access to sensitive systems or data.

Whitelisting is available to on your API keys and Country-specific IP Whitelisting for account access and website senders.

API Keys

Your preferred API channel can now have IP Whitelisting applied from your "API Keys" setting in your control panel. For more information on adding or amending your API keys please see our guide API Keys.

Country IP Whitelisting

Country-specific IP whitelisting can assist you and your organisation by restricting access to only approved countries, this can reduce the risk of attacks from other regions.

To enable Country IP Whitelisting, navigate to "Settings" - "Profile Settings" on the left-hand side of your control panel. Once in "profile Setting" select the "Security" tab. From the "Security" tab you can enable Country IP Whitelisting and select your country or multiple countries from the drop-down menu. Once you are happy with your selection click "Update Settings".

Should you wish to add Country IP Whitelisting to your Sub-Accounts the process is identical to the 2FA steps found above.

Password Security

Always ensure that your password is unique and frequently changed for increased security. A strong password is always the first line of defence when protecting your account. We recommend choosing a password that no one can guess and that contains both upper- and lower-case letters, numbers, and at least one special character - how to change your password.

Beware of Phishing Scams

Phishing is a fraudulent attempt to obtain customer information, including login details. Fraudsters imitate a ‘trustworthy entity’ via email or SMS and ask for sensitive information such as login usernames or passwords.

IMPORTANT: Please DO NOT click on these suspicious links or share the account information requested.


How to avoid Phishing

  • Never share your account access information
  • Beware of fraudulent websites and always check the URL to ensure authenticity
  • Be alert and vigilant about phishing emails/SMS
  • Always verify the Sender Address of emails/SMS
  • If communication is not coming from a trusted source or is unexpected, do not click on any links/attachments