Sharekhan Blog

Steps Sharekhan Takes for Your Cyber Safety

Sep 16, 2024

Wide-ranging measures we employ to ensure your Sharekhan account is safe

How we secure your Sharekhan Login via 2FA

On all of Sharekhan’s trading platforms, we use Two-Factor Authentication (2FA) for enhanced security. Factor One is providing you a Membership Password that allows you to view your Sharekhan account. Factor Two is providing an additional Trading Password that is required to execute transactions in your account. The setup and usage of this Trading Password is unique to each platform (app, website and TradeTiger) and is designed in such a way that it suits what the platform can deliver best:

On the Sharekhan website: On the Sharekhan website, the customer can log in with their Login ID and Membership Password. As a second factor to authenticate transactions, they can use their Trading Password or Time-based OTP (T-OTP). Click here to know how to set up a T-OTP for highly secure Login.	On the Sharekhan app: On the Sharekhan app, the customer can log in with their Login ID and Membership Password. As a second factor to authenticate transactions, they can use their Trading Password, Biometrics (fingerprint or facial recognition) or use an MPIN.
On TradeTiger – Sharekhan’s desktop trading platform: On the TradeTiger desktop trading platform, the customer can log in with their Login ID and Membership Password. As the second factor to authenticate transactions, they use their Trading Password.	Membership Password Refresh: The Sharekhan Membership Password expires every 30 days and a fresh one has to be set up via secure OTP authentication. This ensures your Passwords are rotated frequently and the probability of your account being compromised is reduced.

How we keep you updated about transactions in your account

Sharekhan keeps you constantly informed about your demat account by sending regular communications on the transactions occurring in your account. Here’s how:

End-of-day trade and cash balance SMSes	Digital Contract Notes
Periodic idle fund payouts update	Additionally, you also get SMSes about your demat account from Depositories (NSDL/CDSL) for every debit transaction

Overall system protections we incorporate for your wealth’s security

At regular intervals, Security Audits are conducted on our systems and processes by CERT-In empanelled third-party, independent auditors that result in audit reports, remediation or attestation of compliance.

Since 2011, our Information Security Management System is certified and compliant with stringent ISO requirements, an internationally recognised standard that ensures we meet the requirements for establishing, implementing, maintaining and continually improving our information security management system. The certification validates our commitment to continual improvement, development, and protection of information assets / sensitive data by implementing appropriate risk assessments, appropriate policies and controls.

Our IT processes and standards are designed to comply with applicable regulations, laws and align with industry best practices and frameworks. Our certification consultants are supported by world-renowned accreditation bodies such as United Kingdom Accreditation Service (UKAS), providing confidence that they are regularly and rigorously assessed against internationally recognised standards to demonstrate competence and impartiality.

We conduct regular internal and external penetration testing on our systems.

Regular human and automated infrastructure reviews with a view to finding weaknesses.

All of Sharekhan’s internal employees’ systems are on VPN (Virtual Private Network) and require 2FA (Two-Factor Authentication) to access.

Sharekhan employees from different departments get access to different systems based on their roles and responsibilities.

Sharekhan restricts trading in an extensive number of penny stocks and market orders in illiquid Options to safeguard our customers

Regular Cyber Fraud Awareness communications

We regularly send informative and action-based communications on the latest techniques used by cyber fraudsters and what every demat and trading account holder can do to nullify security threats.

Option to freeze/unfreeze your demat account

Have you built your long-term portfolio with Sharekhan and do not foresee any transactions in the near future? You have the option to freeze your demat account. Having your account frozen will prevent debit transactions. Both Freezing and Unfreezing your account involves the submission of duly filled Freezing/Unfreezing Forms signed by all account holders.

Dormant Account Transaction Locking

As per Regulatory guidelines, if your Sharekhan trading account has been inactive for a period of 12 months or more, it would be marked as Dormant. What this means is that account holders can log in to their account but no trading activity can be carried out.

Coming Soon – More secure 2FA feature during Login
Post Sept 30, 2022, as per a Regulatory mandate, we will add another layer of security for customers who want to log in to Sharekhan platforms. Essentially, customers who want to log in to their account on the Sharekhan website or TradeTiger have to authenticate via an OTP in addition to entering their Membership Password. Similarly, for the Sharekhan app, besides entering their Membership Password, customers will get the choice of OTP authentication along with the pre-existing Biometrics options (fingerprint and facial recognition) and MPIN to log in using 2FA (Two-Factor Authentication). The Trading Password will be phased out Sept 30, 2022, onwards.

How you can help keep your Sharekhan account more secure

Best practices to protect your Sharekhan account Login credentials

Enable Two-Factor Authentication (2FA) – As detailed above, if you use the Sharekhan website, please use T-OTP (Time-based OTP) to secure your Login. And if you use the Sharekhan app, please use Biometrics (fingerprint or facial recognition) to secure your Login.

Email service provider matters – Use an email service provider that sends immediate alerts about unusual Login events.

Keep your Login details safe – Do not share your Login ID or Passwords with anyone. Use strong passwords that are tough to guess but easy to remember. If you are noting them somewhere, store them carefully. A rule of thumb: don’t use passwords that contain info easily available on your social media (birthdays, children or pet’s names, car model and so on).

Use a Password Manager – Password management tools or password vaults are a great way to organize your passwords. They store your passwords securely and many provide a way to back up your passwords too.

Complexity counts – Passwords that include UPPER and lower case letters, numbers, and special characters are much tougher to crack. The longer a password, the better.

Rotate your passwords – Change/Reset passwords frequently. This limits the lifespan of passwords, reducing the risk from and effectiveness of password-based attacks and exploits.

Bonus Point – Make sure your mobile device has Biometric authentication enabled to unlock the screen.

Be aware and alert – don’t fall prey to any fraudsters that ask for your account credentials

It is important to note that most cybersecurity incidents occur when customers willingly share their account credentials with others for varying reasons, such as when acting on spurious and fraudulent SMSes, WhatsApp or social media messages that promise quick and easy money. We’ve communicated regularly on how to avoid falling prey to these fraud attempts.

In conclusion, we’d like to mention once again that it is crucial that you DO NOT SHARE YOUR LOGIN CREDENTIALS with anyone.

I agree to all Terms and Conditions