Please read our blog post for a comprehensive explanation of CoinLoan security.
If you want to know more about how we store crypto assets, please check this link.
1. Secure Cloud Infrastructure
We use the best cloud service provider available on the market. It is certified by the world's strict security standards and is trusted by major banks and financial institutions.
2. Modern Encryption Standards (SSL with TLS 1.3, DNSSEC, HSTS)
Traffic between a client browser and server uses the most advanced encryption algorithm, approved for use in banking and credit card processing companies' ecosystems. DNSSEC protects the domain from DNS attacks. All the browser requests are encrypted (HSTS).
3. Web Application Firewall (WAF) and DDoS Protection
The top player in the web application security market analyzes server requests. Hacking attempts, bots, and DDoS attacks are filtered out meticulously to prevent a service breakdown. None of our servers have direct access to the internet.
4. Regular Vulnerability Scans
CoinLoan infrastructure is monitored daily with the number-one vulnerability scanner to discover weaknesses of any given sub-system. We regularly update the list of our scanner's tests.
5. Secure Software Development Life Cycle (SSDLC)
According to this methodology, all changes in a code and features implemented are inspected by developers, tested by QA specialists, and analyzed by security experts.
We have a partnering program for white hat hackers and welcome ethical specialists to collaborate with us to analyze vulnerabilities and enhance the security of the entire infrastructure. We react immediately to any findings. If bugs or vulnerabilities are discovered, we issue an update ASAP. Up until today, we never faced issues that could have shaken our reputation.
7. PCI DSS Certification
Currently, we are passing a security certification designed for banks and other financial institutions that process card payments. This procedure includes multiple independent security audits and penetration tests.
8. Account Takeover Protection
Our system blocks any attempts to steal passwords and one-time two-factor authentication (2FA) codes. We always notify the user via an email of the login ongoing login process with details like the browser type and geolocation.
Our email system can detect attempted intrusions fast. Each session is linked to the browser and IP address, protecting an account from cookie theft and session hijacking.
9. Infrastructure Monitoring
Monitoring of CoinLoan infrastructure is on 24/7 in order to spot rapid abnormal activity and system errors.
10. Two-Factor Authentication
We use TOTP technology for 2FA to confirm each login attempt, funds withdrawal, password reset, and other crucial account actions. You can read more on how 2FA works on CoinLoan here.