CFDs are complex instruments with a high risk of losing money rapidly due to leverage. You do not own or have any rights to the underlying assets when trading CFDs. Please refer to our Target Market Determination Policy and consider if CFDs are suitable for you.

Security made smart

When you join OANDA, we want you to focus on your goals. Not on your security.

We prioritise your safety so that you can have peace of mind. By combining the latest industry best practices with powerful, AI-driven technology, we make sure your information is guarded 24/7.

If you do spot anything unusual or have a concern, please get in touch.

OAU security practices hero baner

How we protect our customers

2 Factor Authentication (2FA)

2FA is designed to protect you against potential attacks and malware by unauthorised parties. Attacks that could result in the compromise and hijacking of your online trading accounts. Find out more about 2FA.

Cutting-edge security

When it comes to data security, we want it to be simple, smart, and private. Here’s how we achieve all three:

Partnerships: We partner with industry-leading security firms, so that you can access cutting-edge resources.

Monitoring: With round-the-clock monitoring by an operations centre, and an internal security team, we keep your data safe no matter what time it is.

Regulations: We align with strict regulations and global industry-standard certifications, so that everything stays compliant.

Ethical disclosure program

Reporting a security issue

If you believe you’ve found a security issue in one of our products or platforms, please let us know via our HackerOne page.

Our commitment to you

At OANDA, we want you to feel protected. That’s why we promise to:

Consider your activity as authorised conduct.
Not initiate legal action against you.
Take steps to make it known that your actions were conducted in compliance with this policy, should a third party initiate legal actions against you.
Program guidelines

To ensure that your research is safe, legal, and ethical, please adhere to the following values:

Make a good faith effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data.
Only interact with accounts you own, or with explicit permission of the account holder.
Limit your analysis to the Demo (Practice) environment.
Only use your research to confirm the presence of a vulnerability. Once established, please don't abuse the vulnerability further. Don’t steal data, gain unauthorised access, or pivot to other systems.
Use the communication channels (as identified on this page) to report vulnerability information to us.
Keep information about any suspected or resolved security issues confidential between yourself and OANDA until we provide express consent.

Have a security question?

Get in touch with us at security@oanda.com and we’ll be happy to answer your questions. For information about HackerOne’s disclosure guidelines click here.