Security practices hero
How we protect our customers
Two-factor Authentication (2FA)

We strongly encourage our customers to enable 2FA on their accounts. This is to protect your account and funds from unauthorized access. Find out more about 2FA.

Comprehensive cutting-edge security

We have invested significant resources into creating a comprehensive security coverage to ensure your data is kept secure and private. We achieve this via:

An internal security team

Partnerships with multiple industry-leading security firms

Round-the-clock monitoring by a security operations center

Alignment with stringent regulatory expectations and industry-standard certifications

Ethical disclosure program
Report security issue

If you believe you’ve found a security issue in one of our products or platforms, please let us know via our HackerOne page.

Safe harbor

Providing your activities are conducted in a manner consistent with the policy as outlined below, we commit to:

Consider your activity as authorized conduct

Not initiate legal action against you

Take steps to make it known that your actions were conducted in compliance with this policy, should a third party initiate legal actions against you

Program guidelines

We kindly request that security researchers:

Make a good faith effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data

Only interact with accounts you own, or with explicit permission of the account holder

Conduct analysis limited to the Demo (Practice) environment

Use exploits only to the extent necessary to confirm the presence of a vulnerability and once established, do not abuse the vulnerability further

Do not exfiltrate data, establish command line access and/or persistence or pivot to other systems

Use the defined communication channels (as identified on this page) to report vulnerability information to us

Keep information about any suspected or resolved security issues you’ve discovered confidential between yourself and OANDA until we provide express consent

Follow HackerOne’s disclosure guidelines

Have a security question?

Reach out to us at and we’ll be happy to address your concerns.