info

We want to let you know about upcoming scheduled maintenance. The maintenance will start at 1700 EST on July 26th and finish at 2100 EST on July 26th. During this time, there will be interruptions to our following core services: authentication, registration, funding, and trading systems.

Normal service will resume immediately after the maintenance activities are completed. Thank you for your understanding.

Our security practices

We are committed to ensuring the security and privacy of you - our customers, partners and employees. We have  in place the latest industry best practices and AI powered security technologies.

Spotted a chink in our armour? Let us know by emailing security@oanda.com

Security practices hero
How we protect our customers
2 Factor Authentication (2FA)

We strongly encourage you to enable 2FA on your accounts. 2FA is designed to protect your account and funds from unauthorised access. Find out more about 2FA.

Comprehensive security coverage

We have invested significant resources into creating a security coverage that will ensure your data is kept secure and private. We achieve this via:

An internal security team
Partnerships with multiple industry-leading security firms
Round-the-clock monitoring by a security operations centre
Alignment with stringent regulatory expectations and industry-standard certifications
Ethical disclosure programme
Report security issue

Found a security issue in one of our products or platforms? Let us know via our HackerOne page.

Safe harbour

Providing your activities are conducted in a manner consistent with the policy as outlined below, we commit to:

Consider your activity as authorised conduct
Not initiate legal action against you
Take steps to make it known that your actions were conducted in compliance with this policy, should a third party initiate legal actions against you.
Programme guidelines

We kindly request that security researchers:

Make a good faith effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data
Only interact with accounts you own, or with explicit permission of the account holder
Conduct analysis limited to the Demo (Practice) environment
Use exploits only to the extent necessary to confirm the presence of a vulnerability and once established, do not abuse the vulnerability further
Do not exfiltrate data, establish command line access and/or persistence or pivot to other systems
Use the defined communication channels (as identified on this page) to report vulnerability information to us
Keep information about any suspected or resolved security issues you’ve discovered confidential between yourself and OANDA until we provide express consent
Follow HackerOne’s disclosure guidelines
Have a security question?

Reach out to us at

security@oanda.com