iGolder Security Features
We want to let you know your iGolder account is safe and secure from
unauthorized access. Our philosophy is that security should be adaptive. If your
account is brand new and empty, then there is no need to bother you with an
animated turning code (Captcha), a private security question, a secret PIN, a Master Key,
and a Memorable Phrase to view your balance which is zero.
As your account receives more gold, then iGolder will suggest you the option to enable
new security features, such as picking your avatar, your favorite quote and your secret
security question. Later, you may pick a login PIN if you feel it is necessary.
The following security features were developed by iGolder to protect your account from unauthorized access:
Security Avatar and Favorite Quote
iGolder relies heavily on email messages to communicate with you. To make it easy for you to recognize legitimate emails from
iGolder, every email header includes your
avatar, your favorite
quote and your name. You will never receive an email
from iGolder with the greeting message like "Dear Valued iGolder Member";
your name will always appear in the greeting message. Typically, con artists and spammers have databases of
emails; however, they do not know your name, nor have access to your iGolder avatar and
favorite quote. As a result, it is very difficult for them
to forge an email message from iGolder. Forging an email message is
the first step for stealing your password and accessing your iGolder
account.
If you ever receive an email "from" iGolder and your avatar or
personal quote is missing, just ignore it. Do not click on
any link, regardless of the content of the message and urgency to
act. Please remain vigilant; email spoofing and
phishing attacks are the
fastest growing form of consumer theft. When in
doubt, launch your web browser, manually type www.iGolder.com on your
address bar, and login to your account. In your account you
will see your history of emails and with notification messages and
hyperlinks to act (if necessary).
Your avatar and favorite quote are also displayed in the header of
your iGolder account (see screenshot below). When you login to iGolder, you should
view both of them at the top of every web page. If you do not see
them, it means you are on a fake website and a hacker is
attempting to gain access to your iGolder password. If such
a scenario happens, double-check the address on your web browser
to make sure you typed
www.iGolder.com properly, and contact iGolder immediately.
It is important you contact us immediately because your account
password has been compromised. Beware that spammers may register domains such as iG0lder.com
or iGo1der.com to steal your iGolder password.
PGP Email Encryption
iGolder offers built-in
PGP encryption,
thus protecting your privacy from a third party
listening to your email communications.
To receive encrypted emails from iGolder, simply
enter your Public PGP Key.
The PGP encryption protects the
content of your email messages, so all transaction details
(trade partner, quantity of gold, comment) remain private to
you. PGP also protects you avatar and
favorite quote from being read by a third-party
monitoring your network activity.
First Transaction Protection Delay
The First Transaction Protection Delay shields your account
from unauthorized transactions. For instance, if a hacker managed to
steal your iGolder password and attempts to empty your iGolder account, the
hacker will have to wait a minimum of 24 hours for the transfer to clear,
giving you time to inform us about the unauthorized transaction and
recover your gold. The wait period depends on the transaction amount
as displayed in the table below:
| Transaction Amount |
Protection Delay |
| Less than 100 grams |
24 hours |
| Between 100 grams and 1,000 grams |
48 hours |
| More than 1,000 grams |
72 hours |
The First Transaction Protection Delay only applies to the
first transaction involving two different iGolder
members. After 30 days, all future transactions with the same two
individuals will be instant.
*
* iGolder considers as a first transaction any
transaction of amount larger than the total of previously received amounts,
excluding all transactions during the past 30 days. In other words, if
you received a payment one month ago, and you are receiving another payment
of the same amount, then the payment will clear instantly, assuming you are a Verified
Member. On the other hand, if the payment you are receiving is larger than what you previously
received from that member, then you will have to wait the delay
according to transaction amount difference. Likewise, if you received
a monthly payment for a full year, and you are receiving a bonus 10 times
larger than your monthly payment, then the transfer will clear instantly
because your total gold previously received is larger than the payment
amount you are about to receive. Conversely, if you received a
payment two weeks ago, you will have to wait the protection delay when
receiving a new payment. iGolder requires a minimum of 30 days for the
first payment to settle to consider the two members as trading partners.
This security protection prevents someone from making a tiny payment to
establish a "first transaction" and later make a large payment which would
clear instantly, or make two consecutive payments (within less than 30
days), where the second payment would clear instantly.
Minimum Safetransit Time
The First Transaction Protection Delay is
implemented as a Minimum Safetransit Time.
When making your first payment to a member, iGolder automatically adjusts the Safetransit™ time
according to the transaction amount.
Notice that the protection delay has drawbacks: you have to wait the same delay
when you receive gold for the first time from someone else. Depending on reputation, we may
waive this delay so that you may receive gold instantly regardless of the
transaction amount. Waiving the transaction delay still protects you
against an unauthorized transfer, because when you send gold, the
receiver has to wait the protection delay, giving you time to report any
unauthorized transaction.
Email Notification For All Payments
Every time you make a gold payment, iGolder sends
you an email notification message. This
feature, combined with the First Transaction Protection Delay,
gives you a good protection against theft, because
it gives you time to stop an unauthorized gold
payment. Also, the thief, knowing you receive
an email notification about the gold transfer, and
the transfer may be stopped during the First Transaction Protection Delay
is less likely to try hacking your account.
Email Notification For
All Logins
By default, iGolder sends you an email notification for every successful
login and every failed login.
The successful login notification is useful to
discover someone has successfully accessed your
iGolder account. If a crook managed to steal your
iGolder password, he may be able to steal your
identity, enable automation,
and/or also initiate a gold transfer. The sooner
you discover the issue, the sooner you may act by
changing your password and keep an eye on your
account. By having this option enabled, you have
the peace of mind nothing happens to your iGolder
account behind your back.
The successful login notification is useful to
notice someone is trying to guess your password to
access your iGolder account. If you see repeated
failed logins attempts, then perhaps you should
consider disabling login permission to that email
address, and use another [secret] email address to
access your iGolder account.
You have the option to turn off those email notifications in your Account Settings.
Alternative Login
You may use a secret email address or alias to login to your account. With iGolder, you
have the option to grant permission for each email in your account, such as
receiving gold, login, notification and confirmation messages. Anyone
trying to login using your public email or username will automatically
trigger a security alert and send you an email notification message to your
other email(s).
Learn more about emails and
aliases.
History of Logins
iGolder gives you the full history of all the logins to your account,
including attempted failed logins. At a glance, you can have an idea
if your account has been under attack and take action such as using a
different login username or email.
View my Login History.
Expiring Links in Email Messages
Every action link from an email message has an expiration date. This
security feature is a powerful protection against
someone trying access your iGolder account by
reading your old email messages.
For instance, when you initiate a request to reset your
password, you receive an email message with a
link to confirm your action. You have a few
hours to open this email and act (click on the
link). If you wait past the link expiration date, the link
becomes invalid and you have to start over.
Therefore, anyone reading your old email will be
unable to reset your password because the password
reset link has expired. The same applies for
other actions such confirming a new email address to your iGolder account.
Delayed Password Resets
In our Security Tips, we stress the importance
of keeping your email messages secure. Almost all online payments have
a built-in feature to reset a forgotten password. A hacker simply has
to initiate a password reset and
wait for the email message containing the link to reset your account
password. The hacker does not need to know your email password nor
your iGolder password to empty your account. A simple password reset
does the trick to login and access your iGolder account. At iGolder, we have
a mechanism to protect your account from unauthorized password resets.
Reporting a Password Reset:
When you initiate a password reset, iGolder sends a notification message to
all email addresses you have entered in your iGolder account.
For instance, if you have one email at home and one email at work, you will
receive two notifications regarding a password reset on your account. If
you login to your iGolder account, then the password reset procedure is
automatically aborted, and iGolder displays you the message
Password Reset Aborted.
After all, accessing your iGolder account is the ultimate
proof you know your password, and therefore the password reset procedure is
no longer necessary.
Double Email Confirmation:
To protect your iGolder account, the password reset procedure is not
instant, therefore giving you time to notice an unauthorized password reset
- and abort it. The delay between the two email confirmations depends
on the amount of gold in your account, and the elapsed time since your last
login. For instance, you may instantly reset your password if your account
is brand new and empty. On the other hand, if you have been a long time
iGolder member using the same password for months, and your last login was
yesterday, then the supposed "I forgot my password" will require a double
email confirmation with a delay of up to 3 days. Hopefully this delay will
give you enough time to notice your account is being hijacked and contact
iGolder about the issue.
To find out more about the procedures to reset your password, visit
resetting my password.
Password Encryption
Another security feature is that all passwords are encrypted using
SHA-512
with
salt - the strongest encryption available for storing
passwords. This way, you can use your favorite password and never
worry about anyone knowing it, including the operators at iGolder. Even in the case the
iGolder database is stolen, it is
impossible to decrypt any password. As a result, the hacker will be
unable to use the stolen data to login to iGolder and steal gold by making
unauthorized transfers. By the way, iGolder
cannot re-send your password because it is also impossible for us
to know your original password. All iGolder can do is sending
you an email with a link to reset your password. When you
click on the link, you enter your new password which is
immediately encrypted in the database. Your new password
becomes active only after the password reset delay as described
above.
iGolder Bot
The website iGolder has a software bot working 24/7 protecting your account.
The bot analyses all kinds of activities on the iGolder website, including
failed logins, requests to reset a forgotten password,
IP addresses,
transfer amount, transfer frequency and account reputation.
If the bot detects suspicious activity such as repeated failed logins
or a large transfer from your account, it may send you an email to confirm
with you that everything is OK. Likewise, a login from a new IP
address making a large transfer to a brand new account raises suspicion. In rare cases, the bot may lockout an IP
address or freeze an account to protect against further attacks.
The bot is capable of dialing phone numbers and calling any iGolder operator to
immediately notify about the suspicious activity. The iGolder
operators will do their best to promptly investigate the problem and act according
to the severity of the problem.
Report Theft
Our preferred exchangers have access to a special alarm trigger to report
theft, such as an individual purchasing gold with a fraudulent check or a
stolen credit card. Only our most trusted exchangers may access to this
special trigger, enabling them to freeze an account until investigation.
The exchange provider can only freeze an account he transferred gold, so the
trigger is limited in scope. The exchanger must also give a detailed
description about the payment so iGolder can investigate by asking the buyer to prove the payment cleared and/or the credit card
transaction went through. If the exchanger was indeed victim of
theft, then iGolder will return the gold to the exchanger and
permanently ban the fraudulent member. If the exchanger abuses of
this feature, such as triggering a false alarm, then he will lose our
protection and will earn several demerit
points. Just to make it clear, this option is only for our trusted
members exchanging
fiat money to digital gold. Regular members
buying and/or selling goods and services do not have access to this
alarm trigger - they are protected with the
Safetransit™
tool.
Although this feature does not offer a direct benefit to regular members, it
creates a favorable environment for more payment options and lower exchange fees.
Without protection to our exchangers, some payments options such as credit
cards would be unavailable because of unacceptable fraud risk. If
iGolder can help minimize losses, then the fees are considerably lower. Ultimately,
we, the consumer, pay for theft by paying higher fees to offset the losses.
Sound KYC Policy
Our Know Your Customers policy is giving us a fighting
chance to identify fraudsters, thus protecting our members from engaging
business with criminals. Crooks are tenacious. They spend their days
trying to find more effective means to steal from others. If a scam
does not work, they will try another one. As a rule of thumb, if
someone has a history of being dishonest, it is very likely he will be
dishonest with you, sooner or later. We do not want those swindlers as
our members, and will do our best to kick them out and make sure they do not
come back. We believe in freedom of trade, and if someone wants to do
something stupid such as subscribing to a get-rich-quick scheme, he is free
to do so, without using iGolder. As the founders and owners of the
website iGolder.com, we also have the freedom not to trade
with individuals we believe will stain our reputation or hurt our business.
We spent a lot of energy to create iGolder and have no desire to have
scammers destroy what we built. If a scammer is not happy with our
YKC policy, he is free to start his own website and set his own rules.
Transaction Limit for Non-Verified Members
A
non-verified member is limited to send a maximum of
100 gr of
gold per month. iGolder displays the following message to any non-verified member attempting to spend over the limit:
This security feature is a powerful deterrent against a
phishing attack,
where a thief creates a new account with the intent of stealing gold from others. With this limit, the
thief is limited to withdraw a maximum of
100 gr of gold per month, which gives us plenty of time to act if notified by
any victim.
Transaction Delay for Non-Verified Members
Wait, there is also a transaction delay for when sending told to a non-verified member.
The transaction delay is called Minimum Safetransit Time. The
Minimum Safetransit Time is always 48 hours for
Anonymous Members, and always 24
hours for Identified Members. This
delay is somewhat similar as the
First Transaction Protection Delay,
however it is always enabled for non-verified members receiving gold,
regardless on the number of payments previously made.
Therefore, even if our thief identifies himself with a photo ID and provide
a proof of address, he still has to wait a minimum of 48 hours for the gold to
clear. Such delay should give you enough time to stop the payment and
report to iGolder the unauthorized transaction. In the case the thief is a
Verified
Member, he still has to wait from
24 to 72 hours (depending
on the amount), unless he previously
received more gold from you than the amount he wishes to transfer for
himself. *
Minimum Safetransit Time
The Minimum Safetransit™ Time is a delay required by iGolder when
making a gold payment to an Anonymous Member or an Identified Member,
or making your first transaction to a Verified Member.
The table below displays the Minimum Safetransit Time according to the account type.
| Account Type |
Minimum Safetransit Time |
| Anonymous Member |
Always 48 hours |
| Identified Member |
Always 24 hours |
| Verified Member |
None. Notice there is still the First Transaction
Protection Delay ranging from 24 to 72 hours depending on the amount transferred on the first
transaction between two users.
|
The following table displays the Minimum Safetransit Time according to the transaction amount as described in the
First Transaction Protection Delay.
| Transaction Amount |
First Transaction Protection Delay |
| Less than 100 grams |
24 hours |
| Between 100 grams and 1,000 grams |
48 hours |
| More than 1,000 grams |
72 hours |
The security importance of having a Minimum Safetransit Time
In our opinion, the Minimum Safetransit Time
is the most effective security feature of iGolder.
When theft is committed, the thief must transfer the
stolen gold quickly before being discovered,
leaving the losses to someone else, typically an
innocent exchanger. Having a delay between
gold transfers gives us time to act and stop any
fraudulent transfers. Such delays between transfers is also a powerful
deterrent to a fraudster considering stealing gold at iGolder, therefore
reducing the risk of
phishing attacks and theft.
With our Minimum Safetransit Time, you get
the best of both worlds: you benefit of our unmatched security and the
opportunity to have instant payments. Your
payments are instants once you have established a trade
relationship with a Verified Member.
Anonymous Members Limited to Send 100 Grams Per Year
Another important security feature is Anonymous Members are limited to spend a maximum of
100 gr of gold per year.
This transaction limit reduces fraud, because the fraudster cannot withdraw
(out-exchange) large quantities of gold. Only our verified members
have no send limit, however a fraudster is unlikely to become a verified
member to empty a stolen account (thieves do not like to identify themselves
before and/or after committing theft).
Zero Tolerance Towards Fraud
A business is an entity serving its customers. The question is: what type of
customers do we want to serve? We believe there is a market for online
honesty by serving highly reputable customers. Our goal is providing
tools to make online transactions safe and attract businesses who never
considered online trade before. To achieve this, it is important
iGolder lays down a strong policy against fraud, otherwise we will attract
fraudsters in drove.
People committing fraud are willing to take risks, and a new business does not scare them - rather, it is an
opportunity to scam others. After all, trading with a new business is always
riskier than trading with a long established business, so it is possible the
early adopters of a new business are fraudsters willing to jump into a new
venture. If the new business turns a blind eye on
fraud, then there is a point where it is almost impossible to revert the
situation. When the majority of its customers are crooks, the business
has no choice to keep serving them as customers, otherwise facing
bankruptcy. When fraud is rampant, the business must spend a great
deal of its resources to handle complaints, disputes and even court cases.
Ironically, the business needs all its income from customers just to remain
afloat, and the only customers who are willing to tolerate the high fees are
those who are dishonest. The honest customers have already left,
making the business more and more dependent on its remaining customers - the
fraudsters. As a result, the business lives in symbiosis with the
fraudsters, as they are both sharing the proceeds of crime, and it often becomes a
partner in crime for survival. Just think for a moment having a business where 95%
of your customers are involved in Ponzi schemes, high-yield investment
programs, get-rich-quick scams and gambling. What could you do?
The moment you ban such activities, you lose 95% of your
customers and probably forced to declare bankruptcy. Would your
business survive with only the remaining 5% of your customers?
On the other hand, if a business has great customers, then there is an
economic benefit to getting rid of the few bad customers and retaining the
patronage of its existing good clientele. By the way, getting rid of a
few undesirable customers in order to keep the patronage of a good clientele
is not an endorsement of the "Greater Good" theory nor an
acknowledgement towards Utilitarianism. iGolder expels bad customers
because we choose to exercise our right of freedom of association and
private property - to maximize our profits. People have the freedom to
not associate and
walk away from each other. iGolder is a private club with its own
rules - the Account Agreement. If a member
does not follow the club rules, such as defrauding other members, we have
the right and the duty to expel him. On the other hand, we want to
have as many members as possible, so it is in our best interest to make our
club rules as accommodating as possible.
Conditional Payments (Safetransit™)
iGolder has a built-in mechanism for conditional payments called
Safetransit™. The buyer can hold the transfer
until obligations have been fulfilled by the seller, such as the
delivery of a product or service. The performance conditions
can be uploaded to iGolder, so in case of a dispute, the arbitration
specialist will have a
document describing the obligations of each party, and render an award such
as a refund to the buyer. Any disputes regarding the goods or
services are professionally resolved before the payment is released, thus
eliminating the possibility of non-shipment or misrepresentation of
merchandise. Safetransit also protects the seller, because the
delivery of the goods or services guarantees the release of a
non-reversible payment.
Dispute Resolutions
A dispute is a situation where the performance of a member has not been
fulfilled according to the exchange agreement. iGolder offers the
option for the buyer and seller to mutually choose a mediator or an
arbitrator to resolve
their dispute, allowing them to pick a professional expert in the field.
If one party fails to respond to a dispute claim within a reasonable delay,
then the complaint will affect the member's reputation. To make
online transactions safer for the buyer, the seller may voluntary set aside
an amount of gold as a Dispute
Reserve. A Dispute Reserve lowers the transfer fees and increase
the trustworthiness of the seller.
Member Feedback Reputation
Member feedback reputation is not a security measure; however it gives a good
assessment regarding the seller's trustworthiness, and therefore increases
the overall safety when transacting with him. A great reputation takes a
lifetime to build and seconds to lose. This is why there is an economic
benefit for a merchant to be honest, because each new customer brings little
additional
profit compared to larger losses associated with having a bad reputation
and losing many customers.
iGolder compiles a reputation score for each club member. This reputation
score is known as Karma which is
always visible to the public profile. After completing a transaction, both the
buyer and seller are given the
opportunity to rate the other party based on applicable attributes, such as
customer service, product quality, price accuracy, and shipping time.
iGolder rewards good behavior by reducing transaction fees according
to the number of transactions made.
Honesty is a moral virtue, however for some, integrity carries little weight
in the business equation. To overcome dishonesty, iGolder increases the
transaction fees proportionally
to the number of Demerit Points, thus bringing in a
measurable economic loss associated with dishonesty. Not only a bad
reputation makes it difficult to attract new customers, each transaction
becomes more expensive. Each Demerit Point affects all transfer fees for a period of 6 months,
and each transaction displays those penalty fees, making the extra cost
visible to the rogue merchant. All penalty fees, measured in weight of gold, are also
displayed in monthly reports, summarized by day and by complaint. At
iGolder, it pays to be honest and a good reputation is literally worth its
weight in gold.