iGolder Security Features

We want to let you know your iGolder account is safe and secure from unauthorized access.  Our philosophy is that security should be adaptive.  If your account is brand new and empty, then there is no need to bother you with an animated turning code (Captcha), a private security question, a secret PIN, a Master Key, and a Memorable Phrase to view your balance which is zero.  As your account receives more gold, then iGolder will suggest you the option to enable new security features, such as picking your avatar, your favorite quote and your secret security question.  Later, you may pick a login PIN if you feel it is necessary.

 

The following security features were developed by iGolder to protect your account from unauthorized access:

 

Security Avatar and Favorite Quote

iGolder relies heavily on email messages to communicate with you.  To make it easy for you to recognize legitimate emails from iGolder, every email header includes your avatar, your favorite quote and your name.  You will never receive an email from iGolder with the greeting message like "Dear Valued iGolder Member"; your name will always appear in the greeting message.  Typically, con artists and spammers have databases of emails; however, they do not know your name, nor have access to your iGolder avatar and favorite quote.  As a result, it is very difficult for them to forge an email message from iGolder.  Forging an email message is the first step for stealing your password and accessing your iGolder account.

 

If you ever receive an email "from" iGolder and your avatar or personal quote is missing, just ignore it.  Do not click on any link, regardless of the content of the message and urgency to act.  Please remain vigilant; email spoofing and phishing attacks are the fastest growing form of consumer theft.  When in doubt, launch your web browser, manually type www.iGolder.com on your address bar, and login to your account.  In your account you will see your history of emails and with notification messages and hyperlinks to act (if necessary).

 

Your avatar and favorite quote are also displayed in the header of your iGolder account (see screenshot below).  When you login to iGolder, you should view both of them at the top of every web page.  If you do not see them, it means you are on a fake website and a hacker is attempting to gain access to your iGolder password.  If such a scenario happens, double-check the address on your web browser to make sure you typed www.iGolder.com properly, and contact iGolder immediately.  It is important you contact us immediately because your account password has been compromised.  Beware that spammers may register domains such as iG0lder.com or iGo1der.com to steal your iGolder password.

 

iGolder Security: Avatar and Favorite Quote

 

iGolder Security: Email with Avatar and Favorite Quote 

 

PGP Email Encryption

iGolder offers built-in PGP encryption, thus protecting your privacy from a third party listening to your email communications.  To receive encrypted emails from iGolder, simply enter your Public PGP Key.

 

The PGP encryption protects the content of your email messages, so all transaction details (trade partner, quantity of gold, comment) remain private to you.  PGP also  protects you avatar and favorite quote from being read by a third-party monitoring your network activity.

 

PGP Email Encryption

 

First Transaction Protection Delay

The First Transaction Protection Delay shields your account from unauthorized transactions.  For instance, if a hacker managed to steal your iGolder password and attempts to empty your iGolder account, the hacker will have to wait a minimum of 24 hours for the transfer to clear, giving you time to inform us about the unauthorized transaction and recover your gold.  The wait period depends on the transaction amount as displayed in the table below:

 

Transaction Amount Protection Delay
Less than 100 grams 24 hours
Between 100 grams and 1,000 grams 48 hours
More than 1,000 grams 72 hours

 

The First Transaction Protection Delay only applies to the first transaction involving two different iGolder members.  After 30 days, all future transactions with the same two individuals will be instant. *

 

* iGolder considers as a first transaction any transaction of amount larger than the total of previously received amounts, excluding all transactions during the past 30 days.  In other words, if you received a payment one month ago, and you are receiving another payment of the same amount, then the payment will clear instantly, assuming you are a Verified Member.  On the other hand, if the payment you are receiving is larger than what you previously received from that member, then you will have to wait the delay according to transaction amount difference.  Likewise, if you received a monthly payment for a full year, and you are receiving a bonus 10 times larger than your monthly payment, then the transfer will clear instantly because your total gold previously received is larger than the payment amount you are about to receive. Conversely, if you received a payment two weeks ago, you will have to wait the protection delay when receiving a new payment.  iGolder requires a minimum of 30 days for the first payment to settle to consider the two members as trading partners.

This security protection prevents someone from making a tiny payment to establish a "first transaction" and later make a large payment which would clear instantly, or make two consecutive payments (within less than 30 days), where the second payment would clear instantly.

 

Minimum Safetransit Time

The First Transaction Protection Delay is implemented as a Minimum Safetransit Time.  When making your first payment to a member, iGolder automatically adjusts the Safetransit time according to the transaction amount.

 

 

Notice that the protection delay has drawbacks: you have to wait the same delay when you receive gold for the first time from someone else.  Depending on reputation, we may waive this delay so that you may receive gold instantly regardless of the transaction amount.  Waiving the transaction delay still protects you against an unauthorized transfer, because when you send gold, the receiver has to wait the protection delay, giving you time to report any unauthorized transaction.

 

Email Notification For All Payments

Every time you make a gold payment, iGolder sends you an email notification message.  This feature, combined with the First Transaction Protection Delay, gives you a good protection against theft, because it gives you time to stop an unauthorized gold payment.  Also, the thief, knowing you receive an email notification about the gold transfer, and the transfer may be stopped during the First Transaction Protection Delay is less likely to try hacking your account.

 

Email Notification For All Logins

By default, iGolder sends you an email notification for every successful login and every failed login.

 

The successful login notification is useful to discover someone has successfully accessed your iGolder account.  If a crook managed to steal your iGolder password, he may be able to steal your identity, enable automation, and/or also initiate a gold transfer.  The sooner you discover the issue, the sooner you may act by changing your password and keep an eye on your account.  By having this option enabled, you have the peace of mind nothing happens to your iGolder account behind your back.

 

The successful login notification is useful to notice someone is trying to guess your password to access your iGolder account.  If you see repeated failed logins attempts, then perhaps you should consider disabling login permission to that email address, and use another [secret] email address to access your iGolder account.

 

You have the option to turn off those email notifications in your Account Settings.

 

 

Alternative Login

You may use a secret email address or alias to login to your account.  With iGolder, you have the option to grant permission for each email in your account, such as receiving gold, login, notification and confirmation messages.  Anyone trying to login using your public email or username will automatically trigger a security alert and send you an email notification message to your other email(s).

 

Learn more about emails and aliases.

 

History of Logins

iGolder gives you the full history of all the logins to your account, including attempted failed logins.  At a glance, you can have an idea if your account has been under attack and take action such as using a different login username or email.

 

View my Login History.

 

Expiring Links in Email Messages

Every action link from an email message has an expiration date.  This security feature is a powerful protection against someone trying access your iGolder account by reading your old email messages.

 

For instance, when you initiate a request to reset your password, you receive an email message with a link to confirm your action.  You have a few hours to open this email and act (click on the link).  If you wait past the link expiration date, the link becomes invalid and you have to start over.  Therefore, anyone reading your old email will be unable to reset your password because the password reset link has expired.  The same applies for other actions such confirming a new email address to your iGolder account.

 

Delayed Password Resets

In our Security Tips, we stress the importance of keeping your email messages secure.  Almost all online payments have a built-in feature to reset a forgotten password.  A hacker simply has to initiate a password reset and wait for the email message containing the link to reset your account password.  The hacker does not need to know your email password nor your iGolder password to empty your account.  A simple password reset does the trick to login and access your iGolder account. At iGolder, we have a mechanism to protect your account from unauthorized password resets.

 

Reporting a Password Reset:

When you initiate a password reset, iGolder sends a notification message to all email addresses you have entered in your iGolder account.  For instance, if you have one email at home and one email at work, you will receive two notifications regarding a password reset on your account.  If you login to your iGolder account, then the password reset procedure is automatically aborted, and iGolder displays you the message Password Reset Aborted.

 

 

After all, accessing your iGolder account is the ultimate proof you know your password, and therefore the password reset procedure is no longer necessary.

 

Double Email Confirmation:

To protect your iGolder account, the password reset procedure is not instant, therefore giving you time to notice an unauthorized password reset - and abort it.  The delay between the two email confirmations depends on the amount of gold in your account, and the elapsed time since your last login.  For instance, you may instantly reset your password if your account is brand new and empty.  On the other hand, if you have been a long time iGolder member using the same password for months, and your last login was yesterday, then the supposed "I forgot my password" will require a double email confirmation with a delay of up to 3 days.  Hopefully this delay will give you enough time to notice your account is being hijacked and contact iGolder about the issue.

 

To find out more about the procedures to reset your password, visit resetting my password.

 

Password Encryption

Another security feature is that all passwords are encrypted using SHA-512 with salt - the strongest encryption available for storing passwords.  This way, you can use your favorite password and never worry about anyone knowing it, including the operators at iGolder.  Even in the case the iGolder database is stolen, it is impossible to decrypt any password.  As a result, the hacker will be unable to use the stolen data to login to iGolder and steal gold by making unauthorized transfers.  By the way, iGolder cannot re-send your password because it is also impossible for us to know your original password.  All iGolder can do is sending you an email with a link to reset your password.  When you click on the link, you enter your new password which is immediately encrypted in the database.  Your new password becomes active only after the password reset delay as described above.

 

iGolder Bot

The website iGolder has a software bot working 24/7 protecting your account.  The bot analyses all kinds of activities on the iGolder website, including failed logins, requests to reset a forgotten password, IP addresses, transfer amount, transfer frequency and account reputation.

 

If the bot detects suspicious activity such as repeated failed logins or a large transfer from your account, it may send you an email to confirm with you that everything is OK.  Likewise, a login from a new IP address making a large transfer to a brand new account raises suspicion.  In rare cases, the bot may lockout an IP address or freeze an account to protect against further attacks.  The bot is capable of dialing phone numbers and calling any iGolder operator to immediately notify about the suspicious activity.  The iGolder operators will do their best to promptly investigate the problem and act according to the severity of the problem.

 

Report Theft

Our preferred exchangers have access to a special alarm trigger to report theft, such as an individual purchasing gold with a fraudulent check or a stolen credit card.  Only our most trusted exchangers may access to this special trigger, enabling them to freeze an account until investigation.  The exchange provider can only freeze an account he transferred gold, so the trigger is limited in scope.  The exchanger must also give a detailed description about the payment so iGolder can investigate by asking the buyer to prove the payment cleared and/or the credit card transaction went through.  If the exchanger was indeed victim of theft, then iGolder will return the gold to the exchanger and permanently ban the fraudulent member.  If the exchanger abuses of this feature, such as triggering a false alarm, then he will lose our protection and will earn several demerit points.  Just to make it clear, this option is only for our trusted members exchanging fiat money to digital gold.  Regular members buying and/or selling goods and services do not have access to this alarm trigger - they are protected with the Safetransit™ tool.

 

Although this feature does not offer a direct benefit to regular members, it creates a favorable environment for more payment options and lower exchange fees.  Without protection to our exchangers, some payments options such as credit cards would be unavailable because of unacceptable fraud risk.  If iGolder can help minimize losses, then the fees are considerably lower.  Ultimately, we, the consumer, pay for theft by paying higher fees to offset the losses. 

 

Sound KYC Policy

Our Know Your Customers policy is giving us a fighting chance to identify fraudsters, thus protecting our members from engaging business with criminals. Crooks are tenacious.  They spend their days trying to find more effective means to steal from others.  If a scam does not work, they will try another one.  As a rule of thumb, if someone has a history of being dishonest, it is very likely he will be dishonest with you, sooner or later.  We do not want those swindlers as our members, and will do our best to kick them out and make sure they do not come back.  We believe in freedom of trade, and if someone wants to do something stupid such as subscribing to a get-rich-quick scheme, he is free to do so, without using iGolder.  As the founders and owners of the website iGolder.com, we also have the freedom not to trade with individuals we believe will stain our reputation or hurt our business.  We spent a lot of energy to create iGolder and have no desire to have scammers destroy what we built.  If a scammer is not happy with our YKC policy, he is free to start his own website and set his own rules.

 

Transaction Limit for Non-Verified Members

A non-verified member is limited to send a maximum of 100 gr of gold per month.  iGolder displays the following message to any non-verified member attempting to spend over the limit:



This security feature is a powerful deterrent against a phishing attack, where a thief creates a new account with the intent of stealing gold from others.  With this limit, the thief is limited to withdraw a maximum of 100 gr of gold per month, which gives us plenty of time to act if notified by any victim.

 

Transaction Delay for Non-Verified Members

Wait, there is also a transaction delay for when sending told to a non-verified member.  The transaction delay is called Minimum Safetransit Time.  The Minimum Safetransit Time is always 48 hours for Anonymous Members, and always 24 hours for Identified Members.  This delay is somewhat similar as the First Transaction Protection Delay, however it is always enabled for non-verified members receiving gold, regardless on the number of payments previously made.  Therefore, even if our thief identifies himself with a photo ID and provide a proof of address, he still has to wait a minimum of 48 hours for the gold to clear.  Such delay should give you enough time to stop the payment and report to iGolder the unauthorized transaction.  In the case the thief is a Verified Member, he still has to wait from 24 to 72 hours (depending on the amount), unless he previously received more gold from you than the amount he wishes to transfer for himself. *

 

Minimum Safetransit Time

The Minimum Safetransit™ Time is a delay required by iGolder when making a gold payment to an Anonymous Member or an Identified Member, or making your first transaction to a Verified Member.

 

The table below displays the Minimum Safetransit Time according to the account type.

 

Account Type Minimum Safetransit Time
Anonymous Member Always 48 hours
Identified Member Always 24 hours
Verified Member None.  Notice there is still the First Transaction Protection Delay ranging from 24 to 72 hours depending on the amount transferred on the first transaction between two users.

 

 

The following table displays the Minimum Safetransit Time according to the transaction amount as described in the First Transaction Protection Delay.

 

Transaction Amount First Transaction Protection Delay
Less than 100 grams 24 hours
Between 100 grams and 1,000 grams 48 hours
More than 1,000 grams 72 hours

 

 

The security importance of having a Minimum Safetransit Time

In our opinion, the Minimum Safetransit Time is the most effective security feature of iGolder.  When theft is committed, the thief must transfer the stolen gold quickly before being discovered, leaving the losses to someone else, typically an innocent exchanger.  Having a delay between gold transfers gives us time to act and stop any fraudulent transfers.  Such delays between transfers is also a powerful deterrent to a fraudster considering stealing gold at iGolder, therefore reducing the risk of phishing attacks and theft.

 

With our Minimum Safetransit Time, you get the best of both worlds: you benefit of our unmatched security and the opportunity to have instant payments.  Your payments are instants once you have established a trade relationship with a Verified Member.

 

Anonymous Members Limited to Send 100 Grams Per Year

Another important security feature is Anonymous Members are limited to spend a maximum of 100 gr of gold per year.  This transaction limit reduces fraud, because the fraudster cannot withdraw (out-exchange) large quantities of gold.  Only our verified members have no send limit, however a fraudster is unlikely to become a verified member to empty a stolen account (thieves do not like to identify themselves before and/or after committing theft).

 

Zero Tolerance Towards Fraud

A business is an entity serving its customers. The question is: what type of customers do we want to serve?  We believe there is a market for online honesty by serving highly reputable customers.  Our goal is providing tools to make online transactions safe and attract businesses who never considered online trade before.  To achieve this, it is important iGolder lays down a strong policy against fraud, otherwise we will attract fraudsters in drove.

 

People committing fraud are willing to take risks, and a new business does not scare them - rather, it is an opportunity to scam others.  After all, trading with a new business is always riskier than trading with a long established business, so it is possible the early adopters of a new business are fraudsters willing to jump into a new venture.  If the new business turns a blind eye on fraud, then there is a point where it is almost impossible to revert the situation.  When the majority of its customers are crooks, the business has no choice to keep serving them as customers, otherwise facing bankruptcy.  When fraud is rampant, the business must spend a great deal of its resources to handle complaints, disputes and even court cases.  Ironically, the business needs all its income from customers just to remain afloat, and the only customers who are willing to tolerate the high fees are those who are dishonest.  The honest customers have already left, making the business more and more dependent on its remaining customers - the fraudsters.  As a result, the business lives in symbiosis with the fraudsters, as they are both sharing the proceeds of crime, and it often becomes a partner in crime for survival.  Just think for a moment having a business where 95% of your customers are involved in Ponzi schemes, high-yield investment programs, get-rich-quick scams and gambling.  What could you do?  The moment you ban such activities, you lose 95% of your customers and probably forced to declare bankruptcy.  Would your business survive with only the remaining 5% of your customers?

 

On the other hand, if a business has great customers, then there is an economic benefit to getting rid of the few bad customers and retaining the patronage of its existing good clientele.  By the way, getting rid of a few undesirable customers in order to keep the patronage of a good clientele is not an endorsement of the "Greater Good" theory nor an acknowledgement towards Utilitarianism.  iGolder expels bad customers because we choose to exercise our right of freedom of association and private property - to maximize our profits.  People have the freedom to not associate and walk away from each other.  iGolder is a private club with its own rules - the Account Agreement. If a member does not follow the club rules, such as defrauding other members, we have the right and the duty to expel him.  On the other hand, we want to have as many members as possible, so it is in our best interest to make our club rules as accommodating as possible.

 

Conditional Payments (Safetransit™)

iGolder has a built-in mechanism for conditional payments called Safetransit™.  The buyer can hold the transfer until obligations have been fulfilled by the seller, such as the delivery of a product or service.  The performance conditions can be uploaded to iGolder, so in case of a dispute, the arbitration specialist will have a document describing the obligations of each party, and render an award such as a refund to the buyer.   Any disputes regarding the goods or services are professionally resolved before the payment is released, thus eliminating the possibility of non-shipment or misrepresentation of merchandise.  Safetransit also protects the seller, because the delivery of the goods or services guarantees the release of a non-reversible payment.

 

Dispute Resolutions

A dispute is a situation where the performance of a member has not been fulfilled according to the exchange agreement.   iGolder offers the option for the buyer and seller to mutually choose a mediator or an arbitrator to resolve their dispute, allowing them to pick a professional expert in the field.  If one party fails to respond to a dispute claim within a reasonable delay, then the complaint will affect the member's reputation.  To make online transactions safer for the buyer, the seller may voluntary set aside an amount of gold as a Dispute Reserve.  A Dispute Reserve lowers the transfer fees and increase the trustworthiness of the seller.

 

Member Feedback Reputation

Member feedback reputation is not a security measure; however it gives a good assessment regarding the seller's trustworthiness, and therefore increases the overall safety when transacting with him.  A great reputation takes a lifetime to build and seconds to lose. This is why there is an economic benefit for a merchant to be honest, because each new customer brings little additional profit compared to larger losses associated with having a bad reputation and losing many customers.

 

iGolder compiles a reputation score for each club member.  This reputation score is known as Karma which is always visible to the public profile.  After completing a transaction, both the buyer and seller are given the opportunity to rate the other party based on applicable attributes, such as customer service, product quality, price accuracy, and shipping time.  iGolder rewards good behavior by reducing transaction fees according to the number of transactions made.

 

Honesty is a moral virtue, however for some, integrity carries little weight in the business equation.  To overcome dishonesty, iGolder increases the transaction fees proportionally to the number of Demerit Points, thus bringing in a measurable economic loss associated with dishonesty.  Not only a bad reputation makes it difficult to attract new customers, each transaction becomes more expensive.  Each Demerit Point affects all transfer fees for a period of 6 months, and each transaction displays those penalty fees, making the extra cost visible to the rogue merchant.  All penalty fees, measured in weight of gold, are also displayed in monthly reports, summarized by day and by complaint.  At iGolder, it pays to be honest and a good reputation is literally worth its weight in gold.

 

 

Since August 1st, 2013 iGolder is no longer accepting new accounts and balances can only be redeemed. During the past years, we have been recommending Bitcoin more than our own payment system. We believe in physical gold ownership, and developed iGolder as a mechanism for people to acquire physical gold by trading with one another.

Since iGolder has a central point of failure (our server may be raided by thugs wearing some kind of uniform), we feet it is safer for us to cease operations. The iGolder experiment has been personally rewarding as we met many gold enthusiasts and also learned about Bitcoin in the process. For those who have no idea what Bitcoin is, we recommend doing your own research. Bitcoin is far superior to iGolder in every way, both in privacy and security as our server is always vulnerable to confiscation. Bitcoin is a communication protocol with a built-in "escrow service" capable of protecting both the buyer and the seller, rendering our Safetransit completely redundant. To learn more about the Bitcoin protocol and its feature, please watch "http://www.youtube.com/watch?v=mD4L7xDNCmA (Bitcoin 2012 London: Mike Hearn).

For those having gold in their iGolder account, we will ship the physical metal to anyone having more than 1 ounce of gold, assuming the owner is willing to assume the shipping costs. For smaller quantities, we offer to settle in Bitcoin, however we will also settle with any other reasonable payment system. We will give everyone at least two full years (until 2016) to contact us to claim their gold. After that period, any unclaimed gold will go to fund an economic development project in Honduras helping local people to become entrepreneurs.

We sincerely wish you the best in life and hope to keep in contact with you.

Yours in liberty,
The iGolder Team.


Update 2014: Since we announced we no longer accept gold transfers, we have received countless emails asking to keep the free gold charts and the PGP encryption tools. We plan to keep running the domain iGolder.com for both the gold charts and the encryption tools. Better, we are developing state of the art open-source software for a secure decentralized social network with a built-in wallet. We will announce when we have a product ready for use. Stay tuned!