I have an account at Corner Trader. I like their web trading interface (not that it matters, I used it twice so far…). However, sometimes I worry that they are unprofessional, low-scale. If you want to contact support, you write an e-mail and then it’s always the same people responding.
Moreover, I have been begging them for two factor authentication for months. Nowadays a single password is just not enough, especially when it comes to your life savings! Finally, they have implemented this Symantec VIP Security app. You pair your CT account with the app credential, and each time you login, you need to provide a code from the app in your smartphone.
The problem is, before you enter the code, you can just change the credential and authenticate yourself with another app. It makes me really anxious. CT is the cheapest Swiss broker and I would be happy to stick with them, but some evenings I have these thoughts that all my assets just evaporate and there will be no trace of them. Or someone breaks in and makes some harmful transactions and drives my portfolio to the ground. What are your thoughts on keeping 90% of your wealth in digital form?
I’ve just got the two factor authentication enabled and was thinking it was pretty good. I hadn’t noticed you could just sign up a different credential. If you can do that on any other phone then that’s terrible. Have you asked CT about it?
Maybe i’m being naive but I’m not that worried about someone hacking in and messing up my portfolio. The money can only be transferred out to your linked account so the worst they could do would be to make some bad trades but why would they? If you’re going to bother to hack into someones banking at least you’d want to profit from it in some way.
Of course if it’s true that you can bypass the security then they absolutely need to sort that out.
I have contacted Corner Trader multiple times about this issue. They have said that it is their top priority. But it has been the top priority for months. I have installed the app on my other phone and after logging in, just changed my credential to the new phone, provided the code and voila - I am logged in. This renders the two factor authentication completely useless.
My worry is that by making trades they can still send value to a different place, for example by bumping up the price of an illiquid asset. And I have never sent money back from CT to my account, so I don’t know how this works.
Hi Bojack
even if useless, I would like to give this 2 factor implementation a try. How do you activate it? I have to admit, is the only thing that is keeping me a little bit on the edge with CT. I’m using it since 3 years and never had a problem, but a single password…meh. I try to do the most complicated and random password possible, that should help, but is not very professional.
Sadly for the moment I’m making 2 trades a year so IB is still more expensive
I’ve been molesting my advisor and CT support with e-mail since the end of last year. They told me they would sign me up for testing. Then, finally, they sent me an e-mail saying that they activated it for me. Then after I logged in, I had to provide this Symantec VIP credential, which came from the smartphone app. So I am not aware how do you activate 2FA. Maybe it is still not out of the test phase . I would write to your advisor or to the support per email that you would like to have it.
That being said, you can so easily bypass 2FA by changing the credential. It makes me so angry with CT . My bank account is with PostFinance. I have this calculator thing and it all looks much more professional than by CT. Some moments, I think that maybe I should just pay these extra few franks per year for the peace of mind. And I would also have my bank and broker under one roof (yay simplicity & minimalism).
However, sometimes I worry that they are unprofessional, low-scale. If you want to contact support, you write an e-mail and then it’s always the same people responding.
If we ever meet at a meetup one day, I’ll tell you some about UBS’s professionalism. For the time being, let’s say that it is not only CornerTrader, but rather Swiss banking, I feel, that rests on its laurels.
Regarding CornerTrader, I have my password stored on my laptop and my username in a secure cloud. This isn’t perfect but diminishes the likelihood of stolen credentials to a level with which I’m fine. But thanks for being though on them, they need to get this done. I’ll send my advisor an email to ask for a calculator like I have with UBS.
FYI, here’s my advisor’s reply, which might complement what you’ve been told by yours. No extra security for the login because:
nobody can get cash out ouf the account by himself. The email isn’t 100% clear but what I understand is that if you want to do that, you have to either go by yourself to a CT location, or authenticate yourself further on the phone for instance.
only transfers from/to bank accounts with your own name are accepted. No 3rd person can be involved.
This doesn’t solve the case where some hacker would make dumb moves with your assets. If you tell me the exact steps required to bypass the two-factor authentication, I can also forward that problem to the advisor. I’d do it myself but I don’t have a smartphone.
I’m considering cornertrader as my broker as it seems to be the cheapest Swiss broker. However postfinance is 20 CHF/year more expensive for me and my gut feeling is that they have better security.
I visited the CT seminar about the web trader platform in January and they said that they have the trading platform from the Saxo bank (white label), so I guess they cannot influence it’s security by themselves.
Hi,
I have an account with CT and asked the 2FA… I tried to “bypass” asking new credentials and no problem to register a new device!!!
I cannot understand how a big bank ( they say they are the 3rd in Switzerland ) can have such a hole in their systems…Honestly.
I’ve been using and installing 2FA, i.e. the Google Auth, without any fail or error for websites, access, etc… and there is so simple to use the API to install that I cannot understand how they are using the sh*** of Symantec…
Is unacceptable that a bank/trader can have such a big hole in the system… Considering changing the broker… I have already an account in IB but I wanted to have 2 brokers… I don’t know if was a good idea opening with CT…
that’s indeed very worrying! Have you asked them about this flaw? a reset should require either an SMS, email or phone call. Being able to just reset it without any of these voids 2FA completely
If I am not mistaken they accept to transfer money only to the registered bank account. I am not sure how one would change the registered bank account though.
By reading and partipating to this forum, you confirm you have read and agree with the disclaimer presented on http://www.mustachianpost.com/
En lisant et participant à ce forum, tu confirmes avoir lu et être d'accord avec l'avis de dégagement de responsabilité présenté sur http://www.mustachianpost.com/fr/
Durch das Lesen und die Teilnahme an diesem Forum bestätigst du, dass du den auf http://www.mustachianpost.com/de/ dargestellten Haftungsausschluss gelesen hast und damit einverstanden bist.