Each user registers for the platform with their personal email address, then they choose their own passcode to open the platform, as well as another passcode to access their trading data.
To open an account each user has to supply large volumes of personal details, and in many cases, copies of personal documents. These are confirmed with emails sent to the user’s registered email address.
The platform only allows one device to be open at a time, so if a user has their Marketech Focus platform log-in details stolen, they will likely be alerted to another user logging in - as they will be logged out.
To access the platform a hacker would first need to know the user was a client of Marketech. They would then need their computer password or phone password. Once they’re into your personal device they would need access to your Marketech Focus log-in password, and then your trading PIN. Once all of this has occurred the most they could do is place a trade, as no money can be moved around on the platform.
The user controls their own cash through the Macquarie portal and there is not crossover between the platforms beyond the settlement of trades.
If trades are placed, you will receive an emailed contract note within a few hours. If someone changes your registered mailing address, you will receive paperwork from the share registry to confirm, but there is a form that Marketech need signed, and ID, and proof that the new address is theirs – all sent via the email address we have on record.
If a client wants to transfer shares into Marketech they need to sign a form, send it from their registered email address and often, a copy of their drivers licence. If they wish to move shares from Marketech to another broker, they arrange that with the other broker.
So at worst, if someone wanted to break into a trading account (to place bad trades) they would need all of the details of your phone and email and passwords, which would make 2FA obsolete. The personal data in the platform is quite limited, and if a hacker had ‘broken in’ they would already have had access to all of that information from another source, most likely your email account.
If we enhance the platform capabilities to allow movement of money/shares or changes of detail then we would likely upgrade that part of the service at that point.