In modern days when hackers can steal thousands of dollars in a few clicks of a mouse, we need to be ever more vigilant. You might be wanting to get into crypto but don’t know which exchange to trust. Luckily, due to the number of high profile hacks that occurred when crypto was still finding its feet, most exchanges have really upped their game. bitFlyer understands that to really shake off the “wild west” moniker that gets attributed to crypto, safety and security need to be at its fore.

In this article we’ll show you exactly what we have in place to keep our European users secure. With over 2 million satisfied customers already established in Japan, you’ll soon get on board with bitFlyer!

Is bitFlyer secure? How do our regulatory protocols protect your funds?

bitFlyer started off in Japan and proved to be trustworthy for users, expanding to more than 2 million users. It has taken the exact same approach upon entering the European market. Nothing has been left to chance and all funds are protected in the same ways that those stored in traditional institutions are.

Due to the lack of precedence regarding cryptocurrencies, the way governments are dealing with cryptocurrencies varies widely throughout the world. The European Union started making public statements long before Bitcoin’s price skyrocketed, and has since put resources into researching and combating some of the more unsavory activities that are associated with this new financial frontier. By December 15th, the European Union had issued a 5th AML (Anti-Money Laundering) directive, aimed at integrating crypto exchanges under the same umbrella as traditional financial institutions. While this may seem to run counter to the “unparalleled freedom” that cryptocurrency is meant to stand for, as an investor, these rules are extremely important, as they safeguard assets and make sure that your funds are being used in the correct way.

The bitFlyer platform provides safety and security through both complying with all stringent European standards, and also possessing a second to none internal security system. In exploring these in more detail you will see exactly why bitFlyer is the only exchange you can truly trust.

Bitcoin Regulation - How Does bitFlyer Stack Up?

European Union AML & KYC/CDD Requirements for all Jurisdictions

As we touched on before, AML stands for Anti-Money Laundering, and a company’s compliance is a key requirement in the fight against criminal funds entering the cryptocurrency sphere. The policy’s full title is Anti-money laundering and counter terrorist financing, and it often goes in hand with KYC (Know Your Customer) and CDD (Customer Due Diligence). KYC and CDD somewhat overlap, but essentially involve making sure a customer is who they say they are, and are not being prosecuted for financial crimes. Through CDD, frequent checks throughout the duration of a customer/client relationship are made to ensure compliance. These three requirements are taken seriously by the European Union and also by the team at bitFlyer, who make sure that dirty money is kept at bay.

GDPR

The GDPR (General Data Protection Regulation) is a significant piece of European legislation that came into effect on the 25th May, 2018. Its aim was to harmonise existing European laws and also provide greater protections to citizens who use online services. As a fully fledged European entity, bitFlyer is also GDPR compliant, and as such is committed to all requirements regarding data privacy and processing as outlined in the privacy policy. This means that there is no risk of your data being sold to third parties. In addition to this, there is bitFlyer’s own internal security (which will be outlined later in this article), making sure that data leaks are prevented. bitFlyer does not share any customer data with third parties, for the purpose of cross-selling, for example.

CSSF License as a Payment Institution

One of the last acronyms we will come across today, CSSF, stands for Commission de Surveillance du Secteur Financier (the national finance authority in Luxembourg, where bitFlyer is based). The CSSF supervises and regulates financial groups, making sure products and services remain transparent and fair, and are able to enforce laws related to consumer protection, the fight against money laundering and terrorist financing. CSSF has granted bitFlyer a license under the PSD2 (Revised Payment Services Directive), which means that as a payment institution it is held to the highest standards regarding customer security, anti-crime procedures and importantly, any new regulations that are brought into effect to further tighten security in the near future.

Regulated Like a Financial Institution

bitFlyer knows that users are more likely to trust bricks-and-mortar institutions as they are physical entities that are held accountable by centuries of laws. Being regulated as a payment institution removes all possibility of being able to disappear with clients’ funds. For this reason, bitFlyer has chosen to become licensed under the EU’s PSD2 . It has a physical presence within the European Union, and is regulated in the same way as any financial institution you are a client of now.

How Else Does bitFlyer Keep Clients Safe?

Segregated Management of Customer Assets

Customer assets, including Bitcoin and Euros are segregated from bitFlyer's own assets. Each customer's bank account is unique to ensure customer assets can be properly segregated.

In addition, customer funds are managed in a separate account from bitFlyer's own personal bank account. Client funds are kept in a variety of banks, with fund segregation ensuring that even in the event of insolvency, customers’ funds will not be at risk.

Credible and Regulated Liquidity Providers

The institutions who provide the liquidity needed for trade execution are an important consideration. bitFlyer has made sure it deals with only regulated financial institutions. bitFlyer has established multiple FIX API connections with several European Union regulated liquidity providers.

Secure your Bitcoin with bitFlyer!

bitFlyer is not a new institution. Founded in 2014 and growing to be one of the major players, it has consistently updated and fortified its security system for the benefit of its users. Despite the ease provided to users who wish to buy and sell Bitcoin almost instantly, there is a lot going on in the background, making sure each connection and transaction enjoys advanced security. So how is this achieved? In this part of the article, we will be detailing some of the internal methods that bitFlyer has adopted to keep its system robust and secure.

System

  1. Network
    a) Encryption: Through using the bitFlyer network, each user can rest assured knowing the highest strength encryption technology is being used. TLS1.2 is applied to all bitFlyer connections, which are encrypted and authenticated using AES_128_GCM. ECDHE_RSA is used as the key exchange mechanism, which is actually a higher strength of encryption that the major financial institutions use.
    b) DigiCert SSL Certificate: SSL or Secure Sockets Layer, is the base standard of encryption that any reputable company will use. Supplied by DigitCert, the Extended Validation certificate is only awarded to those who meet a set of global standards. You can see evidence of this in your browser when you visit the bitFlyer website.
    c) Adoption of SHA-2 (SHA-256): SHA, a standard used by the United States government, is a highly secure hash function (data compression summary method). It is possible to verify the presence or absence of data tampering by comparing hash values for both transmission and the sending of data summary values. SHA-1 used to be the primary standard and many still do possess it, despite some security vulnerabilities that have been highlighted. SHA-2, adopted by bitFlyer, has greater security and basically removes the possibility of asset exposure.
    d) Internal Firewall Protection & Constant Monitoring: A firewall is the software and hardware used to protect networks and computers against attacks from external unauthorised sources. bitFlyer combines its sophisticated firewall with a remote monitoring function, which can be easily checked if suspicious activity arises.

Many other more complex internal features are not mentioned here due to the need for brevity, but can be found on bitFlyer’s website in the security section.

  1. Login
    a) Password Strength Check and Account Lock Function: bitFlyer encourages strong passwords and has criteria that a password has to meet, preventing brute force attacks. If a password is entered incorrectly a certain number of times, an account lock function activates.
    b) Two-Factor Authentication Through a Mobile Phone or Device
    For normal services, login is achieved through authentication of an ID and password. However, on the internet where a service can be accessed from anywhere, security may be easily breached if an ID/password pair is stolen. In addition to the original ID and password, an additional six digit number known as an authentication code is entered, hence strengthening security. Because the authentication code changes over time, as well as whenever a login occurs, a malicious party will have a much harder time trying to log in.

Other features including an automatic timeout and the ability to manage login history puts you firmly in control of your account.

  1. Bitcoin
    a) Multi-Signature: Multi-Sig is one of the latest Bitcoin security measures and keeps your transactions safer. Unlike a typical Bitcoin address, multi-sig Bitcoin addresses require two or more separate signatures to send Bitcoin. Multisig allows for extremely secure wallets, as even if a private key is leaked or hacked, unless all required keys have been compromised, no coins can be released from the wallet. It is extraordinarily difficult for an attacker to penetrate 2 or more highly secure platforms within a short period of time. Further protection is provided by bitFlyer as one of the addresses is stored offline.
    b) Cold Wallet Storage: Over 80% of Bitcoins on the bitFlyer network are stored in a cold wallet, which is isolated from the network. The cold wallet is protected by several physical locks as well as a 24/7 surveillance system.

  2. Infrastructure
    a) Latest OS Patches Applied Automatically: Any patches designed to fix or strengthen parts of the Operating System that bitFlyer uses will be downloaded and updated automatically.
    b) Self diagnosed health check on all servers: bitFlyer systems are constantly undergoing checks. If an inconsistency in data is spotted, a forced shutdown in order to minimise damage can come into place.

In addition to all the aforementioned methods that bitFlyer uses to ensure security for all users, identity verification is performed multiple times and through different sources to make sure that identity fraud is not being committed. Moreover, “white hat hackers” frequently test the vulnerability of the system, highlighting any problems that exist which can be rectified immediately.

More detailed information on the infrastructure bitFlyer uses, as well as technical program information can be found on the security section of the bitFlyer website.

Conclusion

bitFlyer has grown in popularity due to the ease of which users can purchase and trade Bitcoin. However, this ease is not at the expense of security or adherence to the proper regulatory standards. While most exchanges announce their arrival while still in the process of gathering various licenses and working out how to best comply with regional laws, bitFlyer did all this before they came on to the European scene.

With technical and legal experts who continue to align with regulations while securing the bitFlyer system as a whole, any user can be safe in the knowledge that they are trading Bitcoin the smart way. With a solid foundation and a proven track record of safety, bitFlyer is here to stay.