In this guide, we’ll analyze the security of the multi-asset trading platform Uphold and discuss whether or not it’s a safe exchange to use. Specifically, we’ll examine Uphold’s security protocols put in place to safeguard the unique digital money platform from hackers and to maintain the network’s overall security.
Headquartered in New York City, Uphold was founded in 2013 and launched its platform in 2015, providing financial services to the global market across a variety of assets.
The exchange offers a wide range of cryptocurrencies, precious metals, fiat currencies, and US equities to its clients, allowing them to trade directly across asset classes utilizing embedded payments through ‘Anything-to-Anything’ trading. Additionally, the multi-asset trading platform does not charge withdrawal fees, deposit fees, or trading commissions (read our Uphold fees guide for more details).
Furthermore, the company envisions a future in which everyone and every business has access to dependable financial services at a reasonable price by using unique technology and e-money applications as the basis of its platform. Thus, it created a one-of-a-kind market for the trade of both digital and physical assets differentiating itself from its competitors.
Note: For more information on the platform and its main products, please see our in-depth Uphold review.
Uphold’s core products
Uphold, with over 7 million clients, is a platform where users can trade between cryptocurrencies and various asset types. For instance, one Uphold account gives you access to 50 U.S. equities, 60 cryptocurrencies, four precious metals, and 27 other national currencies.
Consumers may select from over 150 digital currencies, including popular cryptos, new tokens, and stablecoins. Uphold facilitates crypto purchases by connecting to 36 banks worldwide, seamless debit/credit card payments, and connecting to 7 blockchain networks.
The four precious metals, including gold, silver, platinum, and palladium, may be readily purchased and held using Uphold, as well as traded for immediate liquidity into 27 different national currencies with 0% custody fees.
Buy and Sell U.S. Stocks
If you’re in the United States, you may get proportional ownership via the exchanges’ fractional equities, meaning you may now buy shares in significant U.S. firms for as low as $1. Uphold also pays declared dividends, and you will receive a proportional part of its dividends in exchange for your investment.
Uphold Debit Card
Customers may pay with crypto, metals, currencies, and Google Pay or Apple Pay while using the Uphold debit card. The world’s first multi-asset debit card is accepted at over 50 million merchants and ATMs worldwide, and there are no foreign transaction fees.
Personal trading enables Uphold users to buy crypto, precious metals, US stocks, currencies, and other assets all on one seamless ledger. It is cost-effective, hassle-free, and offers a unique trading experience since you may trade straight across different asset classes, saving time and money.
Using a single Uphold Business Account allows customers to reinvent their businesses or work alongside Uphold by integrating the company’s open API into their current infrastructure.
Given Uphold’s advanced security procedures protect the safety of all of your assets and data, this account provides cutting-edge security for your organization on top of giving you access to a worldwide consumer base.
Key Security Measures
Uphold is committed to compliance in its positions as a FinCEN Registered Money Services Business (MSB) in the United States and an EMD Agent for an Electronic Money Issuer regulated by the Financial Conduct Authority (FCA) in the United Kingdom.
The company also has offices in key global centers such as New York, Shanghai, Braga (Portugal), North California, and London. Every office location of Uphold is equipped with smart card access readers that regulate access to the major sections of the building and critical operating areas.
Aside from that, the company is committed to complying with all applicable legal and regulatory obligations in the United States, Europe, and other areas of the globe where it operates.
Customized security measures are used by the exchange, including a cold storage facility where 90% of funds are kept and an insurance policy protecting currency stored on the platform in the event of a security breach.
Additionally, in order to protect your data from unauthorized access, when you enter it into the system, Uphold uses rigorous security procedures to keep it safe. Only authorized Uphold employees have access to data if they have a genuine need to know.
Uphold Proof of Reserves
Furthermore, many of the firm’s patent-pending and unique technologies, such as the Reserveledger™ and Reservechain™, have been verified by frequent independent audits and enable you to check its commitments, transaction flows, assets, and financial stability.
You may verify its reserve holdings at any moment on the “Transparency” page, which shows the current state of the company’s reserve balances to make sure your money is secure.
The following is a list of the security measures implemented by Uphold:
Uphold employs multilayer defenses and sophisticated encryption to limit the scope of potential attacks.
Measures include, but are not limited to, the following:
- Software and security patches are checked and updated regularly;
- The transit of all emails may be secured using encryption;
- Uphold enforces Role-Based Access for sensitive operations or functions;
- The exchange employs SQL injection filters and creates models and validation patterns for each unique data field in order to prevent data corruption;
- Uphold uses Test-Driven Development (TDD) procedures, which include comprehensive unit, functional security, and integration testing;
- Private keys are safeguarded by using advanced encryption techniques;
- Everything on the website is protected by Transport Layer Security (TLS) (https), which is an encryption protocol that protects Internet communications;
- The credentials for the application are kept distinct from those for the database and code base.
- The company conducts independent security assessments at least once a year to address possible online network security vulnerabilities quickly. These security audits involve device diagnostics, internal and external penetration testing, in addition to policies, procedures, and standard assessments;
- Uphold’s team of internal security experts and outside security companies perform penetration testing of its systems regularly. To verify that the security measures are functioning in order to safeguard your personal data and money;
- The exchange carries out continuous vulnerability scans and evaluations of internal and external systems, identifying security flaws and taking prompt remedial action if any are discovered;
- The Uphold Security Team performs periodic audits to verify that all workers adhere to company policies and procedures;
- Additionally, the Uphold Security Operations Center monitors its systems 24/7 and 365 days a year and reacts promptly to suspicious behavior;
- Independent third-party auditors conduct financial audits and ensure that Uphold complies with all relevant regulations.
Regulatory Compliance & Anti-Money Laundering (AML) Controls
- Uphold collaborates with licensed banking partners in the United States and is regulated by FinCEN, a division of the United States Treasury Department;
- As a licensed financial services company, Uphold is required to adhere to worldwide Anti-Money Laundering (AML) regulations. While, keeping member personal information secure and transactions secret is paramount to Uphold’s mission;
- Nonetheless, as is the case with other financial service providers that operate in accordance with the law, Uphold are obliged by law to record information about members and transactions and, on occasion, to disclose this information to law enforcement authorities;
- The exchange is obliged to comply with Payment Card Industry Data Security Standards (PCI/DSS) in order to strengthen controls over cardholder data and thus minimize credit card fraud. Compliance is validated yearly by an independent Qualified Security Assessor (QSA). In fact, Uphold was one of the first companies that was certified to the PCI/DSS, widely regarded as one of the most stringent in the sector today;
- Uphold maintains records in accordance with Bank Secrecy Act (BSA) reporting standards, that specifies that currency transaction reports and other reporting obligations are triggered by transaction volumes and certain activity patterns;
- Lastly, Uphold complies with the rules of the Office of Foreign Assets Control (“OFAC”).
As part of the employment process, all Uphold workers must pass a comprehensive background check, which includes a review of their criminal records and financial records.
- All workers must utilize screen locking and store equipment safely;
- Staff must use strong passwords or passphrases for all services, and admin accounts must utilize authorized 2-factor authentication techniques;
- Employees are subjected to ongoing security training to ensure that they are following best practices.
In November 2018, a minor problem occurred in which Upholds mail service account (rather than the exchange) was hacked, although it was swiftly resolved.
Uphold later clarified in a subsequent tweet that the hacked account was a third-party mail service provider that may have been hacked and was not connected with the company’s own incoming mail infrastructure.
While Uphold was conducting an investigation, it temporarily suspended Bitcoin withdrawals until it was able to contact all members who had received the phishing email.
Uphold has insurance coverage in place to cover the loss of cryptocurrencies as a result of a security breach or hack, employee theft, or fraudulent transfer, up to the value of all assets held in its offline storage.
On the other hand, Uphold’s insurance coverage does not cover any losses incurred due to unauthorized access to your Uphold account. You must protect your Uphold account by using secure passwords and 2-Step Verification while accessing your account and when authorizing withdrawals from your account.
There is no government backing for digital currency; thus, it is not subject to the safeguards of the Federal Deposit Insurance Corporation (“FDIC”) or the Securities Investor Protection Corporation (“SIPC”).
3rd Party Due Diligence
There are strict due diligence processes in place for all of Uphold’s service providers because of the sensitive data involved in any integrations.
Uphold thoroughly verifies all prospective service suppliers and partners by carrying out an assessment looking into the service provider’s security procedures and data protection and how they would utilize Uphold data.
Each third party is required to:
- Keep confidentiality all client information;
- Permit Uphold to conduct an audit of the service provider’s data security measures;
- Maintain adequate protections for all consumer data;
- Notify Uphold of any violations of material security.
In Europe, Uphold safeguards your money by keeping approximately 90% of crypto in an offline cold storage solution secured by a multi-signature method that ensures no single individual has permission to transfer it. In order to maintain liquidity for its service, the remaining 10% is kept on secure internet servers.
As soon as you suspect that your account has been compromised or hacked, contact Uphold immediately, and it will restrict your account to prevent any withdrawals until it has been completely secured.
Directly email [email protected] with the subject line “My account has been compromised.”
It is possible to use another email address if you do not have access to the email address connected with your Uphold account and provide the following information:
- The email address connected with your Uphold account;
- Your full legal name;
- The last four digits of the phone number that is linked with your Uphold account.
Bug Bounty program
Users may also participate in the Intigriti public BugBounty program by reporting a security vulnerability in the Upholds platform in exchange for a reward.
Data & Privacy
Uphold has developed technology to secure Personally Identifiable Information (PII) in compliance with local, state, federal, and international legislation.
For instance, if you want to submit a Data Subject Request, you may do so by contacting the Uphold Support Team. Furthermore, if you have any queries or issues, you can contact its Data Privacy Team for assistance.
Uphold customer security features
Uphold’s primary objective is to safeguard the customer’s money and personal information. As a result, its systems adhere to the most stringent security requirements throughout its entire platform – and it works hard to educate its clients on the important role they play in keeping their data safe and secure.
It is critical to the security of your transactions that you verify your identity. For your protection, Uphold employs rigorous password limitations and email verification in the event that anything suspicious is found. The business will also send you an email if it notices any unusual activity.
Uphold gathers your legal name, date of birth, and phone number when you register. This enables the company to safeguard you against fraud and to keep our community secure. However, you are not required to prove your identity until you request a withdrawal or transfer money to another person.
If your login and password are stolen or hacked, Uphold offers you the opportunity to add an extra layer of protection by activating two-factor authentication (2-step verification).
For the purpose of establishing its verification and identification processes as well as detecting dubious activity in the marketplace, Uphold has implemented a robust Know Your Customer (KYC).
Note: We recommend checking our step-by-step Uphold KYC guide to know about the process in more detail.
These security measures are used and recommended by Uphold to customers in order to secure clients and their money, as well as themselves and their accounts.
The authenticator app is a free app in which you input your unique Security Key, which is linked with your Uphold account. The app will produce a verification code every 30 seconds, which you will require for certain activities, such as withdrawals, in order to complete the transaction.
The verification code is a 6-digit code produced by the authenticator app for 2-Step Verification. This code, produced every 30 seconds, is required in addition to your password to ensure your account’s security.
Google Authenticator is the most widely used authentication app, although there are a plethora of others to select from, including the following:
- Google Authenticator;
- Microsoft Authenticator;
How to set up Google 2FA step by step:
Step 1: To activate two-factor authentication, you must first download the “Google Authenticator” application. You may download the app from either the Apple App Store or the Google Play Store, respectively.
Step 2: To access your “Google Authenticator,” log in to your account and choose “Account Settings” from the left dashboard. Then select “Security,” and look for the “Google Authenticator” at the bottom of that page. To set up 2FA, just click “Enable” and follow the on-screen instructions.
Step 3: Open the Google Authenticator app and scan the QR code to create a 6-digit number or “token.” To confirm, you must enter the code. This code is updated once every 30 seconds by the system. If you are unable to scan the QR code, you will be required to use the Google Authenticator Key.
As a result, if you lose your Google Authenticator, you may recover it by logging in with the Google Authenticator Key that you have stored in a safe place.
Keeping your account and personal information safe is a top priority for Uphold; thus, a 2-Step Verification is required for your account to protect your personal information and funds. This can be set up on both the web and mobile app.
Bear in mind that if you reset your 2-Step Verification for the first 24 hours after you reset it, you will not be able to withdraw any funds.
Watch the video: How to set up 2-step verification on a new device
Time-based One-Time Password (TOTP)
For 2-Step Verification, Uphold employs the Time-based One-Time Password (TOTP) algorithm; this token service depends on the actual device – in this case, your smartphone – rather than a phone number to function properly and, in particular, they safeguard your account against SIM swapping.
Beyond the advantages of enhanced security, TOTP also can operate without the need for an internet connection and provides users with the freedom to select from a variety of authentication apps mentioned above.
Your Uphold account’s Security Key is a 32-digit number that will be given only when you enable 2-Step Verification security. In order to get Verification Codes, you must enter this key into your Authenticator App during setup. Ensure that you keep your Security Key in a safe place since you will not be able to access it afterward.
Upcoming security projects
Uphold is implementing rules that will allow you to rectify a mistake in your stated information – such as entering an incorrect number in your date of birth – without having your account limited due to the error.
Furthermore, with the introduction of telephone assistance, you will be able to talk with a live person when encountering issues that you are unable to resolve on your own.
Face-recognition technology will be incorporated in the company’s mobile app for devices supported by the system, which will eliminate the requirement for onerous 2-Step verification security procedures that need third-party software.
Electronic identity verification
Uphold is bringing automated identification verification to the United States. For the vast majority of people in the U.S., this means no selfies and far lower failure rates.
In order to avoid interfering with your trading experience later on when you reach specific criteria, Uphold will be gathering additional information upfront. It aims to provide a smooth experience with the least amount of fuss. Data on anti-money laundering measures will be gathered in the app (in seconds) rather than via email or other external channels.
Uphold Customer support
Users may search for answers to their inquiries in Uphold’s extensive FAQ area. Clients may also send in a service request by simply providing their email address, choosing the particular issue area, and providing further information.
Nonetheless, Uphold does not provide telephone or web-based chat support to its customers for the time being.
In the future, you will have less need to contact customer support since you will be able to self-serve in the app for things like updating your email address or enabling 2-Step Verification without requiring assistance from the exchange.
Overall, Uphold is regarded as one of the most dependable cryptocurrency exchanges for trading across a wide range of asset classes on the market. The business complies with a wide variety of international regulatory standards while being forward-thinking and creative, as shown by its rapid development since its platform launched in 2015.
The platform is considered among the finest in the world in terms of security, reliability, service quality, and usefulness. It operates under a transparent and open framework that allows both users and non-users to see the firm’s proof of reserves in real-time.
In addition to a BugBounty program to identify vulnerabilities, the company employs several levels of encryption across a number of its protocols, as well as third-party due diligence, cold storage, and internal and external auditing.
Uphold’s unique digital money platform, which provides financial services to the worldwide market across various assets, is, in our opinion, one of the safest and most secure platforms on the market. It has an unblemished track record of hacking and adheres to stringent laws and regulations to ensure the safety of trade and the exchange process.