CoinMetro uses many of the security features that have proven the success of FXPIG. Since its establishment in 2011, FXPIG has maintained a firm commitment to customer security. CoinMetro plans to work with BitGo for payment processing. This will enable users take advantage of several strong security protocols in relation to login and payment approval, including:
Two-factor Authentication (via Authy)
Two-factor authentication (“2FA”) adds an additional security layer to user accounts. Login and account access will require both a password and a unique multi-digit code sent to a registered physical device, such as a phone. Authy’s multi-device 2FA feature gives users a convenient solution to securing their data.
Multi-signature transactions (via BitGo)
Multi-signature wallets require two signatures to confirm a transaction. One instance would be stored on BitGo’s server, and another would be kept at the CoinMetro Backend. To compromise a multi-signature wallet, an attacker would have to compromise both BitGo’s and CoinMetro highly secure servers.
Bio-metric authorization (via Voiceit)
Demonstrating much lower Equal Error Rates than fingerprint, iris, or facial recognition, voice bio-metrics offers a highly secure access mechanism for user accounts. Voice bio-metrics relies on text-dependent passphrases, making it possible for users to simply adopt a new voiceprint phrase to re-secure their account in the unlikely event of a bio-metric data leak.
Cold Storage (via BitGo)
CoinMetro will handle cryptocurrency deposits by generating temporary “receive wallet” addresses. Behind the scenes, assets from these temporary wallets will move to “cold storage wallets” constantly. Cold storage wallets represent the most secure asset storage in the whole ecosystem, located on a physically secure, completely air-gapped device. In the event that a bad actor were to compromise the platform, they would only have access to the small amount of coins stored in the temporary receive wallets at any given time.
NEM Enterprise Blockchain
A private NEM blockchain is used for storing sensitive information, ensuring data immutability. Even in the event of a compromised database, a full NEM backup will exist containing a 100% in-tact blockchain record of all pertinent data and user verification statuses.
In addition to utilizing a PCI (payment card industry) compliant server, CoinMetro will employ partitions to avoid data centralization. To ensure that our security protocols continue to be consistent with industry standards, CoinMetro intends to perform third-party security audits on a regular basis.
IP Address verification.
Account access will require IP verification, is an email sent to your register email, confirming you are the one logging in. You can easily deactivate this step from your profile security steps.