Home > How It Works > FAQ > What is the difference between ...

What is the difference between preventing unauthorised access to my Holding and protecting against the unauthorised removal of funds?

Providing access to your Holding and authorising the removal of funds from your Holding are two separate functions, and using a password to manage both of these functions is not really secure.

A password is useful to protect your Holding against unauthorised access. By keeping your password secret, you ensure that nobody else can login to your Holding to see the total value of metal and cash held in it or review the history of your past transactions.

But if there is no other security besides the password, there is nothing else to protect your Holding against the unauthorised removal of funds. This should be your fundamental concern, and GoldMoney provides you with a useful way to ensure that all removals of funds from your Holding are first authorised by you.

Many online systems attempts to secure accounts against the unauthorised removal of funds through the use of various security devices such as smart cards, “fobs” (keychain security devices), one-time passwords and other systems and devices designed to provide further protection than the simple username/password combination. However, all of these devices fall short in meeting both of these important requirements:

1. The security device must be a completely separate and unconnected piece of equipment from the computer accessing the account.
2. The security device must provide confirmation of any value transfer out of the account before the transfer is authorised.

GoldMoney addresses the issue of protecting the funds in your Holding by giving you the option to link your mobile phone to your Holding. Every time you attempt to either make a metal payment, to request for a delivery of a gold bar, or transfer cash from your Holding back to your bank account, you will receive a SMS text message on your mobile phone which includes the details of the transfer you are about to make and a PIN code that must be entered on the website to authorise the transfer. Once you have reviewed the details of the transfer, simply enter the PIN code into the website and the transfer is completed. Without the correct PIN code, the transfer will not be processed. Each transfer is assigned a unique PIN code of 7 alphanumeric characters, so the possibility of guessing a PIN is practically impossible.

This simple yet powerful protection works because it meets the two requirements listed above: (1) a separate device that allows you to (2) verify the value transfer instruction before authorising it on your computer. If the SMS text message showed a transfer instruction different than what you instructed and saw on your computer screen, all you would need to do is shut down the compromised computer and log into your Holding later from a secure computer and change your Holding’s password. Once you are running safely on a trusted computer, you could then initiate the payment or funds transfer instruction again.

Although no security method can ever be guaranteed to protect you 100% of the time, this method works very well because it requires that a criminal must compromise both your computer and your mobile phone in order to remove funds from your Holding. Compromising both of these devices at once is much more difficult than just compromising your computer.