Privacy & Security

Online Security Guarantee

Last updated: November 26, 2021

Your Money is Safe

At Questrade, your security is important to us. We use industry-leading security tools and practices to ensure your account is protected. It is also important that you, the account holder, take an active role in your account’s security.

By protecting your personal credentials and verifying your phone and email in your Profile, you can rest assured that your account will be 100% protected.

Encryption

Internet encryption protects your information while it is in transit between you and our systems. The encryption encodes your data so that it cannot be read or altered by third parties. Our online web applications use a 256-bit SSL digital certificate, which encrypts both request and response transactions through a secure connection. To ensure that your connection is secure, please verify that the URL protocol in your web browser’s address bar reads “https” and not simply “http”.

Action item: Check your web browser’s address bar to ensure that your connection is secure here.

Controlled Access to Your Accounts

You can access your account only by providing the correct login credentials: your user ID and password. Along with these credentials, it is important for you to verify your phone and email in your Profile. Doing this enables 2-step verification ("2SV") as an added layer of security to help ensure only you can access your account information. With 2SV:

  • We verify your identity by sending you a time-sensitive verification code to enter online. 2SV will block any new login attempt if the correct verification code isn't entered.
  • We keep a list of the trusted device(s) you use when you log in to your Questrade account, to ensure the security of your account access. A trusted device is a computer or other device that is designated by you as what you use to log in to your Questrade account. When you log in using a trusted device, you are less likely to be asked to enter a verification code each time you log in.

    • In addition to the 2SV options above, we also support mobile authenticator apps for verifying your identity when you log in to your account.

    To learn more about the security features Questrade has in place for protection of your account information, go here.

    Action item: To ensure your account security, please keep your user ID and password private, and be sure to change your password every 180 days (6 months).

    All customers are required to verify their phone number and email address in their Profile.

    Automated Alerts

    Automated alerts are a great way to stay on top of your account. Questrade provides last login alerts in your account to let you know the last time your account was accessed and the device that was used to access your account. If your account was accessed from a new device, you will receive an automated email alert.

    If you have a Questrade trading account, you can also set up confirmation alerts so that you can view all orders that are initiated from your account. Not only do these alerts tell you when your open orders have been filled, but they can also act as another layer of protection to let you know when activity has occurred in your account. Learn more about this here.

    Action item: Please regularly review automated alerts you receive to monitor your login and account activity and to keep your account secure.

    It is also helpful to set up confirmation alerts for all orders from your account to re-confirm your actions.

    Terms and conditions

    The principles of Questrade’s Online Security Guarantee are:

    • If an Unauthorized Transaction in your account occurred as a result of a breach of Questrade’s systems and you suffered a direct financial loss, Questrade will reimburse 100% of your direct loss;
    • Compensation for any direct financial loss, which resulted due to an Unauthorized Transaction is conditional upon your adherence to these sections below: Your responsibilities and Limitations.

    For the purposes of this Guarantee, an “Unauthorized Transaction” means a transaction that was carried out in your Questrade account without your permission, authorization, or knowledge and where a law enforcement report can provide supporting information that you have been a victim of fraud. For greater certainty, an Unauthorized Transaction does not include any transactions carried out in your account by:

    • a person acting under authority to trade in your account;
    • a person acting on your behalf; or
    • a person to whom you, directly or indirectly¹, provide your Questrade Account Credentials. (“Account Credentials” means your personal customer information, which is required to access your account and includes your account number, user ID, and/or password).

    Your responsibilities

    You must:

    1. Notify us immediately, but in any event no later than six (6) days after the date you receive your electronic monthly account statement upon discovering that:
      1. an Unauthorized Transaction occurred in your account; or
      2. your Account Credentials have become known to someone else

        3. To notify us, call us at 1.888.783.7866.

    2. Cooperate fully with Questrade and provide all information and take all actions that we reasonably request when investigating an alleged Unauthorized Transaction;

    Limitations

    Questrade will reimburse you for 100% of your direct monetary losses pursuant to this Guarantee provided that:

    1. The Unauthorized Transaction occurred as a result of a breach to Questrade’s systems;
    2. You do not share your Account Credentials with any other person² or organization including, without limitation, an online account aggregation service provider, or are otherwise negligent or careless in keeping your Questrade credentials confidential;
    3. You do not engage in, alone or in concert with others, any fraudulent, criminal, or dishonest activity with respect to your Account(s) and comply with all contractual obligations you have with Questrade;
    4. You have taken reasonable steps to protect your Account Credentials, including verifying your phone and email in your Profile and/or setting up a mobile authenticator app to enable 2SV within your Questrade account, before the Unauthorized Transaction occurred;
    5. You regularly (at least monthly) review your account activity, statements, and trade confirmations;
    6. You maintain a current version of anti-virus and firewall software;
    7. You notify law enforcement of the Unauthorized Transaction, upon discovery; and
    8. You only access your Questrade account from a trusted device or network that would reasonably be deemed to be secure and do not use a device or computer that is unpatched, or that would reasonably be believed to contain software that had the ability to reveal to a third party, or to otherwise compromise, your Account Credentials;
    9. You take reasonable precautions to prevent Unauthorized Transactions, including:
      1. Signing out of your account and closing your Internet browser at the end of your online investing session; and
      2. Not accessing your account through an unsecure Internet connection.

    Limitation of liability

    Questrade will not be liable to you for any indirect, consequential, special, aggravated, punitive, or exemplary damages whatsoever, in whole or in part (including but not limited to any business interruption, loss of profit, loss of opportunity, market loss, or any other commercial or economic loss) resulting from an Unauthorized Transaction in your account, even if we have been advised of the possibility of such damages.

    We may amend the terms and conditions of, or revoke, this Online Security Guarantee at any time without notice.

    At Questrade, your security is very important to us. Thank you for your efforts to secure your account information and helping us ensure the safety of your information.

    1Indirectly providing your Questrade credentials can occur in a variety of ways. For example, it can occur without your knowledge as a result of accessing public WiFi hotspots while using your Questrade account on your computer. One way to ensure that your Questrade credentials are safe is to avoid connecting your device (on which you access your Questrade account) to public WiFi hotspots, or other WiFi networks that you are unfamiliar with or have reason to distrust.

    2With the exception of your Authorized Traders that you have designated by both you and the Trader signing the Trading Authorization- Order Execution Account Only form with Questrade.