The Hype Of Fully Integrated Solutions: What Lies Beneath

The Hype Of Fully Integrated Solutions: What Lies Beneath

For the last couple of years, there’s been a turmoil on the retail FX market. As the big names are consolidating in Europe and the U.S., new brokers are emerging from the Middle East and Asia. Following the shifts in the market landscape, technology providers are also changing their offerings. Many of them promote new large-scale products that are designed to fulfill multiple purposes at once or provide control over several parts of a broker’s platform: STP bridge, dealing engine, back office, website, CRM, and others. Such products are also known as “fully integrated solutions.” The idea is great and the features are appealing, but are these products as good as they look on paper?

How It All Began

The concept of deep integration through various components has been around for a while, but it skyrocketed with the boom of smartphones and gadgets. Having access to the everyday functions of personal computers in your pocket made them invaluable in everyday life. As the software behind gadgets got more advanced, it also allowed interconnection between different applications so you could get the benefits of using them at the same time.

Since then, technology giants Apple and Google have delivered alternative visions of the whole software environment. While Apple thinks about everything from A to Z, Android has a slower, do-it-yourself approach. If you’re using Apple, then the developers have already chosen an application which carries a certain goal. In contrast, Android users can choose from a variety of options to fit their setup.

Inspired by the accomplishments of the industry leaders, brokerage software providers decided to replicate the concepts in their own products.

The Flying Start

As the brokerage businesses expanded, the overall complexity of their systems increased. Each new service, tradable asset, platform, liquidity provider, branch in a different regulation—everything—has to be planned and considered from a technology point of view. That’s where fully integrated solutions came in handy. Nowadays there are products on the market that allow you to control A/B book execution in one interface, aggregate liquidity from several providers on your own MT4 server, and manage your clients within a single CRM integrated with your brokerage website and sales tools. This allows the broker to reduce staff expenses and automate the routine work. For startup brokers, there are one-stop-shop offers, when one provider will handle everything from license to website and liquidity.

Yet with all advantages lying on the surface, some brokers prefer a more conservative, hands-on approach. Why is that?

The Pros And Cons Of Fully Integrated Solutions

ProsСons
Unified control panelComplicated architecture and configuration
Routing of execution flowReduced stability and speed
Extensive list of featuresHigher purchase and upkeep cost
Incorporation of best practices from providerInability to replace the components on the go
Ties broker to a single technology provider

The Pitfalls

One of the main concepts in software development is that the stability of the whole system is inversely proportional to the number of components. The simpler you make the product, the more stably it will perform. This basic rule applies to fully integrated solutions in the best way possible. Most of these solutions consist of several components, and some of them are installed on multiple servers. This brings numerous questions into consideration: overall speed, compatibility, connection issues. Some parts can only be managed by a technology provider, which means that the brokerage does not have full control over its platform. Moreover, maintenance and upkeep of such solutions is much more difficult and costly.

Imagine a situation when the broker bought a set of integrated products from one provider, like trader room + CRM + back office. Everything looked good until his regulator introduced new policy or reporting. All of a sudden, one of the components has to be replaced and there’s no quick solution because the provider did not think through the standalone compatibility of each component. It only worked when everything was provided by one company.

Better Safe Than Sorry

It is often said in the technology market: “Do not reinvent the wheel.” The providers who rely on this point consider their fully integrated products as the “Next Big Thing” in FX technology, but remember that one size does not fit all. Before making a decision, consider how flexible a particular product is, how scalable it is to perform one year from now, and how it will behave when the unexpected happens. These questions will eventually help you to define your own understanding of your needs and help you to improve your business.

Posted by Katya Yun

The Quest To Find Out Who Stole Your Clients

The Quest To Find Out Who Stole Your Clients

Finding paying clients is what usually makes or breaks a retail Forex brokerage company, so many FX companies consist mostly of a marketing/sales department, because acquiring and retaining customers is the most important (and, probably, the most difficult) thing a broker can do to be profitable.

One way to lose your hard-earned clients is if some dishonest competitor gets access to a whole list of your clients — their names, emails, phone numbers, and payment histories — and targets their advertisement campaign at them directly, by emphasizing your shortcomings and their own advantages, even if untrue.

In this article, we will take a look at how MetaTrader 4-based retail brokerages can protect themselves from theft of their clients’ contact details.

Who Steals Clients, Why, And How

Obviously, the beneficiary of your client database theft is your competitor. Nobody would mind extending their mailing list with thousands of emails of fresh traders eager to make a live deposit. Every sales department dreams of an opportunity to get a thick list of leads with full names, phone numbers, and valid addresses.

But how could it happen that your full list of clients that you’ve cultivated carefully with years of honest operations would end up in your competitor’s hands?

First, of course, it could be a server security breach — your website could get hacked, or your trading server’s passwords could be guessed. We will not be discussing this possibility in this article. It is a very broad topic well beyond our interest here. To mitigate such risk, you should hire competent IT personnel.

Secondly, your employees could leak or sell your clients’ personal data to third parties. They say that if you go to a bar in Limassol on Friday night, $1,000 could get you a full client database from an FX company across the street. If your chief dealer or IT guy think that they are under-compensated, they might have an easy time making up that difference.

Finally, your technology partners could “borrow” your clients’ information rather easily. If you installed a plugin into your MetaTrader 4 server or logged into some third-party tool with your manager’s login and password, it would take less than 10 seconds for an untrustworthy IT vendor to sneak all traders out without leaving any traces. Some technology providers might even launch their own retail Forex brokerage division eventually.

Certainly, there are other, less common possibilities, but for the sake of brevity, we will concentrate on the second and third cases.

What Are Brokers’ Options To Protect Their Client Base?

Protecting your clients’ information is a two-step process:

  1. Preventing third parties from being able to steal your database
  2. Making sure that, should the database get stolen, you know exactly who did it

Managing Access

These are some pretty obvious things.

You should make sure that both your employees and technology providers are trustworthy. Ask for references from other brokerages in advance, and make sure you don’t give direct RDP, Radmin, or unsupervised TeamViewer access to your server. Don’t issue MT4 Administrator or unrestricted MT4 Manager credentials for newcomers.

If you ever share passwords with new technology providers, make sure you change them after the job is done — even if their account managers wish you the best, you don’t want to bet your database on the trustworthiness of all their temporary interns or soon-to-be-fired personnel.

Making Punishment Inevitable

Eventually, no matter how paranoid you get, there’s always a chance that some things might slip beyond your attention. “One of the greatest checks on crime is not the cruelty of punishments, but their inevitability” (“On Crimes and Punishments”, Beccaria). One of the most effective ways to prevent theft is making sure that every time it happens, you can find out who did it.

The problem is that there’s probably no way to pinpoint theft of a client base with 100% certainty, but there are many more or less reliable ways to figure it out indirectly.

After the database is stolen, and you know the approximate time when it happened. Of course, you should consult your Windows Event Logs for RDP access entries, you should check MT4 Journal logs to see who used their MT4 Manager account, and check what plugins were installed in that time frame.

But how do you know whether the theft has indeed been committed, and when? Here’s the trick.

Finding The Thief With One Curious Trick

Let’s say that your competitor gets their hands on your database of numerous clients. What do they do? They probably launch an email campaign to let future customers know about their unique proposition. If you add a new fake email to your database every two weeks, when eventually some of the emails receive a message from one of your competitors, you can be sure that the database was stolen after you generated that particular email address, and probably before you made the next one.

  1. Make sure that you make those “fake” emails on public email services and not on your company’s domain, as they will be easy to filter out (please note that big email providers like Gmail, Yahoo, and Hotmail all require a phone number for new email registration and don’t allow too many emails to be associated with the same phone number).
  2. Devise believable names. Mehmet Bilgin with the email address: mbilgin79@yandex.com.tr will be less likely to be noticed as fake by thieves than Dummy4 with the email address: fx.dec2015@gmail.com.
  3. Don’t just put those fake clients at the end of your client list, but try replacing your old inactive clients from years ago with your “traps,” so that your defense pattern is less predictable.
  4. Don’t bother checking all those fake emails at once. Take 15 minutes to learn how to set up auto-forwarding from those numerous mailboxes to your main account, so that you can catch those newsletters with no extra effort.
  5. Automate the process in-house or contact your trusted software vendor. Although the steps are rather easy, it could get a bit tedious for one person to manage all these details.

By employing this simple technique, you can easily pinpoint when the database was stolen and recall what happened during that time: was it that extra-cheap agent commission plugin that you installed, or was it that sales intern who resigned after one month of work?

Conclusion

From my experience, so many brokers are oblivious about the dangers of their client database getting stolen. They install server plugins from people they’ve never heard of and give eternal unrestricted machine access to everyone who requests it. At the same time, retail Forex brokering is a highly competitive business that employs quite many people with floating morals who are more than willing to save themselves the effort of extending their client base.

The issue is made worse by the fact that usually it is very easy to make a copy of the whole database, leaving little to no traces, and the victim will almost never figure out when information was compromised. There’s no real way to effectively prevent every chance of stealing because of the way MetaTrader 4 works.

However, by using the easy trick described in this article, a broker can be more proactive in defending its clients’ personal data and finding the wrongdoers.

Posted by Timur Latypoff, Director of Takeprofit Technology

Окно обратной связи Free Trial