For those interested in further security details, read below to better understand how seriously Seraf takes security.
We require HTTPS for all connections to the website, and use an HSTS header so that even the initial visit is encrypted.
Phishing attacks are a problem for everyone. However, our staff members are knowledgeable, and their activities on the website are logged. We keep daily backups, and can roll back the site in the event we are compromised.
Even the most secure websites are vulnerable to attack. Weak credentials of users is a possible issue, so it’s important for users to choose a strong password. We require 8 characters minimum and 2 character types. We also recommend that our clients try to minimize the amount of personal data they load into Seraf. For example, any documents that contain detailed personal information such as social security numbers shouldn’t be uploaded.
In fact, we have a few clients who wish to remain anonymous and have chosen to provide a non-traceable account name and use an email address that is specific to Seraf. This limits a hacker’s ability to track down the individual investor.
Security is a process. No website is ever 100% secure, and we regularly review our own practices to try to improve where we can.
Please note that the Seraf Help Center is supported by a different platform, and as such, will not have the lock box before the URL.