Topic: TradeHill – Security Update – Round 1 PCI Compliance / Business Verification etc - page 3. (Read 5178 times)

We've received feedback from users that love not being logged out and more that would prefer the additional security.
We've evaluated the situation and decided to implement logout due to inactivity. Security trumps laziness  
We're coding it in as I write this and it should be live today after extensive testing.



Yankee: thanks for the feedback, more to come.

Yeah - what he said ^^^

Nice, some much needed improvements.

According to the 4 levels of PCI certification, which level are you guys currently following?

You said that you've done network vulnerability scans, what about an annual SaQ? When it asks you if you've secured 'credit card holder data', just replace that with our 'Bitcoins'. lol.

I LOVE TRADEHILL

*closing gox account now*

I'd like to see the site log you out after x amount of time of inactivity.
I've rebooted my system several times and have yet to be prompted for a new password when I go to the site.

TradeHill – Security Update – Round 1 (PCI Compliance)

Immediately after the Mt Gox hack and database leak was announced we shut down our site to provide adequate time for users to reset their passwords. We noticed there were considerable attempts to brute force accounts that had the same user name on Mt Gox and TradeHill. In response we installed a captcha system and auto locked out accounts with too many failed login attempts. To the best of our knowledge this was 100% effective and have not received one email concerning a compromised account on TradeHill.com   

TradeHill is proud to announce that our first round of security upgrades is complete.
We will be continuing to release updates regarding our security and upgrades to TradeHill.com

TradeHill is now PCI Compliant.

We have completed and passed a security audit by Trust Guard the leading online 3rd party website verification service. Trust Guard has searched our site for over 43,000 known vulnerabilities including SQL injection, XSS and many more and performed an ASV certified scan.  This can be verified with the Trust Guard seal on our main page before you log in (when logged in it goes away to avoid clutter).

Our site will be scanned daily for new vulnerabilities and if detected they will be taken care of immediately.

Additionally we have had our corporate contact information (US address and phone numbers) verified to confirm that we are operating in the United States as well as Chile.

User privacy is a very serious issue.
We have updated our privacy policy and are now compliant with:


The Federal Trade Commission Fair Information Practices.

The California Online Privacy Protection Act.

The Childrens Online Privacy Protection Act.

The Privacy Alliance guidelines.

The CAN-SPAM Act.



We believe that this is the bare minimum that an exchange should be operating at.

PCI scanning and putting a seal on your website from Trust Guard, Verisign or McAffe doesn't make you immune to all attacks but it is one step towards a safer exchange and something we should have done a long time ago. 

We are continuing to improve our security and will release updates as information becomes available. At the moment our source code and procedures are being verified by a 3rd party as well and we are working with top names in the security business. We will be happy to release their findings when they are complete.

We are also implementing dual authentication and other security features which will be  announced soon.