| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

Security

Your data is safe with us

Your trust is very important to us and data security for us is a matter of trust. To ensure that you feel safe when you visit our website, we observe very stringent cyber security practices.

SOC 2 Type II

BondbloX has been independently audited against SOC 2 Security, Availability, and Confidentiality Trust Services Criteria (TSC) by E&Y. This examination affirms our commitment to and maintenance of the highest levels of information security, availability, and confidentiality of our internal infrastructure, controls, and care to customer data.

SOC 2, a benchmark examination established and maintained by the American Institute of Certified Public Accountants (AICPA), encompasses SOC 2 Type II—a custom-tailored report designed for our offerings in the financial technology sector. This report assesses controls related to security, availability, confidentiality, privacy, and overall processes. By meeting and surpassing the AICPA's expectations as a service organization, the report underscores our commitment to excellence.

Communication & Security

BondbloX makes use of TLS/SSL to encrypt communications between our Web & Mobile apps to the backend services. We scan our web & mobile applications regularly for any vulnerabilities and resolve issues on a priority basis.This keeps you safe from attacks like Man-in-The Middle.

We partner with the Best!!

We are partnering with Amazon AWS and Stripe, which are some of the most respected names in the industry when it comes to data and payment security. We also follow with the industry best-practices and ensure that we are in accordance with any changes and updates.

AWS also maintains the following certifications: GDPR, ISO 27001, SOC 1/2/3 etc.

Privacy

Your privacy is of utmost importance to us. We don’t collect more than we need. We have put strong security measures in place to safeguard your personal data. We collect and process your personal information only as per the requirements of PDPA.

The best part – We do not share your data without your consent…ever!!

Authentication & Authorization

To build reliable and distributed security architecture at BondEvalue we used OAuth2, OpenID Connect and JSON Web Tokens (JWT) which are industry standards for security, authentication and authorization.

Development and API access is protected using dedicated Account and/or User tokens for secured identifications and authorization of the requesting party.

Security Awareness & System Management​

The BondbloX Bond Exchange is established and operated by Bondevalue Pte. Ltd ("BondEvalue"). BondEvalue is regulated by the Monetary Authority of Singapore as a Recognised Market Operator ("RMO") and exempted from Section 49(1) of the Securities and Futures Act (Cap. 289) ("SFA") under Section 49(7) of the SFA.

Your platform security and protection is BondEvalue’s primary concern. We continually strive to provide a high standard of security for our platform and services and find new ways to improve. In this page, we have provided helpful security awareness tips to educate you on the many ways to maintain a smart and safe user experience.

User ID & Password Management

  • Keep login credentials (user IDs, passwords, and any security devices) confidential and in a safe place.
  • Please set a password with at least 10 characters.
  • Do not keep written login and password information in any place where others can view or access.
  • Choose complex passwords. Remember the longer the password, the harder it is to break.
  • Always use a unique combination of upper case, lower case, numbers, and special characters.
  • Change your password periodically.
  • BondEvalue or its representatives will never ask for your login credentials.
  • Do not reveal your one-time password to anyone.
  • Do not store your passwords in the browser or mobile device

Computer System Security

  • Clear your browser cache after each online session to ensure that any sensitive data is purged from the browser.
  • All computers and networks should be equipped with updated and reliable Antivirus, Malware, and Spyware detection software.
  • Set your antivirus software to automatically update to the newest version so the software’s list of viruses can stay current. The automatic update option can usually be found in the software’s configuration settings.
  • Use the antivirus, malware, and spyware software to scan emails.
  • Beware of unusual system performance, such as program failures, multiple browser window popups, or random computer restarts, which could indicate that someone is attempting to take control over your computer or mobile device.
  • Keep your computer Operating System (OS) current and updated.
  • Always verify the origin of the software that you are installing and do not install it if you are unable to do so.
  • Please avoid using public computers like internet kiosks or internet café as they may be infected with malicious software like viruses or trojans.

Suspicious Websites, Emails, Advertisements or Pop-up Windows

  • Hackers may send fraudulent emails to attempt to get you to reveal your usernames, passwords, or other information such as account numbers. Delete junk or chain emails, and do not reply to the emails with your information or open the attachments.
  • Before entering your BondbloX username and password, you should always ensure that the website is a BondbloX website. You can verify this by checking the website address which should show bondblox.com.
  • This is to ensure that you are not revealing information to a website that may have been spoofed.
  • You can also verify the authenticity of the website by clicking on the padlock icon on the BondbloX website. This can be found next to the search bar of your browser.
  • This means that the website is verified by a third party and is secure.
  • If at any time you see a similar warning, do not proceed with the website. Contact us at bondblox@bondevalue.com for further assistance.

General Best Practices

  • Review the transaction statement promptly and carefully.
  • Only divulge personal information to someone if you are positive of their identity and only if you initiated the contact.
  • Please log out of the trading application when you are done. Closing your browser without logging out may allow the next person to use your computer to access your account.
  • Backup your information regularly to prevent loss of information and consider the use of encryption technology to protect sensitive or critical information.
  • If you are printing your account statements or account information using a shared printer, please collect your printout immediately.
  • Shred all documents containing personal information.
  • If you suspect your BondbloX account has been compromised, please change your password, and notify us immediately. You can contact us at bondblox@bondevalue.com.

Identifying & Reporting Phishing Email

  • Phishing is a cybercrime where a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details and passwords.
  • The information is then used to access important accounts and can result in identity theft and financial loss.
  • Here are a few steps to identify and report any such emails and stay safe from them:
    1. Too Good to Be True - Lucrative offers, eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, some may claim that you have won an iPhone, a lottery, or some other lavish prize. Just do not click on any suspicious emails. Remember that if it seems too good to be true, it probably is
    2. Sense of Urgency - A favourite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it's best to just ignore them. Sometimes, they will tell you that your account will be suspended unless you update your details immediately. Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet. When in doubt, visit the source directly rather than clicking a link in an emai
    3. Hyperlinks - A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different, or it could be a popular website with a misspelling, for instance www.bankofarnerica.com - the 'm' is an 'r' and an 'n', so look carefully
    4. Attachments - If you see an attachment in an email that you weren't expecting or doesn't make sense, don't open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file
    5. Unusual Sender - Whether it looks like it is from someone you do or do not know, as long as it seems out of the ordinary, unexpected, out of character or suspicious, don't click on it
    6. If you have received an email supposedly from BondEvalue or BondbloX which you are unsure about, you can send your queries to:
  • Also, if you know the sender, then contact and inquire with the sender to see if they indeed sent out that email.
  • If you ever suspect that your BondbloX account has been compromised, please change your password immediately and notify us using the above means.
Registered office: 8 Marina View, #43-062 Asia Square Tower 1, Singapore 018960
© Copyright BondbloX 2024, All Rights Reserved.