Security of virtual Currency Exchange

Exchange solution of NEXT-B has the highest value in security and
safety which can protect customers's information and assets.

NEXT-B has been working hard to provide our customers high quality security systems in order to offer an environment in which comprehensive solutions optimized for stable network and precise system design, DB security, server hosting, web server, management (repair, maintenance).

Cryptocurrecy security

The NEXT-B Platform has been consistently inspected by a variety of external, third­party security firms and security test managements to be protected from external invasions.
It has abided by CryptoCurrency Security Standard (CCSS).

Network and access manage

ㆍSSL

Next-B has used safe technological solutions for providing services and implemented physical and personal measures to keep safety, such as hardware cryptocurrency wallets. To protect personal information of customers who hold wallets, All data is encrypted and authenticated through 128-bit SSL technologies. To be more specific, Cryptocurrency wallet data and transaction's are protected by the NAT system, which can block the external network. Because all customers have to access to their wallets and trading services (Web-services) via encrypted(128Bit SSL) packets, the requests for transfers and transactions by customers are stored securely in the database and direct communication with them is completely blocked. Requests for transfers stored in the database can be independently approved only after the authorized administrator checks or confirms the abnormalities with Admin-web systems. But, when even administrators are trying to communicate with the 'wallet data server' on the Admin-Web Systems, Direct access from them is totally blocked due to The API / JSON.

ㆍSeparated authentication

Internal service interaction has been utilized by separated authentication contexts and are not exposed to the Internet

ㆍMain Web Firewall

The main 'web-wallet' is operated in a form that can not be directly accessed from outside. NEXT-B uses a barrier to block and protect 24 hours from unauthorized access and attacks such as DDos outside. Modular approach requires multi-level hacking stages. Log service is isolated and is crucial part of the system, which is part of the monitoring online and offline analysis and intrusion detection for fast reaction. Logs are rotated and backed up on separate encrypted backup module. Firewall provides load-balancing and DDos protection.

ㆍDoS and DDos attacks

NEXT-B has extremely built-in protection against brute force Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. It widely includes activating whitelist/blacklist management controls

ㆍPrivate Network

Our securities has been operated in a high quality private network, so it could be kept in high-level.

ㆍLogin and account protection

For your security, NEXT-B requires a password of sufficient strength. NEXT-B recommends that customers use very strong passwords and to avoid the use of commonly used character strings. Based that the customers's password is encrypted (MD5) and stored in the database when signing up for membership. After signing up with basic information, Personal information is kept through OTP authentication(e-mail authentication, phone number authentication, ID certificate authentication). In the e-mail authentication step, a personalized hash key is sent to customers(users), which is used for personal identification. If they loses his or her password or personal information, via registered information, they are allowed to reset their password after authentication.

ㆍTwo-step authentication

With Google Authenticator, the OTP system using a two-factor password certification procedure(Two-step authentication) is applied to log-in /customer information change / deposit / withdrawal, If the customer's login information and e-mail ID are stolen, it does not cause actual damages. Using the cookie information used for normal login of the user's device, We can store the customers's logged-in IP / access area / operating system type in the database, and can allow only them to access to it. If passwords of them are required with different device connections or incorrect information, we immediately notify the customer by e-mail.

ㆍLogin history

Everytime you log in to NEXT-B, a confirmation email would be sent to your registered e-mail address from NEXT-B. It includes the IP address, date, and time of log in. You can check in the event a third party logs in to your account, you can immediately be aware of that.

Data security

- Whether in transited or not, all sensitive user information and data are encrypted.
- We alwayes take specific and specialized in setting protections in force to prevent unauthorized account activity, including unusual withdrawal requests.
- All data with real-time synchronization, database's backup separately occurs every 5 minutes, all transaction details of the customer are recorded in a separate text log file.
- Multi-Signature is the latest in cryptocurrency security measures. Multi-sig requires two or more separate signatures to send cryptocurrency.
- NEXT-B offer customers email notification for all sensitive accesses related to activities such as deposits,withdrawals and order-placing.

In case of hacking of the technological solution

The database consists of a master / slave system, with real-time synchronization, database's backup separately occurs every 5 minutes, all transaction details of the customer are recorded in a separate text log file. Therefore, it is also possible to track data fabrication in databases which is arised from system failures and hacking. As data of the entire customer's cryptocurrency is usually kept on server on the network only for the amount required for operation, thus it is minimizing damages of customer assets even in the worst case that the wallet data server is hacked. In addition, the actual cryptocurrency is 100% separated from the network and stored in a safe in the form of cold backup.

Admin management

ㆍLimited activities

In order to minimize trading risks, NEXT-B provides an impenetrable set of controls for traders with regard to their daily and monthly limitations on activities which present risk, such as the withdrawal limits.

ㆍTransaction monitoring

With leverage of the high advanced monitoring tool “Know Your Transaction”, fraud and suspicious transactions can be inspected with risk mitigated.

ㆍIdentity verification

NEXT-B exchange solution has confirmed customer's identity by requesting customers to upload an image of their proof of identity (i.e. Passport ,Driver's license and National Identity card). A photo with the official proof of identity next to the customer's face must be required in ALL cases.

ㆍSegregated assets from customers's

We always run our soulutions in a way that customer assets, including fiat currency and cryptocurrency, are clearly segregated from NEXT-B's own assets.