Important information for our clients

As of 28 February 2022, TD Ameritrade Hong Kong is closed and will no longer open or maintain accounts. Learn more by visiting the Client Information Hub.

Security Statement

Going to great lengths to protect your information

TD Ameritrade Hong Kong Ltd. takes security very seriously. Security, however, is a two way street. Some security measures, like SSL encryption, an authentication token or user-verification phrase, protect you from would-be hackers. Others, like choosing an obscure personal security question and answer, help us confirm your identity you when you've forgotten your account password.

Some simple security measures can go a long way. For example, changing your account password frequently and closing down your browser window when finished are excellent ways of minimizing your security exposure. Here's a quick summary of the thinkorswim security system:

  • 128-bit SSL encryption: All personal data transactions on the our website are handled with 128-bit SSL encryption (the industry standard).

  • User Verification Phrase: All clients are given a "user verification phrase" when they register. This phrase can only be retrieved by a genuine TD Ameritrade Hong Kong Ltd. representative. Anytime someone asks you for your TD Ameritrade Hong Kong Ltd. account information you can ask them for your user verification phrase. Only a legitimate TD Ameritrade Hong Kong Ltd. representative will know what you are talking about and we like it that way.

  • Personal Security Question & Answer: Should you forget your password we can quickly and easily confirm your identity using your personal security question and answer.


What is SSL?


The Secure Sockets Layer (SSL) protocol, originally developed by Netscape, has become the universal standard on the Web for authenticating Web sites to Web browser users, and for encrypting communications between browser users and Web servers. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate, or Server ID, enables SSL capabilities.

An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet. In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering - that is, for automatically determining whether the data has been altered in transit. This means that users can confidently send private data, such as credit card numbers, to a Web site, trusting that SSL keeps it private and confidential.

SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. 128-bit SSL encryption is the world's strongest: according to RSA Labs, it would take a trillion-trillion years to crack using today's technology. Many banks require 128-bit encryption for online banking because 40-bit encryption is considered to be relatively weak. 128-bits is about 309 septillion times (309,485,000,000,000,000,000,000,000) larger than 40-bits.

Equated to the real world, sending information without encryption is like sending a postcard through the mail - the contents are visible to practically anyone who wants to see it. Using this analogy, 40-bit encryption is like sending the information in an plain white envelope. 56-bits could then be equated to using a security envelope that is printed to prevent it from being see-through.

Relative to these strengths, 128-bit encryption could be compared to encasing your data in a lead-lined, 12-inch thick titanium safe that is being transported by an armored tank with a convoy of a hundred armed guards. We like that.