CASHA Security Features

We take the security of your account very seriously
Our top priority is to ensure that your information is well protected and that your account remains secure. To achieve this, we have implemented a range of robust security features. We understand the importance of safeguarding your data from potential threats such as fraud, hacking, phishing, and identity theft attacks. Rest assured, our security measures are in place to provide you with peace of mind and protect your account from any unauthorized access or compromise.
User's Account
During Registration/login
  • User must verify their email address after the first login.
  • 2FA is mandatory after registration (token-based like Google Authenticator), and for each login
  • Password standards are established to enforce minimum length and complexity requirements
While using the product
  • 2FA is mandatory after registration (token-based like Google Authenticator) and for each login
  • MFA is required to perform a redeem/withdrawal and deposit/acquire.
  • Logout timeout settings (Sessions are automatically terminated after 5 minutes of inactivity unless specified otherwise by the user account.)
  • Changing your password will put your account on a 5 day security hold/review
  • Email confirmations are sent to the user for both redeems and deposits.
API
  • Advanced API key permissions
  • MFA/2FA confirmation is required to create and edit keys.
  • Users will receive an email with a confirmation code to be added to the account to enable the API key.
  • Email notifications report logins providing details regarding the time and IP/ device used and include a link to contact CS and freeze your account if you suspect malicious activity.
  • Cryptocurrency addresses formats are validated (prevent the user from setting a wrong address & blockchain combination)
Platform Security Mechanism
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt regular traffic to a targeted server, service, or network by flooding the target or its surrounding infrastructure with Internet traffic. On CASHA, DDoS prevention includes the following

Real-time malicious traffic detection blocks malicious server requests

Leading privacy and performance through encrypted connections with HTTPS TLS 1.3.