Hosting and liquidity integration: How was last year? FinanceFeeds investigates with PrimeXM
PrimeXM examines how many companies chose MetaTrader 4 and 5 last year, as well as where brokers chose to host their services and what liquidity access was provided. Additionally, a look at preventing DDOS attacks and how to structure hosting and integration shows that 2017 was a secure year for brokers with third party technology solutions
As the ubiquitous MetaTrader 4 platform enters its twilight hour, the baton will be handed over to its successor, MetaTrader 5, and whilst support and service will remain for existing firms, last week’s announcement by MetaQuotes clearly demonstrates that after some fourteen years, MetaTrader 4 will soon be regarded as a legacy system.
This represents a very large scale event in the lifetime of retail FX brokerages, and is especially important to those which rely solely on third party solutions, however whilst the focus on MetaQuotes market dominance and ubiquity has been sharp and concentrated for well over a decade, indeed ever since the influx of literally hundreds of smaller retail firms which stood apart in their business model and market entry strategy from the large establishment with proprietary systems, there is far more to brokerage infrastructure than simply the client platform and server.
For many retail brokerages, dealing operations and risk management are the mainstay of the internal functionality, and sales and marketing the largest consideration for non-operational staff.
As a result, a very often overlooked consideration is how secure the trading system is from cyber attacks, and from information leakage.
Speaking today to senior management at PrimeXM, the firm explained that preventing malicious attacks on brokerage infrastructure from the outside has been a paramount concern.
In September last year, the increase in distributed denial of service (DDOS) attacks on retail brokers was the subject of investigation by FinanceFeeds, and something to be wary of, especially from within the boardroom of retail FX brokerages toward whom these have been directed.
In that particular instance, one of the channels via which the attacks have been distributed is via ancillary services such as VPS providers, once again highlighting the need for brokerages to ensure that they form partnerships with only the very well recognized firms in the industry that are specialists and understand how to develop their topography as well as their support and protection systems in a way that is completely tailored toward the infrastructure used within retail FX brokerages and its connection to the outside world – usually liquidity providers and automated trading systems.
Due to the hosting of PrimeXM’s systems within their own server infrastructure, the firm provides comprehensive DDOS protection which it offers free of charge to its enterprise clients, and whilst 2017 was a year in which several DDOS attempts were made, PrimeXM has confirmed that it protected all of its clients against them all.
FinanceFeeds is aware of one particular firm which promises to host an entire MetaTrader 4 terminal and its externally developed EAs (!!!!) on one virtual server, however its owner is not experienced in how to structure critical partnerships with bona fide companies within the electronic financial services sector and in desperate attempts to offload the entire loss-making company to anyone whatsoever, strikes up partnerships with fraudulent HYIP operators with very little system security – let alone the potential damage that can be done to customer trading accounts.
One particular VPS programmer that FinanceFeeds approached in September last year explained “We see and deflect DDOS attacks on clients every day. We saw a big one on Friday aimed at a client of ours, and currently we continue to deflect and mitigate it for them. Brokers are attacked every day, and this has become commonplace for our industry now.”
Also in September last year, Japan’s Hirose FX experienced a DDOS attack. The services affected included the corporate website, as well as Hirose FX’s trading tools, such as the LION FX platform. Logging into the platform and accessing the website was hampered for more than an hour on Monday morning. The services were restored at 11:28.
Other online trading companies have been targets of DDoS attacks too. On June 29, 2017, Japanese retail Forex broker Kabu.com Securities, a subsidiary of Mitsubishi UFJ Financial Group Inc (TYO:8306), said it had fallen victim to a DDoS attack. The cyber attack also happened in the morning. The cyber attack targeted the website of the company, which was unavailable for about 36 minutes.
Also in June, Canadian brokerage Questrade said it was a victim of a DDoS attack, which affected the normal work of its platforms. The company noted that this was not a ‘hack’ and no personal information had been compromised. Early this month, Questrade sought to bolster the security of its customer accounts by introducing a Last login feature. Thanks to this addition, whenever traders log in to their Questrade accounts, they can check information about the last login to their account, such as date, time, and device/browser.
Other companies, such as Saxo Bank, have also aimed at beefing up their safeguards against cyber attacks. In July this year, Saxo said it was making adjustments on how the SaxoTraderGO platform is exposed to the external world. With regard to that, Saxo said it was moving from a reactive to a proactive protection setup, meaning that its service would be presented at a new IP address.
Cyber problems are a costly matter (in financial and reputation terms), as proven by the issues at GMO Payment Gateway Inc (TYO:3769). It took about two months for the websites of two of the clients of GMO Payment Gateway to recover and resume work, following a security breach and a data leak. Preliminary estimates have indicated that the number of “units of information” leaked through the Tokyo Metropolitan Government website was 676,290, including 614,629 email addresses, 61,661 credit card numbers and credit card expiration dates.
Speaking this morning to George Swann, Global Head of Networks at PrimeXM, the consensus was
“DDoS attacks are becoming increasingly common and we offer Tier-1 DDoS protection to all our clients which ensures continued service.”
Connecting to Tier 1 liquidity and non-bank market makers
Looking at trading topography purely from a hosting perspective, PrimeXM has experienced a 203% growth in the number of FX brokers that host with the firm during 2017 compared with 2016.
Within the company’s client base, 55% of brokerages are selecting Equinix’s LD4 datacenter which is located in Slough, approximately 22 miles from Central London’s ‘Square Mile’ financial district.
Aside from that, 25% of the firm’s customers are hosting in New York’s NY4 Equinix datacenter and 20% at Tokyo’s TY3 Equinix datacenter.
In terms of latency reduction, PrimeXM considers that it has dedicated connectivity to over 300 liquidity sources, all of which connect via the firm’s XCore system and include Tier 1 banks, non-bank market makers (ECN) and exchanges with market access in microseconds.
During a recent meeting with FinanceFeeds, a senior member of PrimeXM’s executive management team explained “The truth is that we have always been positioned close to all the major liquidity providers as we have chosen premium FX data centers as our infrastructure hubs. We host clients’ servers and their XCore in Equinix LD4, NY4 and TY3 in the same suites where all the major liquidity providers are hosted, as our goal has always been to facilitate connectivity and achieve ultra-low latency.”
“This proximity to liquidity providers ensures that there’s no to minimum delays and slippage which allows our clients to create an optimal trading experience for their clients” he said.
MetaTrader’s product range remained dominant during 2017, with 88% of PrimeXM’s customers using the firm’s infrastructure to host their trading system around the MetaTrader 4 and 5 platforms, and 12% for other platforms.