Investor Services and Protection
Understand market with protection orders in one minute
Understand market with protection orders
Futures Trading Risk - Trading
  • Order Usage and Product Liquidity
    • Market orders may be executed at any price within the price limits.

      Although it is quick and convenient to use market orders, given that market orders can be placed at any prices within the price limits, the execution price of a market order may largely deviate from the last traded price or the quoted price disclosed at the time the order is placed; furthermore, the deviation scale may exceed the trader’s expectations.

    • Market with protection orders can effectively prevent the execution price from deviating from traders’ expectations.

      A trader placing a market with protection order does not need to designate a price, but still can limit the execution price to within a certain range, which decreases the occurrence of unexpected significant execution price deviations due to lack of liquidity or order book imbalance. Traders may consider replacing market orders with market with protection orders.(Understand market with protection orders in one minute)

    • Futures market participants should be aware of liquidity risk when the spot markets are closed.

      When a trader engaging in futures trading when the spot markets are closed, the trader should, before placing orders, pay attention to the order book status and avoid placing market orders; as the liquidity risk during such period is normally higher.

      Using domestic equity futures and options as an example, the spot markets are not open from 08:45 to 09:00 and from 13:30 to 13:45 during TAIFEX’s day sessions and are closed throughout TAIFEX’s night sessions, during which the product liquidity is often lower, leaving a fewer number of bids and asks in the order book. Traders should be aware of the liquidity risk of such products. Also, the liquidity is lower for foreign equity index futures when their spot markets are closed, for instance, TAIFEX’s TOPIX Futures may be less liquid when the JPX is closed.

  • Options trading
    • Please note that the maximum loss for buying options is the entire premium paid.

      When buying call options or put options, the buyer’s maximum loss is the premium paid plus the trading cost. If the trader cannot bear the maximum loss, that trader is not suitable for buying call options or put options.

    • Please note that the maximum loss for call or put options sellers could be unlimited.

      Option sellers normally bear greater risks than buyers. Although option sellers receive a fixed income from the premium, their losses may exceed the income. If the market goes against the option sellers, they will receive margin calls.

      The option seller may earn a fixed income from the premium when the market follows the original expectation. However, when the trend turns against the expectation, the loss may expand notably, which is different from the option buyer who only suffers a fixed loss. Thus, the option seller may be faced with a higher risk. Using an equity index option as an example, the maximum daily price fluctuation range is ± 10% of the underlying index's closing price on the previous day. In terms of deep out-of-the-money options, the maximum daily price fluctuation can be as high as a thousand times. Thus, the option seller may be confronted with a very high risk and so must ensure good risk management and capital control.

Futures Trading Risk - Clearing
  • When a futures trader engages in futures trading, what are the risk management matters to pay attention to?

    Futures trading is a margin trade that possesses leverage. Leverage may increase profits, but may also result in losses greater by several times. Futures traders engaging in trading should undertake appropriate fund management and set affordable loss-stopping levels, so as to better prevent losses arising from drastic market price movements that exceed their financial capability.

    In order to secure performance commitments in the future and protect the rights and interests of both parties, futures traders are not only be obligated to pay margins, but also keep additional funds to maintain margins. Therefore, traders engaging in futures trading should fully understand changes in account equity. When account equity falls below the maintenance margin requirement, traders must make up the shortfall of the equity to the initial margin requirement. Furthermore, futures traders also need to be aware of changes in the risk indicator during trading hours. When the risk indicator falls below the liquidation ratio agreed upon with the futures merchant, the futures merchant will execute the liquidation operational procedures on behalf of the trader.

    Futures traders are advised to pay sufficient margins in order to assume the volatility risk of market prices and prevent their positions from being liquidated by futures merchants in accordance with the consignment contract because of late supplementing of margin deficiencies.

  • When and what kind of notification methods do futures traders receive for an intraday notice of risky accounts or notice for after-hours margin call from futures merchants?
    • If a futures trader's equity falls below the maintenance margin requirement of the trader's open position during trading hours, the futures merchant will issue an intraday notice of risky accounts, except for products exempt from liquidation on behalf of a principal designated by Taiwan Futures Exchange in the after-hours session. The futures merchant may notify the futures trader to supplement the shortfall of the equity to the initial margin requirement as soon as possible face-to-face, or by phone, text, email or other methods designated by the futures trader. The futures trader must be aware of changes in equity and the risk indicator at all times. When the risk indicator falls below the liquidation ratio, the futures merchant will execute liquidation on behalf of the trader according to the consignment contract.
    • After daily regular sessions close and clearing is finalized, the futures merchant should issue a notice for after-hours margin calls containing the shortfall amount and deadline to cover up the shortfall to the futures trader whose equity is lower than maintenance margin requirement for open positions face-to-face, or by phone, text, email that has an electronic signature function, or other methods designated by the futures trader. After the futures trader receives the notice for after-hours margin call, that trader should make up the margin to the initial margin requirement before the deadline agreed upon with the futures merchant in the consignment contract. If the margin has not been covered up when the after-hours margin call deadline expires, the futures merchant will start executing liquidation on behalf of the trader according to the consignment contract.
  • When should futures merchants or futures introducing brokers start executing the liquidation operational procedures on behalf of traders?
    • When the futures merchant receives the futures trader’s application to open an account, it states in the consignment contract matters related to liquidation on behalf of the trader. The futures trader should fully understand matters related to the agreement stated in the consignment contract, including the obligation of maintenance margins, conditions under which the futures merchant may execute liquidation on behalf of the trader, and methods through which margin calls are issued.
    • In order to prevent losses from expanding constantly when market movements are unfavorable to positions held by the trader, the futures merchant will start executing liquidation on behalf of the trader in the following situations:
      • When the account risk indicator falls below the liquidation ratio agreed upon with the futures merchant (the risk indicator agreed upon between the futures merchant and the trader may not be lower than 25%).
      • The trader cannot cover up the shortfall stated in the margin call for the previous business day before the agreed-upon time.
  • If the futures trader’s open positions are liquidated by the futures merchant or futures introducing broker on behalf of the trader, what should the futures trader pay attention to?
    • The liquidation profit and loss executed by the futures merchant or futures introducing broker on behalf of the trader will be counted toward the equity in the trader’s margin account.
    • When the futures merchant or futures introducing broker liquidate all positions according to the terms stated in the consignment contract, if there is still negative equity in the trader’s account and the trader fails to pay the shortfall of the margin call in full within three business days, the futures merchant will report that trader’s default according to the regulations.
    • After the futures merchant files a report on trader's default with the Taiwan Futures Exchange and an announcement is made by the Taiwan Futures Exchange, unless there is evidence sufficient to demonstrate that there are causes not attributable to the trader, and the report has been revoked by the futures merchant in a letter to the Exchange, the trader may not open an account to engage in futures trading within 5 years.
  • What are products exempt and not exempt from liquidation on behalf of a principal designated by the Taiwan Futures Exchange in the after-hours session?

    For partial products designated by Taiwan Futures Exchange to be exempt from liquidation on behalf of a principal in the after-hours session, futures merchants do not need to execute liquidation of such products on behalf of traders in the after-hours session. As for products not exempt from liquidation on behalf of a principal, futures merchants must execute liquidation on behalf of the trader regardless of it being a regular session or after-hours session.

    Futures traders may visit the following website of the Taiwan Futures Exchange to check which products are exempt and which are not exempt from liquidation on behalf of a principal in the after-hours session.
    https://www.taifex.com.tw/cht/5/productsExemptedAH

  • Information disclosure of product liquidity

    n order to help market participants understand the liquidity of each contract, after a regular session closes, the Taiwan Futures Exchange will release open positions, 5-day average trading volume and the liquidity indicator of each contract, to serve as a reference of traders.

    Traders may visit the following website to check the liquidity indicator of all products, and should be aware of liquidity indicator related to contracts before placing orders; they should also understand the liquidity conditions of open positions and raise their risk awareness.
    https://www.taifex.com.tw/file/taifex/event/cht/dailyLi/index.html

  • What complaint channels can futures traders resort to when a dispute arises from futures trading?

    All futures merchants and futures introducing brokers provide complaint channels for accepting complaints or reported cases from futures traders; they subsequently inform futures traders of the investigation results of disputes.

    When a civil dispute derives from the trader engaging in futures trading with the company, the trader may seek resolution via the following channels:

    • Apply for mediation to the Chinese National Futures Association.
    • Raise a complaint to the Securities and Futures Investors Protection Center.
    • Resort to arbitration as agreed upon with the futures merchant. For matters related to arbitration, please contact The Chinese Arbitration Association, Taipei.
    • File an ombudsman case with the Financial Ombudsman Institution.
    • Apply for a civil action at a court of appropriate jurisdiction.
Audits on Futures Merchants Q&A
  • When a futures trader receives a call soliciting account opening and futures trading by saying futures trading only needs a little capital but receives a great return, helps you quickly earn a fortune, and that a margin isn’t required, should the futures trader engage in such trading?
    In futures trading, the futures trader should pay the original margin in full, so that the futures merchant will accept the trader’s order. However, normally off-exchange futures trading solicit business by advertising that no margin is required. Futures traders must not be fooled by such tricks. A futures trader intending to open an account to engage in futures trading can do so through a futures merchant or a securities firm engaging in futures introducing broker business. Because these are specially approved businesses, such businesses can only be commenced after approval by the Financial Supervisory Commission and a business permit issued thereby, and the business permit should be hung in the place of business according to regulations. Furthermore, such companies’ names should contain the words “futures” or “securities.” Currently the websites of the Securities and Futures Bureau (https://www.sfb.gov.tw), Chinese National Futures Association (http://www.futures.org.tw), and Taiwan Futures Exchange (https://www.taifex.com.tww) all provide the list of legal futures merchants for inquiry.
  • There is a website claiming, under its partnership with a certain futures merchant, that futures traders may open accounts with futures merchants as a group on the website, so as to negotiate lower fees. Can futures traders open accounts by such means?
    A futures merchant can commence its business only after being approved by the authorities and receiving a business permit issued thereby. The soliciting of business should also be conducted by a futures merchant who has obtained the business permit. Persons not employed by futures merchants may not be approached to engage in futures trading-related business. Traders should directly contact legal futures merchants to open accounts.
  • Is it possible for a futures trader to issue a power of attorney and designate his or her friend to open an account at a futures merchant on his or her behalf if he or she is not able to visit the place of business of the futures merchant to open the account?
    The futures trader intending to open an account over the counter at a futures merchant should visit and make arrangements in person, and may not designate another person as a proxy. If he or she cannot visit the futures merchant to open the account in person, he or she may also apply to the futures merchant for account opening outside the place of business, or open an account by means of correspondence or electronically.
  • If a futures trader applies for account opening outside the place of business, and a futures merchant only designates a specialist receiving trade orders to conduct account opening at the location designated by the trader, is it legal?
    When the futures trader applies for account opening outside the place of business, there are three approaches to be adopted:
    (1) The account opening operations personnel and the specialist receiving orders to trade are both present for handle the business; (2) The account opening operations personnel is outside the place of business, while the specialist receiving orders to trade at the place of business to handle the business is through video conference; (3) The trader issues a statement allowing the futures merchant to conduct the explanation of contract details and risk disclosure by electronic means, and the account opening operations personnel is outside the place of business to carry out identity verification and other relevant operations. If the futures merchant only designates a specialist receiving trade orders to explain risks without the account opening operations personnel being present to carry out identity verification, it does not comply with existing standards.
  • When a futures specialist solicits account opening to a futures trader, but the futures trader rejects it using the excuse of not knowing futures, not even how to trade futures, can the specialist introduce another trader to trade on behalf of that trader?
    Neither can the futures specialist trade on behalf of the futures trader, nor can the futures specialist serve an intermediary to trade on behalf of the futures trader. If the futures trader needs to designate another person to trade on his or her behalf, he or she should do so through a legally managed futures enterprise.
  • If a futures trader intends to engage in futures trading but is unwilling to make it known to his or her families, can he or she request a futures specialist to provide another person’s account for trading?
    The existing futures laws and regulations strictly prohibit futures merchants or their practitioners from providing accounts for trading by futures traders. When the futures trader opens an account, the futures merchant will request that the trader fill in the “account opening application and credit investigation form,” and conduct assessment and credit investigation based on the trader’s age, knowledge, experience, and asset status. Therefore, the futures trader should open an account using his or her own name to engage in futures trading.
  • A futures trader wanted to place an order via phone originally, but changed his or her mind to trade via LINE instead, thinking of the convenience of the messaging app and the lack of a phone charge for transaction. Is that possible?
    In order to protect the rights and interests of futures traders, currently futures merchants are required to make a tape recording of the phone call and retain the record for a year. However, in terms of LINE and other messaging apps, because of a lack of media that facilitates record retention and incorruptibility, and other conditions including comprehensive recurrence, and availability for reading or listening at any time, it is currently not allowed for futures merchants to accept orders via LINE or other messaging apps. Futures traders may not place orders via LINE.
  • After a futures trader opens an account, the specialist offers trading suggestions through LINE messages and then the trader places a phone order according to the aforementioned messages. Is the service provided by the specialist legal?
    The futures merchant or its practitioners are not allowed to provide trading suggestions to futures traders by any means. If the futures trader intends to obtain research and analysis opinions or recommendations on matters relating to futures trading or investments, he or she should contact a legal futures advisory enterprise.
  • Personnel member A of a securities firm concurrently engaging in futures trading business has a securities personnel license but not a futures specialist license. For purposes of growing income and expanding the futures business, can personnel member A accept orders to trade futures from traders?
    Persons not qualifying as futures specialists may not accept orders to trade futures from traders. General futures traders can easily misunderstand that all personnel of the securities firm concurrently operating futures trading business and may accept orders to trade futures from traders. In truth, this is not so. Therefore, when the futures trader contacts any specialist for business for the first time, he or she should notice whether the specialist carries an identification badge to ensure that the specialist is a registered and qualified specialist.
  • After a futures trader opens an account with a futures merchant, considering the rather troublesome procedures of collecting trading reports and statements, the trader intends to request the specialist to collect trading reports and statements on his or her behalf. Is that possible?
    Trading reports and statements are ways to allow the trader to understand trading contents and equity amount. In order to protect the rights and interests of the futures trader, the futures merchant should deliver and send them to the futures trader according to the agreed-upon method stated in the account opening documents, and may not forward them to the specialist or other practitioner as an agent; neither may it send the documents to the permanent address, contact address, or email of the specialist or other practitioner.
  • After a futures trader opens an account with a futures merchant, the specialist sees his or her strong financial background and that the account often has excessive margins, and so proposes to lend his or her funds to other specialists in order to receive interest. Is that legal?
    Current futures laws and regulations strictly prohibit futures merchants and their practitioners from lending to or borrowing from futures traders or acting as an intermediary for such lending or borrowing; futures traders should not lend their funds to futures specialists.
  • A futures trader recently was out on several business trips abroad, and so intended to authorize another person to engage in futures trading on his or her behalf. The trader drew up a power of attorney, which was signed by him or herself and the mandate and then sent to the futures merchant. Can the futures merchant accept such authorization procedures?
    If the futures trader intends to authorize another person to engage in futures trading on his or her behalf, the futures trader and that mandate should carry their identification documents and both be present on the spot to make arrangements, and the account opening operations personnel should check and verify their identities.
  • A futures trader is sick and rests at home, and his or her futures specialist visits him or her after work. The futures trader thought that since the specialist has arrived at his or her home, why not give the specialist the proposed trading contents for the following day on the spot. Is that possible?
    Current practice dictates that when the futures merchant and futures introducing broker receive orders to trade futures from the futures trader, the specialist should conduct the trade within the place of business. Therefore, when the futures trader cannot place an order face-to-face over-the-counter, the order can be placed via phone or internet. Such order methods require record retention according to the laws in order to protect the rights and interests of futures traders.
  • If a futures trader doesn’t know at what price he or she should place the limit order, should he or she directly place a market order?
    A market order is an order placed at unlimited price. A deviation may be derived from the trading price of the market order and the market trading price disclosed at the time the order is placed or the quoted trading price; furthermore, the deviation scale may exceed the trader’s expectations. Therefore, the futures trader should think carefully before placing a market order. In addition to limit orders or market orders, currently, orders can also be placed in the form of market with protection orders. Market with protection orders are bid/ask orders without a fixed price. When Taiwan Futures Exchange's trading system accepts such a bid/ask order, it takes the best bid/ask limit order price at that moment as its base price. A buy order has a protection price limit equal to the base price plus a certain number of protection points. The order may be transacted at a price less than or equal to that protection price limit. A sell order has a protection price limit equal to the base price minus a certain number of protection points. The order may be transacted at a price greater than or equal to this protection price limit. However, if there is no corresponding bid/ask order available, the order will be rejected.
  • If a futures trader intending to place an order online discovers that no orders can be placed online on that day, what should the futures trader do?
    Currently, when the futures merchant has an irregular situation arising from the online order placement system, it will announce the irregularity on the homepage of its company website and the online order placement webpage. Regardless of the irregularity on the futures merchant’s online order placement system or the information device or internet issue on the trader’s side, the trader can switch to placing orders manually, such as in writing, by phone, telegram, fax or face-to-face.
  • If a futures trader hasn’t agreed upon his or her own deposit account with a futures merchant, can that trader directly use an automatic device (ATM, internet or phone recording tools) to transfer the funds in his or her own deposit account and deposit them to the trader's margin account designated by the futures broker?
    In order to protect the security of margins and premiums deposited by the futures trader, and facilitate the identification of the source of funds transferred to or deposited in the trader's margin account by the futures trader through an automatic device or by visiting the financial institution, before the futures broker accepts the futures trader to transfer funds to or deposit funds in the trader's margin account designated by the futures trader using the automatic device, it should reach an agreement with the futures trader that no currency will exceed three deposit accounts of the trader.
  • When a futures trader opens an account at a place of business of a securities firm concurrently operating a futures introducing broker business, all funds received are deposited into the futures merchant’s trader’s margin account. Should the trader only file an application for withdrawal with the futures merchant?
    The futures merchant may also mandate a futures introducing broker to accept applications for margin withdrawal by the futures trader. The futures trader may also check with the securities firm whether the futures merchant has mandated such business. If yes, the application may be filed with the securities firm in writing or by phone.
  • When a futures trader receives a high-risk notice from a futures merchant during mid-session, if the futures trader fails to make up the margin and the account risk indicator falls below the regulations governing futures merchants, can the futures merchant carry out forced liquidation?
    If the futures trader’s equity falls below the maintenance margin required for such trader's open positions, the futures merchant will issue a high-risk-account notification. However, when the account risk indicator falls below the regulations governing futures merchants (the risk indication may not be lower than 25% according to the regulations governing futures merchants), the futures merchant will close all positions of the futures trader’s products during mid-session.
  • When a futures trader engages in futures trading, he or she will deposit a margin into the trader’s margin account in the bank set up by the futures merchant. Because such account keeps margins of all traders, if another trader’s equity is negative, will it affect the trader’s margins?
    According to current law, when the futures trader has negative equity, in order to avoid sharing another trader’s margin, futures merchants should make up the shortfall using its required capital on that day.
  • When a futures trader’s positions are forced to be liquidated by a futures merchant, the trader’s equity in the margin account becomes negative. If the futures trader fails to make up the shortfall within three business days and the futures merchant files a report on default with Taiwan Futures Exchange Corporation, will that futures trader no longer be able to engage in futures trading?
    When a futures trader’s default has been reported, not only is that trader not allowed to open an account or take positions on the futures market, but he or she also may not open an account on the securities market, or trade and subscribe securities. The aforementioned restrictions are the prevention mechanisms of these two markets. If the trader repays it in the future, the futures merchant can instantly report a case closure to TAIFEX, and so the futures trader can no longer be subject to the aforementioned restrictions regarding engaging in futures or securities trading.
E-trading Risk Information
  • Safeguard your information on computers and mobile devices.
    • Firewall

      The main function of an internet firewall is to block hackers attempting to access your computer or mobile device through the internet. Hackers try to access your computer or mobile device in order to destroy files in your computer or mobile device, steal stored data, or control your computer or mobile device without your permission, or even use your devices as a springboard to attack other internet-connected devices.
      Tips for enhancing information security:

      • Install anti-virus software and update virus definitions regularly.
      • Install a firewall (software or hardware) and as a principle set the default policy of forbidden exception for opening and minimum access.
      • Set a strong password or use biometric recognition (such as fingerprint).
    • Password

      Using an easy-to-guess password is as dangerous as opening your door and inviting the thief to come in. Even if the thief does not steal anything, your personal information will still be seen.
      Tips for enhancing information security:

      • Do not tell you password to anyone.
      • Do not write down your password.
      • In principle, use a password that is not easy to guess with more than 6 characters and containing a mixture of uppercase and lowercase English letters, numbers and symbols, and change your password regularly.
      • Change the password immediately once you suspect that someone may know it.
    • Software update

      Some security loopholes are normally found after software (especially operating systems, such as Windows, iOS, Android, Linux, etc.) is run for a period of time, and such loopholes are weaknesses most easily taken advantage of by hackers. Therefore, software manufacturers (especially prestigious ones) will write updates or patches to correct these issues.
      Tips for enhancing information security:

      • Be aware of software updates and reminders.
      • Do not use pirated software or software from unknown sources.
    • Viruses

      Technically speaking, a virus in a computer or mobile device is an executable program that is able to self-replicate and spread through emails, transmitted files, social networking software, games, and any files downloaded from the internet. A virus may cause damage by means of destroying hard drive files, reformatting computer hard drives, slowing down efficiency, or opening up new browser windows or ads constantly while users surf the internet, to an extent that system resources of the computer or mobile device are fully consumed.
      Tips for enhancing information security:

      • The no. 1 rule to keep viruses away from your computer or mobile device: Install anti-virus software and update virus definitions on a regular basis.
      • Do not visit unknown webpages, website links, emails, or unknown links from various social networking or messaging software.
      • Do not use software of unknown source.
      • Do not use portable media of others or of unknown source.
    • Secure operating environment

      Although computers and mobile devices are machines, a good and comfortable operating environment can prolong the useful life thereof and reduce the chance of breakdown.
      Tips for enhancing information security:

      • Computers and mobile devices should be used in a dry environment, and users should avoid using them in a hot, humid or dusty environment.
      • Ensure that the connected cables or electric wires of the computer and other peripheral devices (such as printers) are not untidy or intertwined; especially pay attention to the number of plugs on a single wall socket.
      • Avoid placing beverages or containers filled with water or food near computers or mobile devices.
    • Data backup

      When the data storage capacity of a computer or mobile device is large, more data is stored therein. Users are subject to the risk of not being able to retrieve data when the storage device suddenly can no longer be used, the system breaks down, or the data are infected by viruses or files are encrypted by hackers (for ransom). Thus, backing up files on a regular basis is important.
      Tips for enhancing information security:

      • Duplicate important files to storage media other than the local computer hard drives, i.e. CD/DVD or internet-based storage drives. Such external storage media should be prevented from being connected to the internet regularly.
      • Back up important software in case the original software is damaged.
      • Test whether the data backup is effective on a regular basis.
      • Be mindful of the environment where external storage media are kept; for instance, you might use a damp-proof case that can be locked/unlocked with a key.
      • When computers or mobile devices are to be sent out for repair, you should delete personal confidential data in such devices and contact a credible repair shop to ensure personal data security.
  • Protect personal data and privacy
    • Cookie records

      Cookies are files established from the websites you have visited which store browsing information and provide a smoother internet user experience. After you activate cookies, the website allows you to remain logged in, remembers your preference setup for the website, and provides contents related to you and your location. When you visit the same website again in the future, cookies are used to identity you; that’s why sometimes when you visit some websites, their webpages always display your name, and even automatically notify you of content that may be of your interest. Although this will not lead to a direct damage to the computer system, it may give rise to a concern about infringed privacy for users who put a strong emphasis on privacy.
      Tips for enhancing information security:

      • Restrict cookies by changing the browser security settings.
      • Delete cookies on a regular basis, or use private/incognito mode while browsing websites.
    • Privacy

      Man people carelessly leak personal information on the internet, such as by filling in a questionnaire, enrolling in a drawing, or applying for membership. There are also many hackers or unscrupulous merchants who resort to false pretexts of filling in questionnaires or enrolling in internet drawings and providing giveaways to take your personal data.
      Tips for enhancing information security:

      • Before leaving your personal data on any internet site, you should read the website’s “Privacy Protection Policy” first.
      • Do not enter your important personal data or leave important financial data on a website that you have not heard of, or one you are visiting for the first time.
      • Deactivate the function that automatically syncs data (photos) from computers or mobile devices to cloud drives.
    • Public access

      While using a public computer to surf the internet at locations such as a library, company office, hotel, internet cafe, or airport, or even when using a roommate or friend’s computer, be sure to check whether the data keyed in during usage are “stored” in the public computer, which would leave you exposed to the risk of leaked data being used by persons with bad intentions.
      Tips for enhancing information security:

      • While using a public computer, you should be especially careful about people sitting or standing beside you, because they can easily see any of your account numbers, passwords, or other data you key in on the computer screen.
      • Never click the browser's “remember password” option.
      • After you finish using the public computer, you should close the web browser and delete the browsing records (history) and cookie data before leaving. If you have logged in to an internet service (such as email), you should “log out of account” before closing the browser.
      • You should try to avoid using public computers to log in to internet services, use personal electronic certificates, or key in data with high finance-related sensitivity. The reason is that you cannot confirm whether a public computer has been installed or implanted with an automatic screen recording program by persons with bad intentions.
      • If you frequently use public computers, you should change your passwords more frequently.
    • Spam email

      Electronic spamming (normally referred to as spamming) refers to electronic messages being sent in an abusive manner. These are mostly advertisements. While the most common condition is email spam, spamming also exists on internet forums, online classified ads, blogs, Wiki, and search engines, mobile devices and messaging software. Although email spam still cannot be fully blocked, a number of simple ways may help reduce the possible trouble caused by spam.
      Tips for enhancing information security:

      • Never reply to email spam, because the email spam distributor will know that your email box is effective.
      • Do not open or click electronic information spam.
      • Do not reply to email spam advertising products.
      • Use email spam filtering software.
    • Spy software

      Spy software is similar to a virus; it slips into your computer or mobile device system without alarm and hides its trail, then it transmits your information to a specific counterparty over the internet without your permission or knowledge. Spy software often get installed in the user’s computer or mobile device accompanying free downloaded software programs, or via channels such as peer to peer file sharing, or it directly hides in mobile devices of unknown source or is imported without undergoing inspection and verification by the NCC. This is an act that infringes personal privacy.
      Tips for enhancing information security:

      • Before downloading free or shared software, you must carefully read all information related to that software.
      • Avoid downloading software of unknown source through P2P programs or other channels.
      • Avoid using mobile devices of unknown source or imported without undergoing inspection and verification by the NCC.
      • Avoid arbitrarily enabling access to the mobile device (enhancing root access, which is regularly referred to as rooting) or using a springboard or virtual private network to disguise the destination and origin.
  • Use all services on the internet securely
    • Internet defamation and internet bullying

      Issuing a statement to harm the reputation of others or insult others is a public criminal offense of slander or defamation. Because of the internet’s features, such as high speed, mass broadcasting, low cost and high anonymity, defamation or bullying via the internet causes greater harm. If statements transmitted online violate laws or regulations, those issuing such statements should also be brought to justice.
      Tips for enhancing information security:

      • Be sure to issue a statement online only after carefully considering it, even in the case of simply clicking “like.”
      • Do not forward or send unverified internet rumors or emails arbitrarily, and do not arbitrarily criticize internet rumors, either.
    • Social networking and instant messaging software

      Using social networking or instant messaging software to contact people has become the most common communication method, such as sharing on social network groups, blogs, services and sales of social networking corporate customers, YouTubers, and online streaming. Although it is convenient, if there is no protection for the personal data stored in your computer or mobile device, using such tools can cause a hidden crisis to information security.
      Tips for enhancing information security:

      • Do not accept files or click links transmitted through social networking or instant messaging software arbitrarily.
      • Do not transmit personal data or a company’s confidential data through social networking or instant messaging software.
      • Make sure to verify and re-confirm requests for assistance, donation, or questionnaires transmitted through social networking or instant messaging software.
      • Do not accept a stranger's friend request.
      • Install anti-virus software and firewall.
      • Avoid discussing important information or sharing files through instant messaging software (Line, WhatsApp, WeChat...) as much as possible, and avoid adding contacts of unknown background in order to avoid subjecting yourself to risk of social engineering fraud.
    • Intellectual property rights

      Based on the agreed-upon standards of intellectual property rights in Taiwan, a work must contain originality of a certain degree or higher to become a target under the protection of the Copyright Act. Nevertheless, the prevalence of the internet makes it easier for intellectual property rights of digital works to be infringed.
      Tips for enhancing information security:

      • Both users and providers of internet content must understand acts in violation of the Copyright Act, including such acts as: Using unauthorized images, plagiarizing the works of others, sharing music files peer-to-peer, etc.
      • When your website uses words, images, photos, or other content from other websites, you must obtain permission from the counterparty so as to avoid infringing upon the trademark right or copyright of those websites.
      • For more concepts related to intellectual property rights, please refer to the website of the Intellectual Property Office, Ministry of Economic Affairs.
    • Phishing and internet fraud

      Hackers may make fake webpages of known websites or online payment webpages and send fake emails, texts, or app-enabled push messages in the name of such websites to trick you into opening emails titled “system update, please check your account,” “please change your password,” or “account shut down, please reactivate online,” or into clicking links that you may be interested in; such messages are nearly identical to those from known websites, only the link leads you to a fake webpage. In a minor scenario, users are deceived to logging in to the fake website and personal data are stolen; in a serious scenario, your financial information, such as credit card number, online payment information, or bank account are stolen or a backdoor program is implanted to steal control over your computer or mobile device.
      Tips for enhancing information security:

      • Do not use the link provided in emails, texts, app-enabled push messages, or social networking software because the link you see may be different from the actual link. You are advised to key in the link instead.
      • Act after seeking proofs in all things so as to reduce the chance of being deceived.
      • If you have doubts, visit the 165 anti-fraud website to help you make good judgments.
    • Wireless (WiFi)

      Hackers may access the WiFi at your home through a computer or mobile device while being outside your home, or may connect to the activated mobile hotspot on your mobile device. With the addition of some devices and free malicious attacking programs, hackers can easily hack your computer system or mobile device, or even implant a backdoor program.
      Tips for enhancing information security:

      • Activate anti-virus software and firewall.
      • Do not connect to unknown wireless access points arbitrarily. Because after you connect to the wireless access point, any messages keyed in through computers or mobile devices, or data of website visits and access, can possibly be stolen.
      • When you activate the WiFi function, switch off DHCP automatic designation of IP address and hide SSID.
    • Social engineering

      Social engineering takes advantage of human weakness and applies simple communication and fraudulent skills to obtain account numbers, passwords, ID card numbers, financial data or other confidential and sensitive data, in order to penetrate your information security protection, thereby conducting unlawful access and damage.
      The most common social engineering attacks are:

      • Using texts, social networking or messaging software, or emails to trick users into logging in to a fake website in order to steal account numbers and passwords; an example is phishing.
      • Using texts, social networking or messaging software, or emails to trick users into opening files or images, in order to implant malicious programs and collect confidential and sensitive data secretly.
      • Using the provision of software and videos as bait to trick users into downloading fake patches, P2P download software, software tools or popular videos and use the opportunity to implant malicious programs and collect confidential and sensitive data secretly.
      • Pretending to be your friend, IT personnel, outsourced maintainer or personnel at a superior unit to use the opportunity to obtain account numbers and passwords through deception.

      Tips for enhancing information security:

      • Be highly aware regularly and do not provide data without confirmation.
      • Do not open emails and attachments from unknown sources.
      • Do not link to and log in to unconfirmed websites.
      • Do not download unlawful software and files.
  • Place orders on the internet securely
    • Certificates

      Certificates are actually a set of digits made up of alphanumeric characters generated by computers. They can be imagined as an electronic stamp and often exist in the form of chip cards and flash drives. Through trading instructions facilitated by application software on the internet order placement webpage, emails or documents, certificates may conduct mathematic computing and then generate “electronic signatures” to serve as a “signature” function. In contrast with traditional handwritten signatures, the affixation of seals, or written documents, which grants an “undeniable” legal effect to the documents, an electronic signature uses a certificate issued by a third party institution to produce an “electronic signature” in an “electronic document” to achieve the “undeniable” effect to the signatory. According to the Taiwan Futures Exchange rules, electronic documents, such as orders, order reports and trading reports, between traders placing orders online and futures merchants should be signed using certificates issued by certificate agencies.
      Tips for enhancing information security:

      • Electronic certificates protected by the law should be those electronic certificates issued by certificate agencies announced and approved by the Ministry of Economic Affairs. Currently issuers of certificates commonly seen trading on the futures market include TAIWAN-CA. Inc. and Chunghwa Telecom Public Certification Management Co., Ltd.
      • Only apply certificates within the applicable range (such as online order placement, opening trading reports sent via email, and filing of tax refunds online) defined by electronic certificates.
      • Certificates are similar to the chop used for your bank account. Make sure to safeguard certificates exported as copies and prevent them from being installed and used under false pretenses by others, even by people commissioned by you.
      • Devices or media that carry certificates should have proper protection measures in place.
      • Every certificate has an effective deadline. Pay attention to the expiration date of the certificate and renew it before expiry.
    • Disputes over online order placement

      Traders should have a basic understanding about the procedures of transmission of electronic messages for online order placement before placing orders online. An example of successfully engaging in a futures trading order on the computer: before an order is sent out, trading data will first enter the internet through the network of your internet service supplier, is forwarded to the online order placement host of the futures merchant you belong to, then inspected and approved by the risk control system of that futures merchant, before it is forwarded to the Taiwan Futures Exchange for matching. When the Taiwan Futures Exchange receives an order from a futures merchant, it will send a successful order message in the opposite direction to the futures merchant; it is not until then that you will see a “successful order” message. Therefore, it takes some time to transmit electronic messages—it’s not completed instantly. That’s why when market prices change rapidly, it cannot be guaranteed that order matching time or result of changing or canceling orders is consistent with the customer’s expectations. Because of the aforementioned layer-by-layer transmission of electronic messages, when an order irregularity occurs, it takes a lot of time to make confirmation through multiple layers to deal with the problem. Furthermore, if the underlying asset of an order placed online is a foreign future to be completed through sub-brokerage, the procedures of transmission of electronic messages will be more complicated than the aforementioned procedures.
      Tips for enhancing information security:

      • Before the trader opens an account for online order placement with a futures merchant, he or she should check whether the futures merchant provides sufficient contact information and backup methods to be adopted when online order placement cannot be executed, and thoroughly read through contract terms related to e-trading account orders in the trustee deed.
      • Keep relevant trading records while trading. When a trading dispute arises, you may provide your futures merchant with relevant data and request assistance. If it still cannot be resolved, you can turn to the Taiwan Futures Exchange and request assistance.
      • Because futures merchants often provide more than one kind of software (channel) for online order placement, it is recommended that traders download another one as backup.
    • Website Security of futures merchants

      When traders use websites of futures merchants to place orders, they should check the authenticity of such websites and confirm whether such websites already possess sufficient security mechanisms.
      Tips for enhancing information security:

      • Choose websites of legal futures merchants to engage in trading.
      • When a trader uses online order placement, he or she should confirm that the futures merchant’s website order placement mechanism meets SSL or other security mechanisms, so as to ensure the security or data transmission. Simple inspection methods are:
        • Does the website address begin with https (normally website addresses begin with http)?
        • Does the website have a certification mark?
        • Does the website display the lock icon in the lower-right corner?
        • International information security experts, after research, have discovered security threats in SSLv2. It is recommended to follow the mending method to disable the browser SSLv2 and SSLv3 protocols and activate TLS 1.0, TLS 1.1, and TLS 1.2.
      • Upon discovery of a fake futures merchant’s website or a futures merchant’s online order placement mechanism not possessing SSL or other security mechanisms, you should rapidly report it to the Taiwan Futures Exchange (02-23695678) and stop using such websites to place orders.
    • Use API to place orders

      API是Application Programming API is an acronym for Application Programming Interface. Normally it is provided for a trader who is capable of developing programs to connect it with his or her order placement strategies in order to facilitate an order placement interface that supports quick order placement. Thus, it is not a ready-made program. Generally speaking, APIs provided by futures merchants contain several formulas that can be adopted by traders during program development. Such formulas mostly come with functions, such as placing orders, deleting orders, reporting orders and reporting transactions. Using the API to place orders is identical in nature to placing orders online; there will also be risk resulting from network congestion, blackout, and internet disconnection, the same as in online order placement.
      Tips for enhancing information security:

      • Choose an API provided by a legal futures merchant to engage in trading, and avoid using an API not directly provided by the futures merchant or an API packaged and compiled by a third party.
      • A futures trader using the API service to place orders should determine the performance of transaction at one’s discretion.

References: Taiwan Stock Exchange Corporation
Advocating unit: Taiwan Futures Exchange Corporation
Address: 14F., No.100, Sec. 2, Roosevelt Rd., Zhongzheng Dist., Taipei City
Telephone: 02-23695678