Primary Authentication:
- Username + Password
- Biometric (Face ID, Touch ID)
- Hardware security key (YubiKey)

Secondary Authentication:
- SMS OTP
- Email verification
- Authenticator app (TOTP)
- Backup codes

Session Management:
- JWT tokens (15-minute expiration)
- Refresh tokens (24-hour expiration)
- Device fingerprinting
- IP whitelisting (optional)
- Automatic logout after inactivity

Roles:
- TRADER: Place orders, view portfolio
- ADMIN: Manage users, view all data
- COMPLIANCE: Audit access, reporting
- SUPPORT: View user data, assist users

Permissions:
- order:place, order:cancel, order:modify
- account:view, account:withdraw
- admin:users, admin:config
- compliance:audit, compliance:report

Implementation:
- JWT contains user role and permissions
- API Gateway validates permissions
- Service-level checks
- Audit all permission checks

Requirements:
- Secure network architecture
- Protect cardholder data
- Vulnerability management
- Access control
- Network monitoring
- Security policies

Implementation:
1. Tokenization:
   - Never store card numbers
   - Use payment processor tokens
   - Separate payment database

2. Network Segmentation:
   - Payment services isolated
   - Firewall rules
   - No direct internet access

3. Encryption:
   - TLS 1.3 for all traffic
   - AES-256 for data at rest
   - Key rotation every 90 days

Account Protection:
- Two-factor authentication required
- Withdrawal verification (email + SMS)
- IP whitelisting for API access
- Device authorization
- Suspicious activity detection

Withdrawal Limits:
- Daily limit: $50,000
- Weekly limit: $200,000
- Large withdrawals: Manual review
- Cooling period: 24 hours for new accounts

Pre-Trade Checks:
1. Authentication:
   - Valid session token
   - User authorized to trade
   - Account active

2. Risk Checks:
   - Sufficient funds
   - Position limits
   - Order size limits
   - Price collar checks

3. Fraud Detection:
   - Unusual order patterns
   - Rapid order placement
   - Wash trading detection
   - Layering/spoofing detection

4. Compliance:
   - Pattern day trader rules
   - Restricted securities
   - Trading halts

Detection:
1. Wash Trading:
   - Same user buying and selling
   - No economic purpose
   - Artificial volume

2. Layering/Spoofing:
   - Place fake orders
   - Cancel before execution
   - Manipulate prices

3. Pump and Dump:
   - Coordinated buying
   - Artificial price increase
   - Sell at peak

4. Front-Running:
   - Trade ahead of client orders
   - Use non-public information
   - Unfair advantage

Actions:
- Real-time detection
- Automatic alerts
- Account suspension
- Report to regulators

Database:
- PostgreSQL TDE
- AES-256 encryption
- Encrypted backups
- Key rotation (90 days)

Sensitive Data:
- Account numbers: Encrypted
- SSN/Tax IDs: Encrypted
- Bank details: Encrypted
- Separate encryption keys

Audit Logs:
- Immutable storage
- Encrypted
- Tamper-proof
- 7-year retention

TLS Configuration:
- TLS 1.3 (minimum TLS 1.2)
- Strong cipher suites
- Perfect forward secrecy
- Certificate pinning

API Security:
- All APIs over HTTPS
- WebSocket over TLS (WSS)
- FIX over TLS
- Certificate validation

Rule 15c3-5 (Market Access):
- Pre-trade risk controls
- Prevent erroneous orders
- Capital and margin checks
- Regulatory compliance

Rule 606 (Order Routing):
- Disclose order routing
- Best execution
- Payment for order flow
- Quarterly reports

Regulation SHO (Short Selling):
- Locate requirement
- Close-out requirement
- Threshold securities

Required Data:
- Every order (placed, modified, cancelled)
- Every trade execution
- Every account change
- Every risk event

Retention:
- 7 years minimum
- Immutable storage
- Tamper-proof
- Instant retrieval

Format:
- Structured data (JSON)
- Timestamped (nanosecond precision)
- Digitally signed
- Indexed for search

Reporting:
- Daily reports to regulators
- Monthly summaries
- Annual audits
- On-demand queries

Know Your Customer (KYC):
- Identity verification
- Address verification
- Employment information
- Source of funds

Anti-Money Laundering (AML):
- Transaction monitoring
- Suspicious activity reports (SAR)
- Currency transaction reports (CTR)
- Pattern detection

Implementation:
1. Onboarding:
   - Collect required documents
   - Verify identity (ID, passport)
   - Check sanctions lists
   - Risk assessment

2. Ongoing Monitoring:
   - Transaction patterns
   - Large deposits/withdrawals
   - Rapid trading
   - Unusual behavior

3. Reporting:
   - File SARs within 30 days
   - File CTRs for >$10K transactions
   - Maintain records for 5 years

Principle of Least Privilege:
- Minimum necessary access
- Role-based access control
- Time-limited access
- Audit all access

Access Levels:
- Read-only: View data
- Operator: Execute operations
- Engineer: Modify code
- Admin: Full access

Authentication:
- Hardware security keys
- Biometric authentication
- Multi-factor required
- Session timeout (15 minutes)

Audit:
- Log all access
- Monitor anomalies
- Alert on suspicious activity
- Regular reviews

API Key Management:
- Unique key per user
- Separate keys for trading vs data
- Key rotation every 90 days
- Revocation on compromise

Rate Limiting:
- Per-user limits
- Per-IP limits
- Adaptive throttling
- DDoS protection

Request Signing:
- HMAC-SHA256 signature
- Timestamp validation
- Nonce for replay protection
- Verify on every request

Phases:
1. Detection (<1 minute)
2. Containment (<5 minutes)
3. Eradication (<1 hour)
4. Recovery (<4 hours)
5. Post-Mortem (within 1 week)

Incident Types:
- Unauthorized access
- Data breach
- DDoS attack
- Market manipulation
- System compromise

Response Team:
- Security Lead
- Engineering Lead
- Compliance Officer
- Legal Counsel
- PR/Communications

Triggers:
- Security breach
- System malfunction
- Regulatory order
- Extreme volatility

Actions:
1. Halt all trading immediately
2. Cancel pending orders
3. Notify users
4. Notify regulators
5. Investigate issue
6. Resume when safe

Communication:
- Real-time status page
- Email notifications
- Social media updates
- Press release if major

Data Collection:
- Minimum necessary data
- Clear purpose for each field
- User consent required
- Opt-out options

Data Usage:
- Trading operations only
- No selling to third parties
- No advertising use
- Aggregated analytics only

Data Retention:
- Active accounts: Indefinite
- Closed accounts: 7 years (regulatory)
- Trading data: 7 years
- Personal data: Delete on request (with exceptions)

User Rights:
1. Right to Access:
   - Download all data
   - JSON/CSV format
   - Within 30 days

2. Right to Erasure:
   - Delete personal data
   - Exceptions: Regulatory requirements
   - Anonymize trading data

3. Right to Portability:
   - Export trading history
   - Machine-readable format
   - Transfer to competitors

4. Right to Rectification:
   - Update personal information
   - Verify changes
   - Audit trail

Fraud Signals:
- Unusual trading patterns
- Rapid account changes
- Large withdrawals
- Coordinated activity
- Account takeover indicators

ML Model:
- Features: 100+ signals
- Model: Gradient boosting
- Training: Historical fraud cases
- Inference: <10ms

Actions:
- Low risk: Allow
- Medium risk: Additional verification
- High risk: Block and review

Monitoring:
- Real-time alerts
- Manual review queue
- Automated responses
- Continuous improvement

Detection:
- Login from new device
- Login from new location
- Unusual trading activity
- Password change + withdrawal

Response:
1. Challenge with 2FA
2. Email/SMS verification
3. Temporary account lock
4. Manual review

Recovery:
- Identity verification
- Reset credentials
- Review recent activity
- Reverse fraudulent trades