How to Help a Cardholder When Their Private Keys Have Been Compromised
How can a cardholder know if their private keys have been compromised?
Signs that a cardholder’s private keys may have been compromised include:
- Unexplained transactions involving their cryptocurrency or digital assets.
- Unauthorized transfers or withdrawals from their wallet.
- Notifications of access from unfamiliar devices or locations.
If the cardholder notices any of these signs, they should take immediate action.
What should a cardholder do if their private keys have been compromised?
Guide your cardholder through these steps to protect their assets:
- Immediately transfer their assets to a secure wallet: Instruct the cardholder to move their digital assets to a new wallet with fresh, uncompromised private keys.
- Stop using the compromised keys: Advise the cardholder to cease any further use of the compromised private keys and replace them with new ones generated from a secure source.
- Report the issue: Encourage the cardholder to contact your support team, so the situation can be escalated to Immersve for further assistance.
What other steps should a cardholder take?
In addition to securing their assets, the cardholder should:
- Change all related passwords: Update any passwords associated with wallets, exchanges, or accounts that interact with their private keys.
- Enable two-factor authentication (2FA): Wherever possible, encourage the use of 2FA to add an extra layer of security.
- Monitor for suspicious activity: Advise the cardholder to keep an eye on their accounts and wallets for any unusual activity.
Will the cardholder be liable for losses due to compromised private keys?
Explain to the cardholder that because private keys are the sole responsibility of the key holder, any losses due to compromised keys will not be recoverable. However, we will assist in securing their account and assets to prevent further losses.
How can a cardholder protect their private keys in the future?
Share these best practices with cardholders to safeguard their private keys:
- Use hardware wallets: Hardware wallets provide a secure, offline environment to store private keys.
- Keep backups in secure locations: Encourage cardholders to store backup copies of their private keys in secure, offline locations.
- Avoid sharing private keys: Remind cardholders never to share their private keys with anyone, including family members, police or your staff and avoid storing them in easily accessible digital formats (e.g. on cloud storage).
Can a cardholder recover compromised assets?
If the assets were transferred out of their wallet after the keys were compromised, recovery may be difficult. However, advise the cardholder to report the theft or unauthorized transaction to relevant exchanges and/or authorities. We will also investigate and provide any possible support.