IFX (UK) Ltd is referred to hereon as “IFX”, “we” or “us”.
Company information
IFX (UK) Ltd, trading as IFX Payments, registered in England and Wales. Company Number: 05422718. Registered Office: 33 Cavendish Square, London, W1G 0PW, United Kingdom. IFX (UK) Ltd is authorised and regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN 900517) for the issuing of electronic money, and is registered as a Foreign Money Services Business (“FMSB”) with the Financial Transactions and Reports Analysis Centre (“FINTRAC”) in Canada (Reg. No.: M23400543).
IFX (UK) Ltd, trading as International Foreign Exchange (DIFC Representative Office), registered as a Recognised Company in the Dubai International Financial Centre (DIFC). Registered Number: 1363. Registered Offices: Unit 401, Level 4, Index Tower, DIFC, PO Box 507009, Dubai, UAE. IFX (UK) Ltd is authorised and regulated by the Dubai Financial Services Authority (FRN F001814) to operate as a Representative Office to market its services in the DIFC.
Data privacy
IFX is registered with the UK Information Commissioner’s Office (Reference Number: Z9399766). For more information, please see our Privacy Policy. In the event you wish to contact IFX regarding the processing of your personal data, please contact: regulatory@ifxpayments.com.
Secure Customer Authentication
We are required by applicable laws and regulations to apply Secure Customer Authenticate (SCA) whenever you perform certain actions via our ibanq or mPay platforms (for example logging in, adding a beneficiary or approving payments). We use software called BindID provided by Transmit Security to perform SCA. As part of the authentication process, biometrics which are held locally to your device are used to perform the verification. Biometric data is not collected, stored or processed by us (or our third party providers) as part of the authentication.
Territory of provision of our services
Our services are available to persons in certain jurisdictions only. The distribution of the information and documentation on this website may be restricted by law in certain countries. This website, and the information and documentation on it, are not addressed to any person resident in the territory of any country or jurisdiction where such distribution to any person resident in the territory of any country or jurisdiction where such distribution would be contrary to local law or regulation.
IFX does not have a physical presence outside the UK, other than in Poland and the DIFC.
If you use our payment services and are based outside the UK or EEA, we provide our payment services strictly on the basis that:
- You approached us for the provision of our payment services.
- You have been advised that our payment services are not regulated or authorised outside the UK.
- All of our services are provided in the UK only.
- You agree that it is your duty to ensure that you are compliant with the applicable laws in your country.
Payment services provided to customers based in the European Economic Area are provided by CurrencyCloud B.V..
Provision of information on this website
The information on this website does not constitute, and should not be construed as, financial product advice or a recommendation to buy, sell or otherwise transact in any financial product including, but not limited to, foreign exchange contracts and payment services.
Protecting yourself against fraud
As a global foreign exchange and payment solutions provider, we place the utmost importance on fraud prevention and protection. We are dedicated to ensuring the safety and security of our customers' personal and financial information, and we have implemented various measures to safeguard against fraudulent activity.
We utilise advanced fraud detection tools and technologies to monitor transactions for suspicious activity, regularly review and update our security protocols, and educate our staff and customers on best practices for preventing and reporting fraud.
We also advise our customers to take proactive steps to protect themselves against fraud, such as regularly monitoring their accounts and reporting any suspicious activity immediately.
We are committed to maintaining the highest level of security and confidentiality for our customers. We will continue to invest in and improve our fraud prevention efforts to ensure a safe and secure online experience for all. Our commitment to fraud prevention and protection is further reinforced by our compliance with all applicable laws, regulations, and industry standards related to fraud prevention and data security.
Have you been a victim of fraud?
If you suspect you have been a victim of fraud, we advise you to report it immediately to our team via regulatory@ifxpayments.com.
You can report fraud and cybercrime if you live in the UK to Action Fraud.
When you contact us, we will investigate your suspicions and where possible take necessary steps to prevent others from falling victim to the same scam.
Fraud alerts
Please be aware that fraudsters use ever-changing methods of defrauding payment service users. A few examples are set out below:
Authorised push payment (APP) fraud or bank transfer scams
APP fraud, also known as bank transfer scams, is a type of fraud in which an individual or organisation is tricked into transferring money to a fraudster's account. This type of fraud typically occurs when the fraudster poses as a legitimate individual or entity, such as a vendor, supplier, or employee of a company.
The fraudster will usually contact the victim through email, phone, or text message and provide them with false information, such as fake invoices or payment requests. The victim is then instructed to make a payment to the fraudster's account, often under the guise of urgent or time-sensitive circumstances.
The fraudster will use various tactics to convince the victim to transfer the funds, such as creating a sense of urgency, threatening legal action or penalties, or providing fake assurances of security or legitimacy.
Once the victim transfers the funds, the fraudster will quickly withdraw the money from the account, often leaving the victim with little to no recourse to recover the lost funds.
APP fraud is a growing concern for individuals and businesses alike, and it is important to be vigilant and take appropriate measures to prevent falling victim to these scams. It is important to verify the authenticity of any payment requests before transferring funds and to educate employees and colleagues about the risks and signs of APP fraud. Additionally, banks and financial institutions are working to implement additional security measures to prevent and detect APP fraud.
Account takeover
Account takeover is a type of fraud where criminals gain unauthorised access to a customer's account, typically through phishing scams, social engineering, or various forms of hacking to trick the account holder into providing sensitive information.
Once a criminal has access to an account, they can steal funds, make unauthorised transactions, or change the account details to lock the legitimate owner out of their account, causing significant financial losses.
Preventative measures include implementing strong authentication measures and security protocols such as multi-factor authentication, monitoring for suspicious login activity, educating customers, and having a response plan and a refined procedure in place for notifying affected customers and law enforcement agencies.
Cyber fraud
Cyber fraud refers to any fraudulent activity that takes place online and typically involves using the internet or technology to deceive individuals and organisations into providing sensitive information.
It includes phishing scams, identity theft, hacking, and malware attacks. Cyber fraud can be committed by individuals or organised groups who target vulnerable entities lacking adequate security measures.
Examples include email scams requesting, fake websites, and ransomware attacks, leading to financial loss, reputational harm, and legal consequences.
To prevent cyber fraud, keep software up to date, use strong and unique passwords, be wary of suspicious emails and messages, use two-factor authentication and keep sensitive information private.
CEO email fraud
CEO email fraud, also known as business email compromise, is a type of cyber fraud where criminals impersonate a CEO or another high-level executive to trick employees and partners into transferring funds or sensitive information, causing significant financial losses and reputational damage.
The fraudster creates an email address similar to the targeted executive's by slightly altering the domain name, then requests urgent payment or transfer from the finance or accounting department, and uses various tactics to create a sense of urgency or authority by claiming the requested funds are needed to close a critical deal. The funds will then be sent to the criminal’s account through a series of intermediaries or shell accounts. These are often difficult to trace.
To prevent this fraud, payment firms should implement strict authentication protocols for all financial transactions including multiple levels of approval, educate employees, conduct regular security audits, and have a response plan in place for recovery of stolen funds and notifying law enforcement.
