What is Fipto?

Fipto empowers financial departments to send payments instantly through the blockchain and to securely hold, convert, and report on their fiat and digital assets. Our unwavering focus is on the following critical areas:

Operational Security:

  • User, role, and limit management meticulously overseen.
  • Enhanced security protocols for the administration of your company wallets, including multi-signature and the option to whitelist beneficiaries.
  • Robust two-factor authentication process for all sensitive operations.
  • Customizable transaction authorization policies to suit your specific needs.
  • Best of breed cryptography for wallet security

Consolidation, reporting and valuation:

  • Real-time and historical valuation of your digital assets, both within wallets and across transactions.
  • Precise valuation of your external custodian and non-custodian wallets.
  • Comprehensive financial consolidation of all your digital assets for accurate reporting.
What is a digital asset wallet?

A digital asset wallet is a device, physical medium, program or a service which stores the public and/or private keys or cryptocurrency transactions. Digital asset wallets keep your private keys – the passwords that give you access to your cryptocurrencies – safe and accessible, allowing you to send and receive cryptocurrencies like Bitcoin and Ethereum.

While your holdings live on the blockchain, they can only be accessed using a private key. Your keys prove your ownership of your digital money and allow you to make transactions. If you lose your private keys, you lose access to your money.

Payments & Deposits
How long will it take for my deposited digital assets to appear in my Fipto wallet?

At Fipto, our priority is to ensure the utmost security of our clients' treasury activities. We achieve this by adhering to the industry's finest standards in screening and monitoring cash flows. Given our status as a registered DASP, Fipto is mandated to validate the source of incoming digital asset funds prior to their inclusion in your wallet.

Payins are diligently processed within the window of 9 am to 6 pm (CET) from Monday to Friday. Our teams process these transactions within an hour of receipt. Please be aware that more complex transactions can require additional processing time.

Wallets & Security
How many digital asset wallets and IBANS can I create?

You have the ability to create an unlimited number of wallets and IBANs. This allows your company to seamlessly segregate funds, reconcile incoming payments, integrate your digital assets into financial reporting, and achieve much more.

How do I keep my transactions confidential?

At Fipto, we give you the opportunity to generate as many wallets and crypto addresses as you want for incoming payments. This allows you to allocate one address to each unique partner or even to each invoice. Outgoing payments are processed from an omnibus account which prevents the recipient from tracking your funds or your wallet balance.

If you simply use a traditional non-custodial wallet, anyone can track your transactions on the blockchain. This means that anyone who knows your wallet address (such as your suppliers or clients) will be able to see all of your transactions, including your balance and the details of each transaction.

With Fipto, you can maintain your privacy and security by using separate wallets for each partner or invoice. This way, your recipients will only be able to see the transactions that relate to them, and they will not be able to track your overall balance or transaction history.
Here are some of the benefits of using Fipto's omnibus account for outgoing payments:

  • Privacy: Your recipients will not be able to track your funds or your wallet balance.
  • Security: Your funds are held in a secure account that is not linked to your individual wallet addresses.
  • Convenience: You can easily manage your outgoing payments from a single account.
How does Fipto assist me in managing operational risks?

Fat finger, wrong recipient address, internal fraud, email hacking, identity theft, mishandling, etc. Fipto's platform empowers you to establish safeguards at every level. Given the highly sensitive nature of digital assets, we've developed a security system that surpasses that of a bank.

Our end-to-end security features include:

  • User creation, meticulously secured by our expert team and subject to your validation.
  • Flexibility to replicate your internal limit management policy.
  • Implementation of double or triple signatures for payment validation. You can easily configure this with your account manager upon account creation.
  • Option for whitelisting beneficiaries or specific external wallets.
  • Seamless setup of 2FA (Two-Factor Authentication) for secure initiation of payments and beneficiary setup. Your digital asset protection is our top priority.
What risks are involved in digital asset holding and trading?

Holding digital assets is akin to carrying cash in a physical wallet. When managing your personal wallets, establishing secure and intricate processes for safeguarding your private keys becomes necessary. At Fipto, we take care of this task on your behalf, freeing you to concentrate on your core financial endeavors.

Digital assets are renowned for their pronounced volatility. Nevertheless, there's no need to hold such volatile assets to harness the benefits of blockchain infrastructure. Fipto handles an array of digital assets, including stablecoins like USDC and USDT. This  facilitates the transfer of stable value globally – transparently, affordably, and within seconds.

The Fipto infrastructure allows you to minimize these risks as much as possible.

What is Strong Authentication?

Since January 2018, European regulations have mandated Payment Service Providers to implement Strong Customer Authentication (SCA) to strengthen the security of their customers' accounts and reduce the risk of fraud.

What is Strong Customer Authentication (SCA)?
SCA is a security measure that reinforces the protection of your account by using two steps to verify your identity:Your account is first secured by entering your password. Then, on top of that, a 6 digits Time-based One Time Password (TOTP) generated by your authentication application is used to confirm your identity and unlock access to your account.

How does Strong Customer Authentication work?
To enable Strong Customer Authentication through an application, you will need 2 components:
1. Your password (which you will normally already have set up at this stage)
2. Your phone with an authentication application installed (such as Google Authenticator)

Through your authentication application, you can either view existing Time-based One Time Password (TOTP) (if you already set up strong authentication for other services) or choose to set up a new TOTP. To set up a new TOTP, you will typically need to scan a QR code or copy a setup key provided by the service where you want to secure your account access.

💡 Unlike a common password, your TOTP is unique for each use, thereby enhancing the security of your account.

Why is Strong Customer Authentication preferable to other security methods?
Strong Customer Authentication can take various forms, for example, two-step validation via SMS (receiving a unique code on your phone). However, this method is not as secure as using an authentication application to generate Time-based One Time Password (TOTP) because malicious hackers could intercept your two-step validation SMS, which is not possible with an authentication application.
This is why at Fipto, we have chosen to secure your account through TOTP.

How to set up your Strong Customer Authentication?

Strong Customer Authentication (SCA) is a security measure that enhances the protection of your account by using two steps to verify your identity. To learn more about this, you can refer to the dedicated FAQ section "What is Strong Authentication?".

Setting up Strong Customer Authentication for my Fipto account
Before getting started
To enable Strong Customer Authentication (SCA), you will need 2 components:
1. Your Fipto password (which you already set up)
2. Your phone with an authentication application installed (if you don't have one, you can download Google Authenticator for free)

Strong Authentication Configuration
Once your authentication application is installed, you can configure SCA for your Fipto account by following the steps below:
1. Scan the QR code displayed on your Fipto login screen with your phone, or copy the configuration key and paste it into your authentication application.
2. Open your authentication application and retrieve your 6-digit Time-based One Time Password (TOTP). Then type it into the Code field of your Fipto application (login screen).
3. Click Confirm on the Fipto login screen.

Connect to Fipto once your Strong Customer Authentication is set up
1. Open the Fipto app by clicking on Login (top right) from the website (or follow this link).
2. Enter your email (used as your Fipto login) along with your password and click Sign in.
3. Retrieve your Fipto Time-based One Time Password (TOTP) from your authentication application and type it into the Code field on Fipto. Then, click Confirm to access your account.

Is Fipto regulated?

Yes. Fipto is a registered Digital Asset Service Provider (DASP) by the French Financial Markets Authority (AMF) for the following services: (i) custody of digital assets on behalf of a client, (ii) trading of digital assets against other digital assets, and (iii) trading crypto-to-fiat or fiat-to-crypto service under number: E2023-069.

What happens to my funds in the event of Fipto's discontinuation?

Rest assured, your digital assets are stored within distinct wallets that are entirely separate from Fipto's internal funds. In the unlikely scenario of Fipto undergoing liquidation, the responsibility for returning clients' owned digital assets lies with the appointed liquidator. Your assets remain safeguarded and will be duly returned to you under such circumstances.

Why am I required to undergo a KYB procedure in order to open an account?

As a registered Digital Asset Service Provider (DASP) by the French Financial Markets Authority (AMF), we are required to carry out a Know Your Business (KYB) procedure. We also analyse each transaction to comply with AML/CFT rules, ensuring that the funds you receive are compliant and will not hurt your business and your reputation.