Security within Change

Over 100 000+ users have placed trust in us. Maintaining that trust and improving the security both in the app and behind the app is a continual focus area for Change. We have dedicated teams at Change to  ensure the end to end security of your account and assets. Change card product is following Payment Card Industry Data Security Standard and compliance to it has been audited by independent auditors; in addition, Change’s information security management is following the ISO27001 security framework.

Security of your Change account

There are three main components that have direct impact on the security of your account:
1. The way we verify our customers. All our customers need to verify their identity during onboarding. We’ve partnered with Veriff and Onfido to ensure our customers are who they claim to be. We make efforts to know our clients and have clear procedures in place to confirm their identity also throughout our business relationship with them. For example, all Change card users must bind their device and the usage of a new device initiates a device verification flow.

2. The way you log into the app.  Setting up password and a passcode (or using biometrics instead of the passcode) is mandatory in Change app. However, these days, using simply a password and username to log into your accounts, is not enough. We recommend you to set up a long and unique password for your account and also enable the second factor authentication (2FA) - a feature we’ve built for you in Change app. With 2FA set up, even if somebody gets access to your password, they won't be able to access your account. Our strong recommendation is that you also set up 2FA for the email address with your email service provider.

3. The way we monitor our systems. We monitor the transactions and evaluate their risk on the go, we run the know-your-customer procedures to avoid servicing fraudulent activities, and we monitor how our product is being used to identify potential suspicious behaviours as early as possible.

Security of your assets with Change

Customer assets are kept separately from Change’s own assets. Change is using third party service platforms to support liquidity management procedures. All service providers undergo periodic due diligence. We have partnered with industry leaders across the board, enabling us to offer our clients a comprehensive and seamless user experience without compromising on security. Read more about this from our Report on Transparency which you can find in our blog.

Tips on Security

1. Recognise phishing attacks and fake info. Phishing happens when adversaries play on common emotions such as fear, sense of urgency or helpfulness. Their purpose is to deceive people into giving up valuable information (e.g stealing user credentials) or funds. Phishing could happen through emails, social media messages, SMS messages or websites that look and feel legitimate, but aren’t.

a. Remember to always take your time before actioning on something that triggers a strong emotion - it might be a phishing message.
b. Remember to hover on the links for a link preview before clicking them. Link preview is often the simplest way to detect shady looking content. Official communication about Change only comes from the domain “changeinvest [dot] com”. Learn how to identify suspicious content by taking this quiz powered by Google.
c. Help us make the experience safer for yourself and others by sharing the suspicious content you find in relation to Change with us: in some cases we’re able to take legal action against the scammers. Let us know via [email protected]

2. Use 2FA wherever possible. In today’s world long and unique passwords are simply not enough to protect the user accounts. Always set up 2FA wherever possible. We’ve built the 2FA feature for you also in Change app. As a rule of thumb, we recommend setting up 2FA for any apps where you’re managing your assets, and for your associated e-mail accounts.
3. Never share your passwords, pins nor 2FA tokens. As a responsible service provider, we’d never ask you for such information and if somebody does, then this classifies as a very shady activity. Let us know about such cases via [email protected]

4.
Never send funds to anyone claiming to be Change’s employee, even if they’re reaching out to you personally in Telegram or in any other social media platform. We’d never ask you for this. Report such activities to us via [email protected]

Let’s speak security!

1. License and compliance
See More
We are a regulated cryptoasset service provider and fully compliant with all the relevant regulations in Estonia and in the EU.
Licensed by the Estonian Financial Unit, xChange AS is authorised to provide virtual currency services (licence number FVT000072). License information: https://mtr.mkm.ee/juriidiline_isik/223821.
2. Security and personal data protection
See More
Change app and our infrastructure has formally received the PCI DSS compliance certificate. This means our security is on par with one of the world's most demanding security standards.
We have designated Data Protection Officer who is responsible of making sure we process personal data lawfully and according to the best industry standards.
3. Well capitalised and transparent
See More
Change is one of the most regulated and compliant crypto providers in Europe. We have undergone a financial audit this year and have been named as an example of a responsible crypto provider by the Estonian Financial authorities on multiple occasions.

We have been continuously publishing our financial results even though we are not a publicly traded company. Driving growth in our industry in a responsible, safe and secure manner is paramount to our team and always has been.

We are proactively monitoring the risks and exposures and making adjustments to the procedures used to ensure the safety of funds on a continual basis. This is why we are using technology provided by industry leaders BitGo and Ledger to custody assets.

Moving forward, we’ll be also releasing our Proof of Reserves information.
4. World's most secure custody solution
See More
We are safeguarding your digital assets with the world’s most secure and compliant custody solution provided by BitGo. Since 2013, they have been the market leader in delivering institutional grade security solutions for blockchain-based services.
If something should still go wrong, for example third-party hacks, theft or loss of private keys, insider theft of dishonest acts by BitGo employees or executives, your assets are covered with a $100 million insurance policy.
https://www.bitgo.com/services/custody
5. Funds segregation
See More
Our strong partnership with LHV Bank and EU financial institutions keep your funds safe and segregated at all times.
6. Strong AML measures
See More
Our perfect track record matches our zero tolerance policy for illicit activity. Our compliance and support teams work tirelessly to prevent such things as terrorist financing, child pornography, and sanction evasions.
We comply thoroughly with internal, regulatory and partner-based guidelines with each case and every customer.
7. There for you
See More
Our team is highly active and responsive. From Telegram to live chat, emails and much more, we want to hear from you - mad, sad or glad.
8. Fraud and crime detection software
See More
We use sophisticated technology in the crypto-sector to detect and prevent fraud. State-of-the-art software helps raise customer awareness on particular cryptoasset transactions, counter-parties, and their reputations to aid in protecting customer funds.
9. Member of Industry Associations
See More
A hub for startups and local fintechs, Finance Estonia has aided in supporting the Estonian economy by increasing business opportunities through the enhancement of financial sector development and innovation since 2011.
To learn more please visit http://financeestonia.eu/about-us/
Guy standing next to Bitcoin illustration

Buy Bitcoin today

Download our app to start

Change Invest
Get The App