security and peace of mind with Change

Over 135,000 users have placed their trust in us. Maintaining that trust through continuous security improvements - within the app and behind the scenes - remains our top priority.

Our dedicated teams work hard to ensure the end-to-end security of your account and assets. Compliance is regularly audited by independent experts. Additionally, Change's information security management follows the ISO27001 framework, guaranteeing the highest standards of protection.

Your account security, our priority

There are three key components that directly impact the security of your account:

How we verify our customers

All our customers verify their identity during onboarding. We've teamed up with trusted partners Veriff and Onfido to make sure everyone is who they say they are. We also keep up clear procedures to confirm identities throughout our relationship - because knowing our clients is key to keeping accounts safe.

How you log into
the app

Setting up a password and passcode (or using biometrics) is mandatory in the Change app. We recommend choosing a long, unique password for your account and enabling two-factor authentication (2FA) - a built-in feature designed to help you keep your account secure.

How we monitor our systems

We continuously monitor transactions and assess risks in real time to prevent fraudulent activities. We also keep an eye on how our product is used to spot any suspicious behaviour as early as possible. For added security, all Change card users must link their device, and using a new device triggers a verification process to keep your account safe.

Keeping your assets safe with Change

Customer assets are held separately from Change's own funds. We use third-party service platforms to manage liquidity, and all our service providers undergo regular due diligence.

By partnering with industry leaders, we ensure our clients enjoy a seamless and secure experience. For more details, check out our Report on Transparency available on our blog.

Let's talk security

1. Recognise phishing attacks and fake information
See More
Phishing happens when adversaries play on common emotions such as fear, sense of urgency or helpfulness. Their purpose is to deceive people into giving up valuable information (e.g stealing user credentials) or funds. Phishing could happen through emails, social media messages, SMS messages or websites that look and feel legitimate, but aren’t.
a. Always take your time before actioning on something that triggers a strong emotion - it might be a phishing message.
b. Hover on the links for a link preview before clicking them. Official communication about Change only comes from the domainchangeinvest.com
c. Help us make the experience safer for yourself and others by sharing the suspicious content you find in relation to Change with us: in some cases we’re able to take legal action against the scammers. Let us know via support@changeinvest.com
2. Use two-factor authentication (2FA) wherever possible.
See More
In today’s world, long and unique passwords alone aren’t enough to fully protect your accounts. That’s why we strongly recommend setting up two-factor authentication (2FA) wherever possible. We’ve built 2FA right into the Change app to make it easy for you.

As a good rule of thumb, use 2FA on any app where you manage your assets, as well as your associated email accounts. With 2FA enabled, even if someone gets hold of your password, they won’t be able to access your account without the valid 2FA code.
3.  Never share your passwords, PINs, or 2FA tokens with anyone.
See More
As a responsible service provider, we would never ask you for such information. If someone does, that’s a clear sign of suspicious activity. Please report any such cases to us at support@changeinvest.com.
4. Never send funds to anyone claiming to be a Change employee.
See More
Even if someone contacts you personally on Telegram or any other social media platform claiming to be from Change - never send funds. We would never ask you for this. If you encounter such requests, please report them to us at support@changeinvest.com.
1. Licensing & Compliance
See More
We are a regulated investment firm and virtual currency service provider, fully compliant with all applicable regulations in Estonia and across the EU.
Licensed by the Estonian Financial Intelligence Unit, xChange AS is authorised to provide virtual currency services (license number FVT000072). License details: https://mtr.ttja.ee/taotluse_tulemus/540587
CFD trading services are provided cross-border by Change Securities B.V. (Chamber of Commerce no. 50755854), authorised and regulated by the Dutch Authority for the Financial Markets (AFM). License details: https://www.afm.nl/en/sector/registers/vergunningenregisters/beleggingsondernemingen/details?id=7090F7AE-BBDB-E111-9A85-005056BE6692
2. Information security & Data privacy
See More
The Change app and our infrastructure have formally received PCI DSS compliance certification, meaning our security meets one of the world’s most demanding standards.

We have a dedicated Data Protection Officer who ensures that all personal data is processed lawfully and in line with the highest industry standards.
We also have a designated Data Protection Officer responsible for ensuring that we handle personal data lawfully and follow the highest industry standards.
3. Well-capitalised & Transparent
See More
Change is one of the most regulated and compliant crypto providers in Europe. We successfully underwent a financial audit this year and have been repeatedly recognised by Estonian financial authorities as a responsible example in the industry.

Despite not being a publicly traded company, we’ve consistently published our financial results. For us, driving growth in a responsible, secure, and transparent way has always been a core priority.

We proactively monitor risks and exposures, continually refining our internal procedures to ensure the safety of client funds. To safeguard assets, we rely on custody technology from industry leaders BitGo and Ledger.

We’ve also started publishing our Proof of Reserves, further reinforcing trust and openness with our users.
4. The world’s most secure custody solution
See More
We safeguard your digital assets using the world’s most secure and compliant custody solution - BitGo. Since 2013, BitGo has been the market leader in delivering institutional-grade security for blockchain-based services.
If something should still go wrong, for example third-party hacks, theft or loss of private keys, insider theft of dishonest acts by BitGo employees or executives, your assets are covered with a $100 million insurance policy.
https://www.bitgo.com/services/custody
5. Funds segregation
See More
Our strong partnership with LHV Bank and trusted EU financial institutions ensures your funds are always safe and fully segregated.
6. Strong AML protocols
See More
Our impeccable track record reflects our zero-tolerance policy toward illicit activities. Our compliance and support teams work tirelessly to prevent issues such as terrorist financing, child exploitation, and sanctions evasion.
We rigorously comply with internal policies, regulatory requirements, and partner guidelines in every case and for every customer.
7. Always here for you
See More
Our team is highly active and responsive. Whether it’s Telegram, live chat, email, or more, we’re here to listen - whether you’re mad, sad, or glad.
8. Fraud & crime detection software
See More
We use advanced technology within the crypto sector to detect and prevent fraud. Our state-of-the-art software enhances customer awareness by monitoring specific crypto asset transactions, counterparties, and their reputations - helping to safeguard your funds.
9. Member of Industry Associations
See More
Finance Estonia, a hub for startups and local fintechs, has supported the Estonian economy since 2011 by fostering financial sector development and innovation to create new business opportunities.
To learn more please visit http://financeestonia.eu/about-us/
Become a Bug Slayer and protect Change
Our Bug Bounty rewards system and updated T&Cs are currently under construction. You're still very welcome to report any vulnerabilities by emailing us at bugbounty@changeinvest.com. While we’re reviewing the programme, we can't guarantee any rewards just yet - but you won’t walk away empty-handed.
Below, you'll find our Hall of Fame - featuring the strongest warriors who’ve reported issues rated P4 or higher. Thank you for being such an inspiration to all of us!
Hall of Fame
Contributor
Trannum Rai
Severity level
P4
Time
March 2025
Guy standing next to Bitcoin illustration

buy Bitcoin today

Download our app to start

Open an account
Get Started
Product
CFD TradingCryptoStakingPricingCFD Pricing
Company
AboutCareersSecuritySupport PortalContact Us
Learn
BlogBuy Bitcoin FAQCampaigns
Download
© xChange AS, 2025
Legal DocumentsPrivacy PolicyCookie Policy
The content of this website and the services described is intended to inform only eligible customers and is not intended to offer to transact business with any person in any jurisdiction where such an offer would be considered unlawful.
You can find out more about the eligibility criteria and the legal arrangements from the Legal Documents, or you may want to reach out to Change via the Support Portal or the app.
Crypto services are provided by xChange AS, with company no 14428150, under the license no FVT000072 issued by Estonian FIU.
CFD trading service is provided on a cross-border basis by Change Securities B.V., with company no 50755854, authorised and regulated by the Dutch Authority for the Financial Markets (AFM).

Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Accept All Cookies
Save Settings
Made by Flinch 77
Oops! Something went wrong while submitting the form.
Close Cookie Popup
Cookie Settings
We use cookies to provide a personalized experience and improve our website’s performance. For more details, please review our Cookie Policy.

By clicking “Accept,” you agree to the use of optional analytical and targeting cookies. Clicking “Decline” will disable these optional cookies. You can adjust your preferences for optional cookies below and withdraw your consent anytime via our Cookies Usage page.
Accept
Decline
Cookie Settings
CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 59% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.