A secure email code is a unique, personal code that you create to help you identify legitimate emails from Bitso. Once enabled, this code will be included in all official security-related emails you receive from us. If you get an email that claims to be from Bitso but does not contain your correct secure email code, it is a strong indicator that the email is fraudulent and part of a phishing attempt.

Why is a secure email code important?

Using a secure email code provides an additional layer of security for your account by:

• Increasing awareness: It prompts you to verify the authenticity of emails, making you more vigilant against phishing attempts.

• Providing a layer of protection: Even if a fraudulent email looks legitimate, the absence of your secure email code will alert you to a potential risk before you click on any links or provide sensitive information.

• Building trust: By using this feature, you can be confident that the communications you receive from Bitso are genuine.

Which emails will contain the secure email code?

You can verify the authenticity of identity verification and security emails sent by Bitso in emails related to:

• Log in

• Log out

• New device authorization

• Password change

• Email change

• Mobile number change

• Device removal

• Withdrawal cancellation, under review or rejection status

If you receive an email about security or identity verification and it doesn't have your code, do not interact with it.

How to enable the secure email code

To protect your account, you can create and enable your secure email code by following these steps:

1. Access the feature

   • Web: Go to Profile > Security > Secure email code.

   • Mobile: Go to Profile > Security > Secure email code.

2. Create your code

   • Enter a code or phrase that is between 4 and 20 characters long.

   • Your code can contain letters, numbers, or a combination of both.

3. Confirm

   • After you submit your code, you will receive a confirmation email that includes the new code.

   • A push notification will also be sent to all your logged-in mobile devices.

How to change your secure email code

You can change your secure email code at any time after it has been enabled.

1. Access the feature

   • Go to Profile > Security > Secure email code.

2. Security Validation

   • To access this feature, you will need to complete a security verification. This verification is valid for 10 minutes.

   • Web: Use your Authenticator app or an SMS one-time password (OTP).

   • Mobile: Use your mobile PIN or biometrics.

3. Enter a new code

   • You will be prompted to enter a new code that meets the same requirements as when you first enabled the feature (4-20 characters, alphanumeric).

   • For security purposes, you cannot use the same code you had previously.

4. Confirm

   • Upon successful submission, you will receive an email notifying you of the change, which will include the new code.

   • A push notification will also be sent to all logged-in mobile devices.

How to disable your secure email code

If you no longer wish to use this security feature, you can disable it by following these steps:

1. Access the Feature

   • Go to Profile > Security > Secure email code.

2. Toggle Off

   • Select the toggle to disable the feature. A confirmation prompt will appear asking you to confirm your intention.

3. Security validation

   • You will be required to complete a security validation to proceed.

   • Web: Use your Authenticator app or an SMS one-time password (OTP).

   • Mobile: Use your mobile PIN or native device biometrics.

4. Confirm

   • Upon successful confirmation, a success screen will be shown.

   • The secure email code will be disabled from all future email notifications, including the confirmation email you will receive at this point.