You can enable Two-Factor authentication for login attempts and digital currency withdrawals. This protects your account against unauthorized access. To access your account, you have to enter a code that you see on your mobile device linked to Bitvavo.
Login attempts from unknown devices must be confirmed by clicking on a link that you receive by email. In addition, your session is linked to your IP address. In case this IP address changes you have to log in again. These security measures can sometimes be at the expense of the ease of use of Bitvavo, but in most cases prevent unauthorized access to your account.
The amounts you transfer will be received by the Bitvavo Payments Foundation. The capital of this foundation is not connected to Bitvavo B.V. As a result, users of Bitvavo are not at risk in the event of a possible bankruptcy of Bitvavo B.V. itself.
Bitvavo is based in the Netherlands and only accepts European customers. The KYC (Know Your Customer) policy of Bitvavo complies with the AML guidelines of the European Union and the Dutch 'Wwft' (Act to prevent money laundering and terrorist financing). The bank accounts of Bitvavo have been placed with Bunq, established in the Netherlands. Customer data is stored in data centers in the Netherlands and Germany.
Most of the digital currency is stored on so-called ”cold wallets”. These are wallets that are managed offline on devices that have been shut down from the internet, so they can not be hacked. Only a few employees of Bitvavo have physical access to these cold wallets. To ensure that purchases, sales and withdrawals are processed quickly, a small percentage of the digital currency is placed on a so-called ”hot wallet”.
Recordings of digital currency to unknown addresses and changes to your settings must be confirmed by email. If a hacker gains access to your account, no digital currency can be recorded to unknown accounts, unless your email address is also hacked.
By enabling Two-Factor authentication you can increase the security of your account. In this case, a hacker needs to have both your login details and your mobile phone to gain access to your account. For digital currency withdrawals and login attempts from unknown devices, you will receive a confirmation email. Please note that you only give permission when you recognize an address or device.
Use a strong password that is not easily guessable by third parties, but you can remember yourself. You can possibly use a password manager. Make sure that you do not write down this password anywhere and never share it with third parties. Never mail this password to yourself, and do not store this password unencrypted on your computer. Bitvavo employees will never ask for your password.
One of the advantages of digital currency is that you can be your own bank and do not have to depend on third parties for the storage of digital currency. We therefore recommend that you only place digital currency on Bitvavo if you want to trade it in the immediate future. Due to fluctuations in the price of digital currencies, the value of your balance can quickly increase or decrease within a short time. Keep this in mind when setting up your security.
E-mails from Bitvavo always come from the domain name bitvavo.com. Always check whether the URL starts with bitvavo.com and the HTTPS certificate the company name Bitvavo B.V. shows. Just login to Bitvavo by typing bitvavo.com manually in the address bar of your web browser. If a login attempt is detected from a device that has not yet been logged in, Bitvavo will send you an email. So never give access to devices that you do not recognize.
Use a modern browser and make sure that your operating system is always equipped with the latest updates and secured by a reliable virus scanner. You can easily block devices that you no longer trust. This can be done by logging in to Bitvavo and deleting the device by navigating to the ”Profile”> ”Security” heading.
Transactions of digital currencies are irreversible. Please note that you always check the address of the withdrawal and deposit address. You can do this easily by checking both the first and last letters of the address.