Your money has
two locks. At minimum.
Even if someone gets into your account, they can't move your money.
Password + Passcode
Your account has two separate credentials. Your password opens the app. Your passcode authorizes every transaction: transfers, bill payments, card funding.
Someone with your password sees a dashboard. Someone with your passcode but no password can't even log in. Both are needed to move money, and both are stored as irreversible hashes.
Password
Opens the app
Passcode
Moves your money
Expires in 22s
Two-Factor Authentication
Add a second step to every login. Use an authenticator app (Google Authenticator, Authy) or email-based codes.
When you set up 2FA, you get recovery codes. Write them down and keep them somewhere safe. They're your backup if you lose access to your authenticator.
Identity Verification
Every account that moves money has a verified identity behind it. BVN or NIN, checked against national databases. This isn't optional. It's required before your first transaction.
Higher verification unlocks higher limits. Virtual card access requires the highest level, including proof of address.
Level 1
BVN or NIN
Level 2
BVN + NIN verified
Level 3
Full KYC + address proof
Automatic protections
These run in the background on every account.
Login attempts capped
Then locked
2FA attempts capped
Then blocked
Transfer rate limiting
Per account
API rate limiting
Per client
Brute-force attacks and automated scripts get blocked before they can try enough combinations to matter.
Crypto Security
Your deposit address is on the Binance Smart Chain. Deposits need 15 block confirmations before they credit, enough to prevent double-spend attacks. Withdrawals go through verified contracts.
Two credentials. 2FA. Rate limiting. Verified identity.
All active by default, on every account.