How we verify your identity
When you open an account at 68idn, we ask for your full name, date of birth, phone number, and email. These details help us comply with local anti-money-laundering rules and prevent fraud. We do not share this data with third parties outside our payment processor and compliance team.
If you deposit a large amount or attempt a withdrawal, we may request additional documents — a photocopy of your KTP (Indonesia national ID), a bank statement, or a utility bill. This is standard practice in regulated markets. Processing these documents takes a few business days; we respond via email with a confirmation once we have verified your information.
We also validate your phone number via SMS and your email via a confirmation link. These steps protect against account takeovers. If someone tries to log in from a new device, we send you a notification so you can block suspicious access immediately.
Multi-factor authentication at 68idn
You can enable two-factor authentication (2FA) on your account settings page. We support SMS codes and authenticator apps (Google Authenticator, Authy). When 2FA is active, logging in requires both your password and a time-based code from your phone. This single step blocks non-specific info of credential-stealing attacks.
We recommend enabling 2FA before you deposit funds. Many players in Jakarta, Surabaya, and Bandung have already done so — it adds 10 seconds to login but prevents account theft entirely.
- KYC
- Know Your Customer — a regulatory requirement that we verify your identity and source of funds before processing large transactions.
- 2FA
- Two-factor authentication — a second verification step using your phone to confirm your login identity.
- AML
- Anti-money laundering — compliance rules that prevent criminal misuse of financial platforms; we follow these rules worldwide.
Protecting your password and login
Your password is the key to your account. We store it using bcrypt encryption — a one-way hash that we cannot reverse. Even our staff cannot see your original password. If you forget it, you reset it via email confirmation; no one at 68idn can send it back to you.
To keep your account safe, follow these practices:
- Use a unique password for 68idn — do not reuse a password from other sites.
- Use at least 12 characters, mixing letters, numbers, and symbols.
- Never share your login credentials with anyone, including our support staff.
- Change your password every 6 months or if you suspect a breach.
- Log out after every session, especially on shared devices.
Recognizing and avoiding phishing
Phishing is a social engineering attack where a criminal impersonates 68idn to steal your login. A typical phishing email says "Confirm your account" and links to a fake login page that looks identical to ours. You enter your credentials, the attacker captures them, and they access your account.
- Check the sender email address — our official domain is 68idn.fun. Any email from a lookalike domain (68idn-official.com, 68idn.id) is fake.
- Look for urgent language — "Verify now" or "Account will close" — phishing emails create panic.
- Hover over links before clicking — the URL bar will show the true destination. If it is not 68idn.fun, do not click.
- We never ask for sensitive data via email — passwords, card numbers, and OTP codes are never requested this way.
Secure password reset and account recovery
If you forget your password, use the "Forgot Password" link on our login page. You will receive an email with a reset link valid for subject to verification. Click the link, set a new password, and log in.
If you no longer have access to your registered email or phone number, contact our support team with proof of identity — a photo of your KTP and a recent bank statement. We will verify that you own the account and help you regain access. This process takes 2-3 business days to prevent unauthorized account recovery.
If someone has already compromised your account, change your password immediately and notify our support team via a different email address or phone number. We will freeze the account, review the transaction history, and restore it once we confirm your identity.
Payment security and QRIS deposits
Deposits at 68idn use encrypted payment gateways. When you select e-wallet, mobile banking, local payment, online payment, or e-wallet, you are redirected to the payment provider's secure site — not 68idn. Your card or wallet details never touch our servers.
All transactions are logged and encrypted. We retain records for 7 years to comply with local financial regulations. If you dispute a charge, contact your bank or payment provider first — they handle refunds. If the refund is rejected, contact our support team and we will investigate the transaction on our end.
-
1
Choose your payment methodDeposit step 1
Select mobile banking, local payment, online payment, e-wallet, mobile banking, or a bank transfer. Each method connects to a certified payment processor.
-
2
Redirect to secure payment pageDeposit step 2
You are redirected to your bank or wallet app — you confirm the amount and authorize the transfer. 68idn never sees your payment details.
-
3
Confirmation and balance updateDeposit step 3
Your 68idn balance updates instantly or within minutes, depending on your payment provider. You receive an email receipt.
Withdrawal security at 68idn
Withdrawals at 68idn require the same identity verification as deposits. You submit a withdrawal request, and we process it to your original payment method — the bank account or wallet where you deposited. This rule prevents money laundering and protects you against account theft.
Processing times vary by region. Bank transfers in Jakarta and Surabaya may take 1-2 business days; mobile wallets like local payment and online payment often settle within hours. During Idul Fitri or Idul Adha, bank processing may be slower due to public holidays.