Password security and account creation
When you create an account on mega 288, we require a password that meets minimum strength criteria: at least 8 characters, including uppercase, lowercase, and numeric characters. A strong password is your first defense against unauthorized access. We store your password in hashed form — meaning we do not keep it in plain text and cannot see it ourselves. When you log in, we hash your input and compare it to our stored hash. If they match, access is granted.
Change your password regularly, especially if you share a device with others or access mega 288 from public networks. You can update your password anytime in your Account Settings. If you forget your password, use the "Forgot Password" link on the login page. We'll send a password-reset link to your registered email. Click the link, set a new password, and log in with your updated credentials.
Password best practices
Avoid using dictionary words, birthdates, or sequences. Use a mix of unrelated characters. Never share your password via email, chat, or with support staff — mega 288 staff will never ask for your password.
If you suspect your password is compromised, change it immediately and review your recent account activity. If you see unfamiliar logins or transactions, contact our support team right away through the in-app chat or email.
Two-factor authentication (2FA)
Two-factor authentication adds a second security layer to your account. When 2FA is enabled, logging in requires two pieces of information: your password and a verification code sent to your email or phone. This means an attacker cannot access your account using only your password — they would also need access to your email or phone.
To enable 2FA on mega 288, log in and navigate to Account Settings → Security. Select "Enable Two-Factor Authentication". We'll send a verification code to your registered email. Enter the code, and 2FA is active. From that point forward, every login attempt triggers a 2FA prompt. Enter your password, wait for the verification code email, and enter the code to complete login.
- 2FA via email
- Default 2FA method on mega 288. A verification code is sent to your registered email address after you enter your password. Check your inbox and spam folder; the code expires in subject to verification.
- Backup codes
- When you enable 2FA, we generate single-use backup codes. Store these in a secure location. If you lose access to your email, you can use a backup code to log in and reset your 2FA settings.
- Disabling 2FA
- You can disable 2FA anytime in Account Settings. Log in with your current password and 2FA code, navigate to Security, and select "Disable Two-Factor Authentication". You'll receive a confirmation email.
We strongly recommend enabling 2FA, especially if your account is active during major events like Liga 1 seasons, Piala AFF tournaments, or Idul Fitri and Idul Adha holidays when platform traffic peaks and fraud attempts may increase.
Account verification (KYC) and identity confirmation
Before you can withdraw funds from mega 288, your account must pass Know Your Customer (KYC) verification. This is a compliance requirement — it confirms your identity and helps us prevent fraud and money laundering. KYC is mandatory for all users in supported regions across Jakarta, Surabaya, Bandung, Medan, and Semarang.
To verify your account, log in and navigate to Account Settings → Verification or My Account → Documents. You'll be prompted to upload two documents:
- Government-issued ID: Passport, national ID card (KTP), or driver's license. The ID must be valid (not expired) and clearly show your full name, date of birth, and ID number.
- Proof of address: Utility bill, bank statement, rental agreement, or government letter dated within the last three months. The document must show your name and current residential address.
Upload clear, legible photos of both sides of your ID and the full proof-of-address document. mega 288's verification team reviews submissions and notifies you within one business day. If documents are unclear or incomplete, we'll request resubmission. Once approved, you can withdraw funds immediately.
Your verified identity is stored securely and encrypted. We use your verified information only for account recovery, fraud prevention, and regulatory compliance. We do not share your personal data with third parties except as required by law or to process withdrawals through your selected payment method.
Session security and device management
mega 288 sessions expire automatically after subject to verification of inactivity. This prevents unauthorized access if you leave your device unattended. When your session expires, you're logged out and must log in again to continue. On shared devices, always log out before leaving — do not rely on session timeout alone.
You can view all active sessions in Account Settings → Device Management or Security. This page shows every device currently logged into your account, including device type, location (city-level), and login time. If you see a device you don't recognize, select it and click "Log Out" or "Revoke Access". This terminates that session immediately.
Account security on mega 288 rests on three pillars: encryption of data in transit, verification of identity at account creation and withdrawal, and your active participation in protecting your password and devices.
Payment security and withdrawal protection
When you deposit on mega 288 via DANA, e-wallet, mobile banking, local payment, online payment, or e-wallet, you are redirected to the payment provider's secure gateway. Your payment credentials are entered directly with the provider, not with mega 288. We receive only a confirmation that the transaction succeeded and the amount deposited. Your wallet credentials are never stored on our servers.
Similarly, when you withdraw, mega 288 initiates a transfer to your registered payment account. We verify your withdrawal address against your verified identity before processing. If a withdrawal request attempts to use a payment method different from your account registration, we flag it for manual review and contact you to confirm.
All transactions — deposits and withdrawals — are logged in your Account History with timestamps, amounts, and payment method. You can download a transaction statement for your records anytime. If a transaction appears unauthorized, report it immediately through the in-app chat or email.
Fraud detection and support response
mega 288 monitors accounts in real time for suspicious activity: unusual login locations, rapid multiple withdrawal attempts, sudden changes in wager patterns, or failed login attempts. If we detect potential fraud, we may temporarily restrict your account and contact you to verify your identity. This is a protective measure.
If you suspect fraudulent activity on your account — unauthorized logins, missing balance, unfamiliar transactions — contact our support team immediately. Provide as much detail as possible: the date/time of the suspicious activity, affected transactions, and any relevant screenshots. Our security team will investigate and take corrective action if necessary, including reversing fraudulent transactions or resetting your account security settings.
Reporting suspicious activity
Use the in-app "Report Issue" or "Contact Support" option to report suspected fraud. Provide exact details: transaction amount, date, payment method, and description of why you believe the activity is unauthorized.
Our support team responds during business hours. For urgent issues, use the in-app chat for fastest response. Do not share sensitive information (passwords, full payment details) in any communication — support staff will never ask for these.
Data encryption and infrastructure security
All communication between your device and mega 288 servers is encrypted using TLS 1.2 (or higher). This means your password, account data, and balance information cannot be intercepted by third parties, even if you're on an unsecured public WiFi network. Look for the lock icon in your browser's address bar — it confirms you're connected securely.
mega 288 servers are hosted in secure data centers with physical access controls, redundant power supplies, and automated backups. Our infrastructure is monitored 24/7 for intrusion attempts. We do not share your account data with third parties except payment processors (who process withdrawals to your bank or e-wallet) and regulators (if required by law).
Your balance and account history are backed up regularly and encrypted at rest. If mega 288 experiences a system failure, we can restore your account from backup without data loss. We maintain audit logs of all account access and balance changes, so any suspicious activity can be reviewed and traced.