Why Account Security matters on a sportsbook platform
Unlike a social media app or a news site, a sportsbook manages real money. Your account on lomboktoto holds your deposit balance, records your engagement with Liga 1 and Champions League markets, stores your payment method details, and processes your withdrawal requests. If someone gains unauthorized access to your account, they can drain your balance, request withdrawals to an external account, or expose your personal and financial data to third parties.
Account Security is your first line of defense. By controlling who can log in, verify who requests withdrawals, and keep an audit trail of all account activity, we reduce the risk that unauthorized access causes harm. We do not claim to be impenetrable — no platform is — but we design our security systems to be clear, controllable, and recoverable if something goes wrong.
Your account is your responsibility and ours. We provide the tools; you control the configuration. This shared responsibility model means that security is not something we do to you — it is something we do with you.
Password management and login security
When you create your lomboktoto account, you set a password. We require a minimum of eight characters and recommend mixing uppercase, lowercase, digits, and symbols. We do not impose arbitrary complexity rules beyond this — we respect that you may have a system that works for you — but we do enforce these basics to prevent trivial brute-force attacks.
Your password is encrypted when stored on our servers. Even our internal administrators cannot see it. If you forget your password, we do not email it to you; instead, we send you a secure reset link that expires after a short window. This process takes a few minutes, but it ensures that your account recovery is safe.
We track login activity on your account. In the Account Security section, you can see a log of every login — the date, time, device type, and location. If you see a login you do not recognize, you can force a logout of that session and trigger a password reset. This transparency helps you spot unauthorized access quickly.
Two-factor authentication and optional verification
Two-factor authentication (2FA) adds a second layer to your login process. After you enter your password, we send a code to your registered phone number (via SMS) or email address. You enter that code to complete login. An attacker who obtains your password cannot access your account without also having access to your phone or email — a significantly higher bar.
2FA is optional on lomboktoto, not mandatory. We recognize that some users find it inconvenient, and we do not want to force a security measure that you will circumvent. However, we strongly recommend enabling 2FA, especially if you are managing a substantial balance or expecting a large withdrawal.
In addition to login 2FA, we offer optional security PIN for sensitive account actions. If you enable this, any withdrawal request, payment method change, or password reset requires you to enter a personal PIN that you set separately from your password. This prevents accidental (or unauthorized) modifications to your withdrawal settings.
KYC verification and document handling
Before your first withdrawal, we require identity verification (KYC — Know Your Customer). This is not our choice alone; local regulations require it. We ask for a national ID, passport, or driver's license, plus proof of address (a recent utility bill or bank statement).
We handle these documents securely. They are encrypted on upload, stored in a separate system from your account balance, and accessed only by our compliance team — never by customer service agents unless you explicitly request help resolving a verification issue. Once verified, your documents remain on file; you do not need to resubmit them for each withdrawal.
Withdrawal security and payment method verification
When you request a withdrawal, we verify that the request is legitimate. If your account is new or if you are withdrawing for the first time, we may ask you to confirm your identity by email or phone. This is a friction point, but it prevents someone who gains temporary access to your account from draining your balance to an unknown bank account or e-wallet.
We support withdrawals to multiple payment methods: DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and direct transfers to mobile banking, local payment, online payment, and e-wallet accounts. Each withdrawal is tied to a payment method you have registered and verified with us. You cannot withdraw to a random account; the payment method must be linked to your account and match your KYC profile.
Withdrawal processing times vary depending on the payment method and your bank's processing windows. mobile banking and local payment typically credit within minutes. Bank transfers may take a few hours, especially during peak times like Idul Fitri or Idul Adha when payment networks are congested. We keep you informed of the expected timeline at the point of withdrawal.
Account Security is the foundation that lets you engage with Liga 1, Piala Indonesia, Piala AFF, Champions League, and all other markets on lomboktoto with confidence that your funds and data are protected.
Account recovery and loss of access
If you lose access to your account — you forget your password, you lose your phone, or you suspect someone else has your credentials — we have a recovery process. Navigate to the login page, click "Forgot password", and follow the email reset flow. You will receive a secure link that lets you create a new password.
If you also lose access to your email address, contact our English-language support team with proof of identity (your ID number and a recent photo holding your ID). We will verify your identity using details from your KYC documents, confirm your account ownership, and help you regain access. This process may take a few hours or longer depending on how thoroughly you can prove your identity.
Prevention is easier than recovery. Keep your email account secure, use a strong, unique password, and enable 2FA. If you are frequently traveling or expecting to lose access to your phone, add a backup email address or phone number to your account so that account recovery remains possible.
Session management and device control
You can see all active sessions linked to your account in the Account Security section. If you log in on a shared computer, you can log out of that session remotely from another device. If you do not recognize a session, you can force logout all sessions and require a fresh login with your current password.
We also allow you to set a device trust list. Once you log in on a device you recognize, you can mark it as trusted so that future logins on that device do not require 2FA codes. This balance between convenience and security is yours to configure.
