For change in personal information (address, email address, payment information) send a temporary code to email address registered. This adds another layer of protection from hackers/ scammers.
Also two factor authentication could be included for login in web browser on laptops.
Mobile apps are secure with biometric authentication. So it cannot be accessed without the consent of the account owner in most cases.
Hope Visible takes step in fixing this major vulnerability. Until then ๐