The Three Golden Rules of Secure Mobile Payments

In addition to being fully PCI DSS (Payment Card Industry Data Security Standard) compliant, Cellum follows a strict security policy which ensures that all customer transactions are authentic, inviolable, undeniable, secret, and both knowledge and possession-based. Compliance with these principles ensures that transactions are perfectly safe for every customer and partner of Cellum.

  • Customers’ banking information is only requested the absolute minimum number of times

    Clients only enter card data when registering a card. This minimizes the risk of data leaks through keyboard monitoring.

  • Banking information is never stored in complete form, and always protected with the most secure encryption available

    Client banking data are encrypted, broken and stored partially on the server, partially on the mobile handset, with their separate parts only assembled at the bank. With the partial data useless on its own, the threat posed by either mass data theft or phone loss becomes negligible. Cellum protects all data it stores using 128/256 AES and RSA 1024 encryption protocols, which offer unsurpassed security.

  • All transactions are subject to verified client possession of both handset and bank account

    To initiate payments a customer must be able to confirm their possession of both bank account and phone being used, meaning that an account cannot be charged if either a handset or card is lost. Meanwhile, details from stolen cards cannot be registered with an unknown phone. As a result, the risk of credit card fraud is further minimized.

  • Split Secret

    Cellum’s years of research into payment security has resulted in a proprietary, patented card vault solution called Split Secret. Trusted by major international brands and subject to constant innovation, Split Secret to date maintains a track record of zero fraud.

    Total security is maintained by the combination of knowledge and possession-based safeguards: In order to make a transaction with a card or payment instrument stored in the vault, the user must know the mPIN and be in possession of the device to which the payment instrument was registered. An advanced card registration process involving a nominal payment in conjunction with a one-time password also ensures that only the legitimate cardholder can add a card to the card vault.

    Meanwhile, Split Secret solves the problem of vulnerable card databases by obscuring all card data with AES and RSA encryption and scattering the resulting fragments across multiple physical locations. And with the user’s mPIN reduced to a keyword for decrypting the cryptogram, the only vulnerability is the (very unlikely) chance that an unauthorized party can guess the password.

















  • PCI DSS

    The Payment Card Industry Data Security Standard was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data. More information about PCI DSS:

    more

  • Showcase

    Cellum’s various client applications are available for download from all market-leading mobile app stores.

    more

  • White Papers

    Cellum is not a pilot project, a test or slideware. We have a 21-year track record of successfully tested and operating solutions. Our case studies provide detailed insight into how our mobile payment services operate in the real world.

    more

  • Videos

    Watch Cellum’s solutions in action.

    more
Sitemap
Home
Our Solutions
Our Company
© 2021 Cellum
Privacy & Legal Information

Privacy Notice

Our Privacy Notice explains in detail what data we collect, what we do with them and what rights you can excercise in relation to our data processing. To read the current version, click the link below.

Cellum Group Privacy Notice – November 5, 2018.

Legal Disclaimer

Information

All information, data, conditions, definitions or descriptions appearing on the website are solely of informative nature, the usage of these is the user’s own responsibility. The information provided is not intended to replace or serve as substitute for any offer, advisory or other professional advice, consultation or service.

Copyright

As the content of the websites and downloadable documents on the websites of Cellum are under copyright protection, any unauthorised use of any materials on the site may violate trademark or other laws. All use other than for personal purposes of such materials requires prior written consent from Cellum.

Exclusion of liability

In no event shall Cellum or employees be liable for any direct, indirect, incidental, special, exemplary, punitive, consequential or other damages whatsoever (including, but not limited to, liability for loss of use, data or products), without regard to the form of any action, including, but not limited to, contract, negligence or other tortuous actions, arising out of or in connection with the Site, any content on or accessed by use of the Site, or any copying, display or other use thereof.

Close
Close
Subject
  • Sales inquiry
  • General question
  • Press, events & offers
  • MasterPass

We respect your privacy and will only use your above personal data to handle your inquiry. For details, please read our Privacy Notice