Compliant Security

Security is our life

We deliver compliant, bank-grade security for optimum peace of mind without creating barriers to purchase.

It may be stating the obvious, but we take security very seriously, as without it, our offering would be nothing but hollow words. We understand the brand damage which can so easily be caused by poor security. And with clients and partners including O2, Visa Europe, BBC Worldwide, Sabre and CallCredit, we have to be at the top of our game at all times.


But because we all know that compliance can be a real headache, we tick all boxes by having full certification for our platform, app and SDK.  We are PCI Level 1 compliant (certified) and PSD2 ready.  So, risk and cost are a non-issues to our clients and partners as you can immediately leverage our certifications.  In many cases we can completely remove your systems from scope, dramatically reducing your costs.


We consolidate identity. We achieve this by linking to a range of providers and your own systems. Additionally, our data partners can provide validation up to bank-grade Know Your Customer (KYC) and Anti Money Laundering (AML) standards.

Personal Data

Personal data is held in a highly secure local vault on the mobile. It’s encrypted while on the phone and during transmission. Rather than relying on just browser security, we use digital certificates. Doing this mitigates threats associated with identity theft, fraud and hacking. Our process ensures that personal data can only be viewed by the consumer and the merchant. For marketing, the consumer provides permission to use their data with every transaction. This also gives you regulatory peace-of-mind for data protection (e.g. GDPR).  For added value, data can be further enriched by our partners.

Payment Data

Payment data is just as secure, but we do not store it or hold it on the mobile.  Instead we link to compliant, industry standard wallets, vaults or payment providers such as ApplePay or PayPal.  When needed, credentials are sent directly to your payment processor or tokenised.


Our platform handles all your security needs.  This includes a Public Key Infrastructure (PKI), P2PE (Point-to-Point Encryption), key management, cryptography, incursion detection, tamper evidencing, audit and threat prevention safeguards.  We provide multi-factor authentication as standard.  Starting with phone and PIN we enable best-of-breed, industry-standard bio-metrics, geo-location and data validation services.  We enable these seamlessly as required.  When combined with our patented triggers this delivers a brilliant user journey while complying with current and planned legislation.  We’ve also put every aspect of our technology through extensive and regular penetration testing (Pen testing).

Notably, unlike some other solutions on the market, we undergo independent testing for Financial Conduct Authority (FCA) regulated companies.  This goes well beyond the requirements of Payment Card Industry (PCI) Level 1 and Payments Service Directive 2 (PSD2) compliance.  Plus, we do not store data centrally, there are no usernames or passwords to steal and there is no honeypot for hackers.

Finally, with over 36 months of 100% up-time, processing over 1 million platform requests per month, we’re so confident about our world-class security that we’ll happily go head-to-head against anyone you choose.

Security is everything in our marketplace.