The Seven Golden Rules of Secure Mobile Payments by Cellum

• All banking data is requested from our customers only when necessary and a minimum number of times

The clients only have to type in the data when they register a credit card.     The risk of data leaks through keyboard monitoring is minimized. 

• Banking information is not stored in its complete form

The data is encrypted, broken and stored partially on the server, partially on the mobile handset. Stored separately, these pieces of information are useless on their own and their separate parts will only be assembled in the bank.  The risk of using data obtained through mass data theft or loss of phone in minimized. 

• No banking data is stored without the most secure encryption

We are protecting all our data through extremely secure - _128/256 AES, RSA ₁₀₂₄ - encryption. To crack this encryption, many years’ work of super-computers would not be enough! The risk of using unauthorized data obtained from compromised systems is minimized. 

• All banking data is sent via a strongly encrypted format throughout the transaction processes

Only encrypted data "travels" in each point of the transaction process. The risk of using “caught” or leaked information is minimized. 

• All banking data can only be validated  through two separate channels by our customers

Clients may initiate payments only if they are clearly able to confirm their bank accounts and their phones. Having only one of these is not enough. Therefore, if the telephone or credit card is lost, the bill cannot be charged. Also, in the case of stolen cards- details cannot be registered with an unknown phone. The risk of credit card fraud is minimized.

•  All banking details are accessible only through the device possessed by the client and through the password it generates

Only the client can initiate a payment transaction with the proper data. This is to protect customers from fraudulent transactions and dealers from malicious users, since every single transaction can be proved, identified, traced and used upon the authorization of a combination of knowledge and possession.  The risk of false transactions is minimized. 

• The banking data can only be used by devices, which are authorized by identification and registration.

All transactions are exclusively accepted by authorized phones. This means no one can pay with copied data and malicious attacks can be eliminated by “blocking” the phone. The risk of deliberate abuse is minimized.

Compliance with these principles ensures that transactions are perfectly safe for every customer and partner of Cellum.  It is our belief that when a customer wants to pay, the transaction must be: authentic, inviolable, undeniable, secret, knowledge and possession-based, its data should not be stolen and its tool could be disabled remotely at any time.