The Three Golden Rules of Secure Mobile Payments

In addition to being fully PCI DSS (Payment Card Industry Data Security Standard) compliant, Cellum follows a strict security policy which ensures that all customer transactions are authentic, inviolable, undeniable, secret, and both knowledge and possession-based. Compliance with these principles ensures that transactions are perfectly safe for every customer and partner of Cellum.

  • Customers’ banking information is only requested the absolute minimum number of times

    Clients only enter card data when registering a card. This minimizes the risk of data leaks through keyboard monitoring.

  • Banking information is never stored in complete form, and always protected with the most secure encryption available

    Client banking data are encrypted, broken and stored partially on the server, partially on the mobile handset, with their separate parts only assembled at the bank. With the partial data useless on its own, the threat posed by either mass data theft or phone loss becomes negligible. Cellum protects all data it stores using 128/256 AES and RSA 1024 encryption protocols, which offer unsurpassed security.

  • All transactions are subject to verified client possession of both handset and bank account

    To initiate payments a customer must be able to confirm their possession of both bank account and phone being used, meaning that an account cannot be charged if either a handset or card is lost. Meanwhile, details from stolen cards cannot be registered with an unknown phone. As a result, the risk of credit card fraud is further minimized.

  • Split Secret

    Cellum’s years of research into payment security has resulted in a proprietary, patented card vault solution called Split Secret. Trusted by major international brands and subject to constant innovation, Split Secret to date maintains a track record of zero fraud.

    Total security is maintained by the combination of knowledge and possession-based safeguards: In order to make a transaction with a card or payment instrument stored in the vault, the user must know the mPIN and be in possession of the device to which the payment instrument was registered. An advanced card registration process involving a nominal payment in conjunction with a one-time password also ensures that only the legitimate cardholder can add a card to the card vault.

    Meanwhile, Split Secret solves the problem of vulnerable card databases by obscuring all card data with AES and RSA encryption and scattering the resulting fragments across multiple physical locations. And with the user’s mPIN reduced to a keyword for decrypting the cryptogram, the only vulnerability is the (very unlikely) chance that an unauthorized party can guess the password.


    The Payment Card Industry Data Security Standard was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data. More information about PCI DSS:


  • Showcase

    Cellum’s various client applications are available for download from all market-leading mobile app stores.

  • White Papers

    Cellum is not a pilot project, a test or slideware. We have a 21-year track record of successfully tested and operating solutions. Our case studies provide detailed insight into how our mobile payment services operate in the real world.

  • Videos

    Watch Cellum’s solutions in action.


We respect your privacy and will only use your above personal data to handle your inquiry. For details, please read our Privacy Notice