The security of your data is our top priority, and we have a wealth of security protocols in place to ensure your information is safe with us.
Bank Grade Encryption
Lumio uses several state-of-the-art security measures, including the same end-to-end 256-bit TLS encryption used by all major banks.
We encrypt all your credentials and separate them from your personally identifiable information. To retrieve your transaction history your details are automatically unencrypted and used to retrieve your transaction history, then immediately re-encrypted. We don’t store any of your login credentials, including passwords.
Lumio is a read-only service, so if your account should fall into the wrong hands (for example if your phone is stolen and hacked) no one can make any transactions from your account. In addition to this, to access your Lumio account you must provide a pin-code or biometric ID to log in each and every time.
Our Team and Protocols
Our team receives regular security awareness training and we have a continual threat modelling system in place for our service.
Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities and we use best practices and open standards to ensure that we protect against common attack vectors. Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token-based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone.
Access to the live system is available only to a small number of people. Any access is provided via secure channels only.
If you have any concerns about our security protocols, please raise them immediately via the in-app chat.