Skip to main content
All CollectionsSecurity & Data
How Safe is Lumio app?
How Safe is Lumio app?

Lumio goes the extra mile to make sure customer data is safe, secure and fully encrypted.

Charlie Richardson avatar
Written by Charlie Richardson
Updated over 7 months ago

Security is at the very centre Lumio. Your data is our top priority, and we have a wealth of security protocols in place to ensure your information is always safe, secure and only there to serve you.

Open Banking

In the UK, we use the Open Banking system to connect to your accounts.

Open Banking was introduced by the UK government to provide a safe and secure way to connect your accounts with third parties without having to share your log in details with us.

FCA Registration

Lumio is registered as a Payment Services Directive Agent of Moneyhub Financial Technology Ltd, which is authorised and regulated by the Financial Conduct Authority.

Bank Grade Encryption

Lumio uses several state-of-the-art security measures, including the same end-to-end 256-bit TLS encryption used by all major banks.

We encrypt all your credentials and separate them from your personally identifiable information. To retrieve your transaction history your details are automatically unencrypted and used to retrieve your transaction history, then immediately re-encrypted. We don’t store any of your login credentials, including passwords.

Lumio is a read-only service, so if your account should fall into the wrong hands (for example if your phone is stolen and hacked) no one can make any transactions from your account. In addition to this, to access your Lumio account you must provide a pin-code or biometric ID to log in each and every time.

ICO Registered

We are also registered with the ICO. This is our Data Protection Registration Number: ZA548961.

Our Team and Protocols

Our team receives regular security awareness training and we have a continual threat modelling system in place for our service.

Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities and we use best practices and open standards to ensure that we protect against common attack vectors. Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token-based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone.

Access to the live system is available only to a small number of people. Any access is provided via secure channels only.

If you have any concerns about our security protocols, please raise them immediately via the in-app chat.

Did this answer your question?