Monzo and Challenger Banks’ Security

Category : governance , payments , security

Earlier today I read an article about Monzo leaking PINs of their customers into operational logs. Bad. What’s worse – this is the second Monzo’s technical problem I came across within last 12 months.

“Read More”

WannaCry – A Stop of A Never-Ending Journey

Category : payments , security

Ok, everyone seems to be writing about it so here’s my take so far. A professional code of malware extended in a pretty silly way that somehow got into computers of companies. And hackers collected well below $100,000.

“Read More”

Why Enigma Bridge is the best option available for cloud security

Category : enigmabridge , payments , security

The main reason we want to use cloud technologies is because they simplify cost management and allow us spend only as much as we need at any given time. The question is how secure it is and what risks are acceptable.

“Read More”

Online and Mobile Banking Fusion

Banks simplify access to our bank accounts. They keep relaxing security while hoping to replicate the boiling frog story. The trouble is that no-one dies and someone will figure out – sooner rather than later.


I touch on a few things: using online banking to find valid card numbers, and date of birth, increasing chances for unauthorised access, lowering security of login credentials and changing role of debit cards.

“Read More”

Tokenisation – Introduction

Category : enigmabridge , payments

Tokenisation is a hot topic as it makes card processing cheaper and more secure. The goal is to replace your card number with a random number that is hard to use for unauthorised transactions – and it removes the need to encrypt databases.

What we are primarily looking at now are mobile payments but we are designing solutions for e-commerce as well. Payment processing involves re-encryption of PINs (PIN-blocks) for card-present transactions.


“Read More”

Card Payments and The Cloud

We are now integrating encryption into a corporate infrastructure and it made me think about payments and PCI audits. PCI stands for Payment Card Industry. Anyone who got close enough to e-commerce, or card payments knows what a burden it is on running a business.

Sooo, I have spent some time this week thinking about architectures for “technical security systems”. I could say “cryptography” straight away, I guess. Thinking about protecting sensitive data that may be subject of independent audits.

The scope of PCI audits is given by storage and processing of credit card numbers and PINs (in case of Chip&PIN systems). Once you experience the pain, you definitely want to get “out of scope”. This is true for merchants just as banks.

Screen Shot 2015-09-26 at 00.10.41

“Read More”

“One time passwords” are not passwords

We did a bit of research into what IT start-up companies need in terms of security. I did expect that secure authentication / logons would be at the top but I was surprised that OTP (one time passwords) were at the bottom.


“Read More”