Security & Trust
Your payments. Protected.
Kube Pay is built on regulated open banking infrastructure. Every payment is protected by UK financial regulation, bank-grade security, and our commitment to your data.
FCA Regulated
Payment services delivered under FCA authorisation No. 964289
Open Banking
Powered by UK-regulated open banking infrastructure
Bank-Grade Security
TLS encryption and Strong Customer Authentication on every payment
No Stored Credentials
We never see or store your online banking username or password
How Kube Pay keeps your payment secure
You authorise at your own bank
When you make a payment through Kube Pay, you are redirected directly to your bank’s own secure app or website to approve the payment. We never handle your login details, PIN, or password at any point.
Strong Customer Authentication (SCA)
Your bank requires you to verify your identity using SCA — typically a combination of your biometric, a one-time code, or your banking app — before the payment is approved. This is a regulatory requirement under the Payment Services Regulations 2017.
Payment goes straight to the merchant’s bank
Once approved, your bank sends the funds directly to the merchant’s account via Faster Payments. Kube Pay never holds your money. There is no intermediary sitting between your bank and the merchant.
Instant confirmation
You receive an immediate confirmation once your bank accepts the payment instruction. Both you and the merchant can see the payment status in real time.
Regulated, authorised, and accountable
Kube Pay is a trading name of Kube Finance Limited. Payment initiation services are provided under the FCA authorisation of Wonderful Payments Ltd (trading as Asima). Kube Finance Limited acts as an agent of Wonderful Payments Ltd.
| Regulated Principal | Wonderful Payments Ltd (trading as Asima) |
|---|---|
| FCA Registration Number | 964289 |
| Authorisation Type | FCA-authorised Payment Institution — Payment Initiation Service Provider (PISP) and Account Information Service Provider (AISP) |
| Regulatory Framework | Payment Services Regulations 2017 (PSR 2017) |
| Agent | Kube Finance Limited (trading as Kube Pay) — listed agent of Wonderful Payments Ltd on the FCA Register |
| FCA Register | Verify at register.fca.org.uk — search “Wonderful Payments Ltd” or FCA No. 964289 |
| Data Protection | Kube Finance Limited is registered with the Information Commissioner’s Office (ICO). ICO Registration: [Insert] |
| Company Registration | Kube Finance Limited, registered in England and Wales. Company No: [Insert] |
Your data. Your control.
We never see your bank login
When you approve a payment, you do so directly within your bank’s own app or website. Kube Pay has no access to your username, password, or PIN at any point.
No ongoing account access
Each payment is a one-time instruction. We do not have standing access to your bank account, balance, or transaction history.
Encrypted in transit and at rest
All data transmitted to and from the Kube Pay platform is encrypted using TLS. Stored data is encrypted at rest using industry-standard protocols.
UK GDPR compliant
We process personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. You have full rights over your data.
Minimal data retention
We only retain personal data for as long as required by law or our regulatory obligations. Payment data is retained for 6 years in line with HMRC and AML requirements.
Breach notification
In the unlikely event of a personal data breach, we will notify the ICO within 72 hours and affected individuals where required by law.
Built on bank-grade infrastructure
- TLS 1.2+ encryption on all data in transit
- Role-based access controls on all internal systems
- AES-256 encryption for data at rest
- Regular penetration testing and vulnerability assessments
- Strong Customer Authentication (SCA) on every payment
- 24/7 automated transaction monitoring for fraud signals
- Financial-grade API (FAPI) open banking connectivity
- Incident response and breach notification procedures
- No storage of payer bank credentials
- Vendor security due diligence for all third-party processors
- Hosted on ISO 27001-certified cloud infrastructure [confirm with provider]
- OWASP security principles applied in platform development
Why open banking is more secure than card payments
| Feature | Kube Pay (Open Banking) | Card Payments |
|---|---|---|
| Authentication | Bank-level SCA — biometric or app approval by account holder | Card details entered by payer — susceptible to theft |
| Credential exposure | Zero — Kube Pay never sees login details | Card number, CVV, and expiry exposed at point of entry |
| Fraud chargebacks | Not applicable — bank-authorised payment by account holder | Chargebacks possible — fraud and friendly fraud risk |
| PCI DSS scope | Not applicable — no card data handled | Required — adds cost and compliance overhead |
| Regulatory oversight | FCA-regulated PISP under PSR 2017 | Card scheme rules (Visa/Mastercard) — separate framework |
Spotted something? Tell us.
If you believe you have identified a security vulnerability in the Kube Pay platform, or if you suspect fraudulent activity on your account, please contact our security team immediately.
- Security issues: security@kubepay.co.uk
- Fraud or suspicious activity: fraud@kubepay.co.uk
- General complaints: complaints@kubepay.co.uk
We take all security reports seriously and will acknowledge receipt within 24 hours. Responsible disclosure reports are welcomed and we commit to investigating all reports in good faith.