A Multi-Layered Approach to Security

At Lumin Digital, security isn’t just a feature—it’s a foundational principle. Since day one, security has been deeply embedded into every layer of our platform, ensuring a resilient, proactive, and scalable approach to protecting our clients and the people they serve.

A Culture of Security

We don’t just rely on tools—we empower every team, from development to operations, to think security-first. By integrating security at every stage of our product development and fostering deep awareness across our organization, we ensure that protection isn’t an afterthought but an inherent part of everything we do.

Hardened Infrastructure & Automated Resilience

Built entirely on a cloud-native architecture, Lumin operates with a zero-trust mindset, enforcing strict security controls while maximizing efficiency. Our automation-driven infrastructure enables weekly releases without sacrificing security, ensuring rapid updates, patching, and consistency across thousands of servers. Our environments are continuously refreshed with infrastructure-as-code, eliminating configuration drift and reducing risk exposure.

Secure Application Development & Advanced Threat Protection

Security is seamlessly woven into our software development lifecycle, with rigorous secure coding practices, real-time monitoring, and automated anomaly detection. Our Security Operations Center (SOC) continuously analyzes threats, leveraging industry intelligence from FS-ISAC and other cybersecurity partners to stay ahead of emerging risks.

Adaptive Fraud Prevention & Intelligent Authentication

Lumin employs machine learning-driven fraud detection, behavioral analytics, and adaptive authentication to defend against threats proactively. We were early adopters of passkeys and continuous authentication, ensuring secure and frictionless user experiences. Our enterprise-grade bot management and API security measures also provide robust perimeter protection against automated attacks.

Transparent Compliance & Client Collaboration

We exceed industry standards with SOC 2 Trust Services Criteria, PCI Data Security Standard, and GLBA-aligned security frameworks, all transparently documented in our client-accessible GRC platform. We believe in open collaboration, offering real-time security insights, direct client engagement, and continuous improvements to meet evolving regulatory and security challenges.

At Lumin, security isn’t just a responsibility—it’s our passion. Through a culture of security, cutting-edge automation, and continuous innovation, we provide the highest protection, resilience, and trust in digital banking.

Reporting

Please send an e-mail to [email protected] along with details that permit us to fully understand the issue you are observing, and if possible, with screenshots, logs, URL’s with parameters, sample output, or steps to reproduce the issue that we can use to validate your report and identify the root cause. Please also provide information that allows us to respond to you for additional questions, and, to the extent we can, to apprise you on our progress in resolving the issue. If possible, please provide your IP address to allow us to correlate your activity in our logs for further diagnosis.

You may send us encrypted emails by using our public PGP key and please do so if any information you send is confidential. We have published our key on public key servers and you will also find it reproduced below:

—–BEGIN PGP PUBLIC KEY BLOCK—–

—–END PGP PUBLIC KEY BLOCK—–

Acknowledgements

• Mehul Bharat Lunagariy
• Yash Vilas Chavhan
• Bhaskar Tejaswi
• Nikhil Rane
• Gourav Sankalle