At Coconut the security of our customers’ money and personal data is a top priority for our team and for our banking partner. We take a secure by design approach so that security thinking is at the heart of everything we do.

We are happy to provide detailed information on our security measures so that customers feel well informed and confident in Coconut’s approach to security.

If you have questions, comments or suggestions about security we’d love to hear from you at [email protected].

Secure Login

Login requires 4 pieces of information; your mobile number, a one-time code sent via SMS, your 5 digit passcode, and is also restricted to your device. This is designed to stop unauthorised access to your account.

We will also occasionally re-authenticate your login to ensure the app is being used by the customer. It is not possible for an attacker to continually try to login, as this this will lock the attacker out – this prevents brute force attacks.

Data Encryption

We take every opportunity to encrypt your data whether that is in our database or in your app and the communication between them. We take additional measures to prevent snooping on of communications between the app to our servers and we never store your password as plain text, it is always encrypted with the latest methods.

24/7 Monitoring

We constantly monitor for suspicious activity to keep your account safe, and we use limits and rules to protect against fraudulent use of your card and account. Plus you get real-time notifications about your account use so if there’s any activity you don’t recognise you can get in touch with us.

Control your card

You can block your card any time from the app if you misplace it, and cancel and order a new one if you lose it. Your PIN can only be obtained from the app by entering your card’s security code.

Protected Funds

Coconut is not a bank and as such we do not use your money for investment or any other activity. Your money is safe and secure and managed in a ring-fenced account at Barclays by our regulated banking partner, Prepay Technologies.

GDPR compliant

We comply with the General Data Protection Regulation 2018 which governs how we collect and process your personal data. More information be found in our Privacy Policy.


If you’d like to learn more about our security, there’s more detail here.