Consumers want online payments to be fast, easy and secure. But the current online payments experience is often encumbered by clunky checkouts, inconsistent security and rising fraud, leaving shoppers and merchants wary and frustrated.
These frustrations are what sparked a simple idea for Burbank founder Justin Pike, an experienced entrepreneur and innovator, with more than 22 years of experience in payments: if you can tap your card and enter a PIN to pay in a shop, why can’t you do the same online? That question led Pike and his team to spend two years rethinking how card-present payments could work online using a consumer’s own mobile device.
Backed by £5million in seed funding, Burbank is now in the process of going live with early partners including banks, PSPs and regulators to bring its solution to markets globally. We spoke to Pike about the problem Burbank set out to solve, the tech challenges behind it and how his mother-in-law helped inspire the solution.
Tell us more about your company and its offering
Burbank enables people to pay online the same way they pay in stores: by tapping a card and entering a PIN. It’s called Card-Present over Internet®, or CPoI®.
The idea’s simple: no more typing in long card numbers, no more concerns about security, you just tap your card on your phone and enter your PIN, like you would at a till.
That enables a card-present transaction online – something that has never been done till now. It gives the merchant the same liability protection as an in-store transaction because there’s significantly less chance of fraud. This is important because fraud and chargebacks are expensive and growing issues online merchants face, costing over $42 billion in 2024.
The other problem CPoI® solves for merchants is false positives, which is when anti-fraud technology incorrectly blocks legitimate transactions. This issue is ten times more costly to merchants than fraud, costing $442 billion last year. With CPoI®, false positives are completely eliminated.
What problem was your company set up to solve?
It started during the Covid lockdown. Every Monday, my mother-in-law would ring me up when she was online shopping. She’d managed to put things in her basket but couldn’t figure out how to check out. I’d have to talk her through the card details, and every time she’d ask, “Why does it need all this information? Why can’t I just tap my card on my phone like I do in shops?”
And she was right. That one question stuck with me, because once you dig into it, it’s not really about the technology not being possible. It’s just that no one had done the hard work to make it happen.
So that’s what we set out to do: take the security and simplicity of card-present payments and bring it online. But that meant rethinking the whole thing: securing the phone, rebuilding the backend infrastructure from the ground up, and then scaling it.
Since launch, how has your company evolved?
We spent two years in a dark room, literally. People think putting Chip and PIN payments on a phone is simple, it’s not. It wasn’t designed for consumer devices. You can’t just stick some software on and hope it works.
We had to go right back to square one. Turning a phone into a payment terminal meant rethinking everything: the infrastructure, the key management, the way transactions flow, all within the existing payments rails.
Now we’re live. We’ve done integrations across all sorts of sectors, such as gaming, gambling, retail and travel, and we’re engaged with regulators like Ofcom and the Malta Gaming Authority on things like age verification and safer access online for minors.
What has been the biggest challenge or most tricky moment to overcome?
Our biggest challenge was finding a way to scale the most secure payment method that already exists, without breaking the way the current system works.
If you plugged two billion point-of-sale devices into the global banking system tomorrow, it’d melt down. So, we built a zero-trust architecture. No keys on the phone, everything virtualised in the cloud, and we kept to standard formats that acquirers already know how to handle.
Our transaction had to look exactly like it came from a standard in-store terminal. If it didn’t, if the banks or schemes saw something unfamiliar, they’d stop it. So, we didn’t change the format. We just moved all the complexity to the consumer’s device.
The other challenge is commercial. Fraud, chargebacks, false positives… they’re huge issues for merchants, but some players in the ecosystem actually make money off that complexity. So, there’s not always a rush to solve it, even when the solution’s sitting in front of them.
What are your biggest achievements or proudest moments so far?
This moment in time with CPoI® is a culmination of 18 years of hard work. I remember my first meeting with the PCI Security Standards Council after I founded MYPINPAD, where I said: “We can turn a phone into a payment terminal where people can enter their PIN.” They laughed me out of the room. One of the schemes told me you couldn’t secure an off-the-shelf phone to that level.
Eighteen months later, we passed the labs. That work became the foundation for SoftPOS, and it’s what Burbank is built on today.
More recently, we raised £5million in seed funding from Mouro Capital and Anthemis and brought in partners like jPOS to help scale and take CPoI® to financial institutions around the world. We’re also working with governments and regulators, from secure online shopping to digital ID and age-restricted content. There’s a lot more we can do with this.
How would you describe the culture of your company?
We’re engineers first. We go deep on the tech, but we always start with how people actually behave and what works. Real-world stuff. My mother-in-law struggling to shop online. The person worried about entering their card details online. That’s where we began.
We’re also realists. There’s a lot of smoke and mirrors in payments from fraud tools, identity systems, artificial intelligence, but a lot of it is guesswork. What we’ve built is certainty. When someone taps their card and enters their PIN, that’s it. You know it’s them.
That’s the culture: Keep it simple. Keep it grounded. Build what actually works.
What’s in store for the future?
We’re going to roll out card-present for wallets. Right now, even if you double-tap your phone to pay online with Apple or Google Pay, it’s still treated as card-not-present transaction. We’re working on changing that.
We’re also working with banks and issuers to embed this tech directly into mobile banking apps. So, if you want to change your home address, password, or set up a new payee, you’ll just tap your card and enter your PIN. No one-time passwords, no saved credentials, no account takeover: just a secure, positive action that proves it’s really you.
Beyond that, we’re exploring all sorts of use cases, from age verification to QR-based utility bill payments. Anywhere you’d want to confirm identity or authorise a payment securely, this can work.
At the heart of it, it’s about trust. Everyone already knows how to use Chip and PIN, and importantly, trusts it. We’ve just brought that certainty to the internet.
