Your mobile transaction path is not yours.

Standard mobile banking architecture routes critical transactions through foreign infrastructure the bank does not own and cannot govern. ZTAN closes that gap.

Under active development. ZTAN is currently in development. Early access conversations are open — contact us to discuss your requirements.


Most mobile banking apps route their traffic through a CDN provider. A CDN does not transparently pass encrypted traffic — it terminates TLS at the edge, decrypts the payload, inspects it, and re-encrypts for the hop to the bank's origin server. The consequence: the full plaintext content of every API call — every transaction amount, every account balance, every KYC submission — is readable by the CDN operator. That operator is a foreign commercial entity, subject to its own government's laws, with no obligation to notify the bank when it receives a compelled disclosure request.

CNX ZTAN replaces the standard mobile-to-backend path with a private, domestically sovereign channel. The application routes its critical calls through a cryptographically verified tunnel that originates on the device, terminates inside Cambodia, and connects directly to the bank's core over a private network interface.

No public internet path. No foreign routing node. No anonymous access. No metadata visible outside Cambodia.

What stays in Cambodia

  • ✓ Transaction payload — amounts, recipients, account details
  • ✓ KYC data and verification responses
  • ✓ DNS resolution for the protected path
  • ✓ Routing decisions and flow metadata
  • ✓ Encryption keys (HSMs inside Cambodia)

One SDK, no user friction

A lightweight library integrated directly into the mobile app by the bank's own development team. No VPN prompts. No profile installation. No permission dialogs. Invisible to the customer.

Admission before inspection

Only hardware-attested devices reach the backend. Anonymous traffic — scanners, bots, any connection without a valid device attestation — is dropped before any payload is inspected. APIs are removed from the public internet's attack surface.

Three-site domestic failover

ZTAN gateways are designed to operate across three independent data centres inside Cambodia, interconnected via the national IXP fabric. Sub-second failover. If all three sites are simultaneously unreachable, the SDK falls back to the bank's standard path.


Compliance position

NBC Technology Risk Management Guidelines require institutions to demonstrate control over where their data flows and who has access to it. Public architecture — where API calls route through foreign infrastructure — produces a structural gap in that evidence. ZTAN closes it: the bank can demonstrate that every protected transaction, from device to core, was handled exclusively by infrastructure inside Cambodia under Cambodian jurisdiction.

Planned platform support: iOS 14+ · Android 8+. Contact us to discuss integration requirements or early access.