VerIDial Features

Cogs indicating settings

Customisable

PINs can be sent out via Push Notification to the VerIDial smartphone app, SMS or Voice for true Two Factor Authentication.

PINs can also be sent via Email for when a phone is not available and a lower level of security is acceptable. (not recommended)

The length of PIN can be customised for increased security.

API requests that provide the current status of a request can be used to provide detailed user feedback.

VerIDial provides a free iframe plugin for use by customers. The plugin provides user feedback and PIN validation elements and can help shorten integration times.

Padlock indicating security

Secure

PINs have a time limit before expiry and are valid for one use only.

All API calls are over Transport Layer Security (TLS) 1.1 or higher, older protocols and insecure ciphers are disabled.

PINs are created using a FIPS compliant random number generator.

Initial API calls (server to server) use Basic Authentication to both identify the installation and validate the caller.

API credentials are stored using FIPS compliant hashing algorithms with no access by employees.

Each API call that creates a new request returns a globally unique token. This can be used server or client side to obtain the status of a request or to validate a PIN attempt.

Magnifing glass indicating inspection

Compliance & Audit

Each request is securely stored for a fixed time period for reporting and billing.

All unnecessary information including the PIN is stripped from the record once the request has completed.

Potentially personal information retained for reporting such as number and email are obfuscated.

After legal and auditing requirements have been met, all records are securely destroyed.