The site is currently being upgraded, please come back in a few hours.

Security

Call to Action Background

Identity Verification

KYC and AML verification using regulated data sources and document checks where your process requires them

Multi-Source Verification
Secure Processing
Real-Time Validation

What is an identity?

At present the UK does not have an official identity service. Instead, businesses must piece together different identity concepts from different sources to reach their desired confidence level. Official documents such as a passport are one of the only physical sources.

Rather than relying on the physical passport Proofenance can achieve this the same level of confidence using technology.

Many of these data sources are now available digitally through modern APIs to regulated institutions. What's more, now third parties such as Proofenance can access the information enabling faster identity checking.

These data sources do not present or send any data over to Proofenance. Instead, Proofenance reaches out and asks them to validate if our information matches their own records.

This is both faster and more secure than using paper documents.

The exception is with Proofenance's Open Banking connection; where Proofenance requests data from the bank, which is authorised by the customer.

Due to the private nature of this personal information, all companies performing identity verification must comply with the strictest security standards and protocols to protect the data they process. They must also maintain strict confidentiality and privacy policies to protect the personal information of their clients.

Linking up

The identity is linked to the purchase funding through the name attached to the bank account authorised during Proofenance's Open Banking step. The person physically making the purchase is linked through their facial photo.

Once a definitive name and address is known, sanctions lists, watchlists, and politically exposed persons lists can be searched.

Proofenance sources and presents verified factual information relevant to a person. The final decision to allow, deny, or report a payment must be made by the user (a human).

Identity Verification Pieces

Secure by design

Every layer is there to keep identity and payment data where it belongs.

Encryption & access controls

Encryption and access controls aligned to financial services expectations, with design reviews as the product evolves.

Data protection by design

We treat ID and source-of-funds material as highly sensitive, with minimisation and clear roles for who can see what, when.

Secure infrastructure

Multi-vendor hosting spreads risk across providers so we are not dependent on a single cloud, with logging and operational hardening for regulated workloads.

Dedicated hardware

Sensitive processing runs on dedicated compute, giving us full control over our environment where identity data is handled.

Strong resilience

Redundancy, failover, and recovery are built in so a single failure does not take compliance workflows offline when a sale is in progress.

Audit trail

Key compliance actions and evidence are tied to the purchase so you can show what happened in a real sale.

Ongoing security work

We monitor, review, and improve controls over time, with materials you can share with your board or bank.

UK & EU data choices

Hosting and retention choices that match your risk profile across the jurisdictions you sell in.

GDPR by design

Privacy principles are built into how we collect, store, and retain identity and payment data.

ISO 27001 aligned

Security management practices aligned to ISO 27001, with controls you can discuss with your MLRO or bank.

24/7 security operations

Monitoring and incident response run around the clock so issues are caught and handled without waiting for office hours.

Security you can read and share

If your MLRO, bank, or client asks how data is held, we want you to have a clear place to point.

Contact us