Document Verification, OCR Auto-Fill and Facial Comparison with Mitek.
Mitek’s Tiden cloud platform has the most advanced authenticators available today without the need for specialised hardware. Built by a PhD level science team and modelled after how a border control agent evaluates identity documents for forgeries, each authenticator performs a specific test for known forgery techniques.
- Available via Experian’s CrossCore Platform / Application Programming Interface (API).
- Mobile device auto-capture of document and facial images.
- Real-time and automated review of government issued identity documents.
- Process international passports, driver’s licenses, ID cards and residency permits.
- Real-time visual feedback on image quality issues during capture.
- Facial biometric comparison via selfie with liveness detection.
- Fast and accurate data pre-fill from ID documents.
- Supports Mobile Web, Android and iOS platforms and devices.
- Search ‘CrossCore’ in G-Cloud to view other backing applications available.
- Improve application completion rates by replacing manual document reviews.
- Reduce friction for consumers with instant data pre-fill for forms.
- Match ID documents to a person, be confident it's them
- Assists Anti Money Laundering (AML) and Know Your Customer (KYC).
- Implement 100% digital customer onboarding for a positive application journey.
- Deter and detect fraudsters to minimise fraud attacks and losses.
- Reduce false positives, false negatives and unnecessary manual verification processes.
£5000 per unit per year
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||All Experian Identity and Fraud services, in particular those that are available via the CrossCore platform as an overall decision is provided across multiple services to suit the specific use case.|
|Cloud deployment model||Private cloud|
|Service constraints||Document Verification is provided via the CrossCore and is a 24x7x365 service the majority of maintenance is performed with no interruption to service.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||To manage our client services effectively, and in line with ITIL best practices Experian have defined Service Levels across all core processes (incl. Incident, Service Request, Problem, Change Management etc.). Our Tiered Service Framework allows us to provide differing levels of service and support offerings to meet our client’s needs. The Service Tier selected will define the SLAs we work to. Engagement via a SPOC our Experian Service Desk will ensure all interactions are recorded and assessed against impact and severity before being assigned a "Priority".|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Support levels||Standard support is 09:00 - 17:00, enhanced packages offer up to 24/7 support availability, Enhanced support costs are determined by the user requirements.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Hnical support during service setup and/or integration - User Documentation - On site Training available at cost - User Webinars|
|Other documentation formats||Excel|
|End-of-contract data extraction||Not Applicable|
|End-of-contract process||Not Applicable|
Using the service
|Web browser interface||No|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The MiSnap SDK is provided to the buyer to integrate with their own web site or mobile user journey to capture good quality images for passing into the CrossCore API for verification and/or OCR. Both journey's provide very similar capabilities.|
|What users can and can't do using the API||Users can submit transactions into CrossCore and receive responses back. The user cannot make changes to the service via the API - configuration of the service is managed by Experian.|
|API documentation formats||Other|
|API sandbox or test environment||Yes|
|Description of customisation||The strategy responses from CrossCore can be customised to meet customer needs. This service is provided by Experian.|
|Independence of resources||
Proactive monitoring is in place to alert when pre-defined thresholds are reached.
All systems are horizontally and vertically scalable to met current and expected demand.
|Service usage metrics||Yes|
Service availability via Service Management which is a separate, chargeable service.
Batch MI of results is also available as a chargeable service.
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Mitek Systems Inc|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Users are expected to retain copies of the results from CrossCore submissions within their own systems, as required.|
|Data export formats||Other|
|Data import formats||Other|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Service availability is 99.5%. User refunds are negotiated as part of the contract (if required)|
|Approach to resilience||Experian backs up all data that has an on-going business value for operational recovery purposes and to comply with business continuity plans. Backups are regularly tested for reliability and integrity, and restoration procedures are tested for effectiveness and acceptable performance. The confidentiality, integrity and availability of backup media is protected in storage using physical, environmental and technical controls, such as secure storage and encryption. The primary data resides in Fairham House datacentre and backup data is transferred over dedicated dark fibre links to Experian’s DR site in Bulwell. This is a very secure transfer method and the data cannot be intercepted. This data then resides on tapes in robotic silo’s and NEVER leaves this location physically, if the data is needed, it will be recalled over the same dedicated dark fibre links to Fairham.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||Users have their access controlled using a user role and security group function. In addition access can be restricted to specific client IP addresses.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||2-factor authentication|
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||DNV GL Business Assurance Limited|
|ISO/IEC 27001 accreditation date||20/12/2016|
|What the ISO/IEC 27001 doesn’t cover||The following is covered by the scope of the certificate; the delivery and support of Experian IT infrastructure, operations, architecture and associated compliance and facilities management undertaken within the UK data centres.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Trustwave|
|PCI DSS accreditation date||28/10/2016|
|What the PCI DSS doesn’t cover||Everything is covered|
|Other security certifications||Yes|
|Any other security certifications||Experian also holds Cyber Essentials certificate|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Experian have comprehensive Global Security Policies based on the ISO27001 standard which covers; - Organisation and Management - Information Security - Asset Classification - Physical and Environmental Security - Communications and Operations Management - System Access - Systems Development and Maintenance - Compliance - Personnel and Provisioning - Business Continuity Management - Third Party Management|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All modifications and improvements to Experian's information systems will be managed through a controlled change management process. Experian have a Change Management Policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process implemented in 2000. We use a Service Management tool that integrates Change Management, Incident Management, Problem Management, Configuration Management and Knowledge Management. Our Change Management policy, process and procedures are regularly audited by independent auditors. Experian business units will establish and maintain a process for documenting proposed changes to information systems.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||In line with our Global Information Security Policy, Experian performs regular vulnerability and integrity checks of our systems. The scheduling varies depending on criticality and exposure of the system being checked Experian has regular network security assessment conducted of both internal and external deployments, in which the Firewall Infrastructure is tested, including internal components, applications, and employed servers Vendor software patches are applied on a monthly cycle with a risk-based approach taken to prioritisation via an automated Patch & Fix strategy which is underpinned with a technology infrastructure to deliver corrective updates.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Monitoring processes and tools are in place to manage alarms generated by security related alerts and these are fed into the incident management process. Experian has a formally documented risk based incident management process to respond to security violations, unusual or suspicious events and incidents. In the event an incident occurs a team of experts from all relevant areas of Experian are gathered to form an incident response team, who manage activities until resolution. The incident response team are available 24/7 to resolve any incident. Out of core hours the dedicated incident hotline is routed to the command centre.|
|Incident management type||Supplier-defined controls|
|Incident management approach||The incident management process incorporates a number of participants and contributors, including: Global Security Office - who facilitate and coordinate activities under the business security coordinator's guidance; Business Security Coordinator - a representative of the impacted business area, responsible for coordinating resolution activities; Incident Response Team (IRT) - IRT is made up of a membership that are empowered to make key decisions surrounding the actions to be taken to reduce impact, control actions, and impose corrective activities. A client report would be created, including: high level overview; facts; overview of events; actions taken.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£5000 per unit per year|
|Discount for educational organisations||No|
|Free trial available||No|