Skip to main content

Help us improve the Digital Marketplace - send your feedback

Melissa Data Ltd

Identity Verification

Verify an individual's: name, address, phone, email, DOB, and national ID - against trusted reference data.

Checks include identity verification, PEPs sanctions/watchlists, proof of address, 2+2.

Service can help with customer onboarding, regulatory compliance, AML, preventing fraud, KYC initiatives, threat protection and ensuring trust of the people accessing services.

Features

  • Verifiy a name to an address and to ID references
  • Corrects and verifies UK & Global contact data
  • Real time verification of users / citizens (KYC)
  • Inputs verified: Name, Address, DOB, National ID, Phone, Email
  • Background checks: PePs / Watchlists (AML)
  • Ensures phones are callable and emails, addresses are deliverable
  • Single record or batch / volume processing for held databases
  • Multi-sourced trusted reference data: Govt; Credit etc
  • Deceased register checks
  • Adverse Media & Negative News checks

Benefits

  • Identify individuals from trusted UK & Global reference data
  • Add missing address components, corrects and standardise to country format
  • Enhance fraud detection and prevention
  • Improve user experience of online services (on-boarding)
  • Keep held database up to date and compliant
  • Identify & match individuals to households
  • Enhance service delivery and cost efficiencies
  • Comply with PeP, Sanctions and AML regulations
  • Meet KYC and Customer Due Diligence requirements
  • Detect & prevent fraud by checking mortality registers

Pricing

£0.25 to £3.95 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@melissa.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 9 5 6 8 4 2 2 4 3 0 3 9 3 0

Contact

Melissa Data Ltd Barley Laing
Telephone: 020 7718 0070
Email: info.uk@melissa.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
The very nature of this solution with its near-real time access to identity data such as credit, government, utility, phone, postal, consumer and commercial sources requires that this be deployed in a public, private, or hybrid cloud environment.
System requirements
  • Licenced dependent on use case
  • Can be licenced as: Public; Private or Hybrid Cloud
  • Can be licensed: per country and per transaction.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are within 3 hours during week days, and by 12 noon for the following work day after a weekend.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Our web chat enables customers/users to communicate with Melissa representatives in real time via a web link. Typically this is through text in a pop-up window, with audio prompts.
Web chat accessibility testing
N/A
Onsite support
Onsite support
Support levels
Standard support is 20 hrs a day Mon to Fri. This can be via email, phone or webex. This support is provided for free for the lifetime of the service licence, and includes service training and integration assistance. Standard support is based on a ticketed system and accesses all of our global support agents.
SLA's - tailored support packages are available. These vary depending on requirement but can provide response times of within 3 hours 24/7, with named technical support engineers in a tiered escalation process. SLA costs are based on the individual requirements for uptime and support levels.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full service start up guidance is available through our online wiki: technical documentation; sample code; service URLs; FAQs etc.

Training can be delivered: Onsite, Telephone, Online webex, and Email.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
This is clarified at the beginning of individual contracts, and is covered in our service Licence and T&C's, Melissa Data conform to the relevant regulations and procedures. Melissa do not store or retain any customer data, our systems are purged after a successful transaction has been completed
End-of-contract process
Contracts & T/C's detail the period for which a service is licenced and how it can be used.

Licencee's can renew at the end of the agreed initial licence, or stop licencing the service without penalty - as long as no agreed conditions or contractual arrangements have been breached.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Services can be delivered to any screen size resolution
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Melissa web services are typically delivered as API's but can also be accessed via pre-built interfaces such as ETL tools such as SQL SSIS components, and CRM's such as SalesForce & MS Dynamics etc
Accessibility standards
None or don’t know
Description of accessibility
Users access our web services via connected devices. Melissa’s products are offered as APIs or Application Programming Interfaces used programmatically and do not have a User Interface. Any data processed is returned as a set of getters for the on premises libraries or XML or JSON return elements for the Web APIs. Thus, Melissa products have no accessibility concerns, as to the handling of how the data is represented because it is native to the calling application and not the product
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
Users can consume the Personatory Identity through an API. As such it can be integrated anywhere in an organisations process flow. Users will use a Web Portal to determine transaction counts.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The format and integration of the service can be defined by the licence holder. When providing a private cloud solution we can customise countries covered and accessed, as well as elements of result scoring and matching. This is done as professional services, not directly by the customer and quoted separately.

Scaling

Independence of resources
The service feature a clustered approach so incoming requests are equally distributed on many nodes ensuring consistency and failover. Service monitors have On-Demand instances ready to spin up at a moment's notice in response to load. Globally distributed DNS architecture means there aren't any single points of failure.

Analytics

Service usage metrics
Yes
Metrics types
A count of transactions and the date submitted is kept. SNMP metrics, Server metrics and network protocol metrics are also kept for a six month duration. Licencees can access usage reports at any time through the Melissa dashboard provided.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Supplied data is never stored.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The service returns real-time JSON/JSONP responses using REST requests that are exported to the source system by program code (e.g. JQuery Autocomplete Plugin).
Data export formats
Other
Other data export formats
  • JSON
  • REST
  • JSONP
Data import formats
Other
Other data import formats
  • REST
  • JSON
  • XML
  • SOAP

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Services will be available during each calendar quarter at least 99.9% of the time, measured inside Melissa Data’s data centers. The measurement will be in 5 minute intervals, with each 5 minute interval of downtime counting as 3.5% (5/(60 * 24)) of the downtime for the day. The system is designed for full availability during routine maintenance.
Approach to resilience
The Melissa Data cloud is running Windows servers using Network Load Balancing cluster technology in multiple geographically distributed commercial data centre locations. DNS Load balancing and web service health monitoring are enabled so unhealthy servers are removed from rotation automatically. All incoming requests are sent immediately to available servers in the cluster. Melissa Data provides monitoring and real time testing of all servers, so that any problems will be flagged and technicians notified. This design eliminates single points of failure and helps ensure high availability for critical systems.
Outage reporting
Via email alerts, and followed up by account management teams

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Username and Password are required to access portals. Callers for support will need to provide an encrypted License key or have an email requesting support from an authorized person in the authorized distribution group for the requesting company.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Beyond Security
PCI DSS accreditation date
14/01/2024
What the PCI DSS doesn’t cover
Melissa can attest to testing web service endpoints with the PCI-DSS standard penetration tests, however Melissa does not send or receive financial information.
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2 type 1 & 2
  • HITECH

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SSAE16, SOC 2, PCI DSS, HITECH
Information security policies and processes
A. It is the policy of MELISSA that information, as defined hereinafter, in all its forms--written, spoken, recorded electronically or printed--will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle. This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information. B. All policies and procedures must be documented and made available to individuals responsible for their implementation and compliance. All activities identified by the policies and procedures must also be documented. Policies will be periodically reviewed for appropriateness and currency at least semi annually. C. At each department and/or department level, additional policies, standards and procedures will be developed detailing the implementation of this policy and set of standards, and addressing any additional information systems functionality in such department. All departmental policies must be consistent with this policy. All systems implemented after the effective date of these policies are expected to comply with the provisions of this policy where possible. At each department level periodic reporting will be made of adherence to policy to the Information Security Officer.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Web Service compatibility is maintained throughout the lifetime of the service. New versions are periodically rolled out but any deprecated elements are maintained to support existing client code. Changes are communicated well in advance and new URLs are sent out to facilitate a gradual migration to new service endpoints. All planned releases follow a security testing model that is OWASP compliant to ensure security.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Periodic training is conducted to keep all information security personnel up to date with security bulletins and vendor patches. All services are tested using the OWASP framework to ensure security guidelines are followed. Patches are deployed on a monthly basis, however, they could be applied in a day or two after release depending on severity. Information security personnel are briefed by enterprise vendors for equipment and antivirus software and stay informed using Open Threat Exchange, and other security professional sources.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Because Melissa Data does not store client supplied data and encrypts transmissions to and from the servers, the potential for breach is greatly reduced. However, even in this hardened architecture digital fingerprinting and audit techniques can be carried out. In the event of a security breach, Melissa will notify clients immediately via email.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Logging and audit trails are kept at every level and are reviewed continuously by company personnel. Users can report incidents directly to the IT staff and reports on outages and or intrusions will be sent out via a special web service bulletin email when a security breach is detected and when the postmortem is generated and the remedies identified.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Equal opportunity

Equal opportunity

Being able to prove your identity enables access to broader opportunities and services

Pricing

Price
£0.25 to £3.95 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Access to API's for service testing (some limits on response outputs depending on application requirements)

Standard appraisal time is limited to 4 weeks, but can be extended in certain circumstances
Link to free trial
http://bit.ly/electronic-id

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@melissa.com. Tell them what format you need. It will help if you say what assistive technology you use.