Vouchsafe
Vouchsafe is a general-purpose identity verification platform that works for the 1 in 5 UK residents who can't pass a traditional ID check.
All the user needs are the details of someone they trust who has photo ID; it even works if they have a thin or non-existent credit file.
Features
- verify users, even without a passport or driving licence
- users can prove who they are with their trusted relationships
- no added complexity; we choose the appropriate verification option
- use standalone, or with our OpenID Connect-compliant API
- understand fraud risk level
- configurable retention and audit trail policies
- automatic AI-powered verification without any staff intervention
- custom add-on checks like address or age verification
Benefits
- meet statutory duties; open up your services to everyone
- stop manually handling difficult cases; Vouchsafe handles them automatically
- free up case worker time for more important tasks
- confidently prevent fraud and deliberate misuse
- add standardisation and accountability to your verification processes
- meet GPG45 low or medium confidence
- use it as a KYC or anti-money laundering check
- use it as part of a right-to-work or right-to-rent check
Pricing
£2 to £20 a transaction
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 2 4 3 0 4 2 7 2 9 3 4 6 3 9
Contact
VouchSafe
Chloe Coleman
Telephone: 07535 596229
Email: chloe@vouchsafe.id
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
Vouchsafe can help you meet GPG45 low or medium confidence out of the box.
With the addition of extra checks, it can also support you in meeting high confidence. - System requirements
-
- Latest three versions of major browsers (eg. Chrome, Safari)
- 100 kbps minimum bandwidth for video selfies
- Front-facing camera with minimum 320x240px resolution and 15fps framerate
- Screen at least 4in with a refresh rate of 60Hz
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
If it’s an emergency, we’ll reply within 30 minutes and update you every hour until the problem is fixed.
If it’s not an emergency, we’ll reply within one working day. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- We do web chat support over Slack. See their accessibility statement here: slack.com/intl/en-gb/accessibility
- Onsite support
- Yes, at extra cost
- Support levels
-
Our starter plan includes email and web support within normal business hours (9-5, Mon-Fri).
Our enterprise plan further includes a negotiable number of dedicated monthly support hours, charged at £60/hour.
Out-of-hours 24/7 support can also be added for an additional cost.
We provide every enterprise customer with a dedicated technical account manager. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We have a team of specialists who can help you figure out (1) whether Vouchsafe is a good fit for the problem you're solving and (2) how to fit Vouchsafe into your existing services.
Although you can certainly use Vouchsafe on our starter plan without ever talking to us, relying only on the written documentation, we encourage every new customer to take us up on the offer of some free help and support, especially when getting started. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- If you'd like to stop using Vouchsafe, you can request a copy of your data by emailing help@vouchsafe.id. We'll agree on a secure way to share it with you.
- End-of-contract process
- If you'd like to stop using Vouchsafe, you can either keep your team and customisations dormant, or delete them altogether. If you do the latter, you'll have to start from scratch if you decide to start using VouchSafe again. There are no additional costs for any of this.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- N/A
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- All Vouchsafe features can be accessed and configured via the customer dashboard in any modern browser, including current and historic verifications, API keys, usage statistics, data exporting, team user management and audit log data. We also offer an API for integrating into existing services, which follows the OpenID Connect standard. Customers can integrate in as little as an hour, following our documentation and tutorials.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We have tested the dashboard with screen readers, magnifiers and keyboard-only use. We include users of assistive technologies in our day-to-day user research.
- API
- Yes
- What users can and can't do using the API
-
We have a public, documented API which you can use to (1) take the same actions you might take through the dashboard UI programmatically, and (2) integrate VouchSafe with your other services, seamlessly redirecting a user to us for verification and then back to you on success.
Your API access is secured with a token, which you can get from the dashboard.
The API follows the OpenID Connect standard. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The user-facing web interface can be white-labelled to resemble, say, a GOV.UK, NHS or local authority service. Fonts, logos and colours can all be modified.
Most customisations can be made directly via the dashboard.
Some aspects of the interface are important for security and accessibility, and can't be customised.
You can also decide what level of confidence you'd like users to be verified against, aligned to low, medium and high GPG45 confidence levels.
Scaling
- Independence of resources
- Vouchsafe is architected in a serverless way: our cloud infrastructure scales up and down with traffic. We use large cloud infrastructure providers who always have much more capacity available than we'll ever use.
Analytics
- Service usage metrics
- Yes
- Metrics types
- When you sign into the Vouchsafe customer dashboard, you'll see statistics for the number of verifications over time, the confidence levels obtained, along with other useful metrics. If you have unusual or specific needs when it comes to usage metrics, we can work out a different arrangement with you.
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Normally, you'll do this through our documented public API, which is designed to integrate with your other existing systems. You can also manually export CSV data files.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- We use reasonable endeavours to make the Service available 24 hours per day, 7 days per week, except for planned maintenance which we'll tell customers about in writing with good notice, and internet or other network problems outside our control. Our goal is 99.999% uptime.
- Approach to resilience
- We use serverless architecture hosted on large public cloud providers, crossing multiple datacentres. More info available on request.
- Outage reporting
- We have a public status page that details current and historic outages, and subscribe active customers to email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
- The management dashboard includes the ability to manage team members. Team members can see historic and current verifications. Administrators can additionally change API integration settings and invite/revoke additional team members.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We have pending ISO27001 certification, which is expected in Q4 2024.
- Information security policies and processes
-
We have an a Information Security Management System (ISMS) which outlines management commitment to information security aligned with ISO27001, which we will certify by Q4 2024.
As part of this system, we keep a risk log that is updated regularly, with mitigations, by our security working group, which meets quarterly.
All new starters get training in information security and privacy in their first month with yearly refreshing.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We have a formal change management process for our software that is aligned with ISO27001. We use ticketing systems so that changes can be audited. Changes to our production services are approved by an appropriate experienced member of staff who is qualified to make a judgement about any potential security impact.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We use well-supported operating systems and software for all our production services, and use serverless architecture to deploy new releases almost immediately. We use vulnerability scanners as part of our code release pipeline and subscribe to high-priority vulnerability notifications from all our vendors and suppliers, which are then deployed within a day or two.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Our production services have monitoring and alerts set up for unusual or suspicious activity. An alert will be considered by our security working group, which will decide how to resolve it. If an alert happens out of hours, it will be directed to our on-call staff, who may decide to raise it to the security working group anyway. This way, we can resolve incidents 24/7.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Our operations team will raise an incident, or it may be reported by users by emailing help@vouchsafe.id. We have pre-defined processes for different severities, including updating our public status page and alerting affected customers by email. We publish resolution reports on our public status page. The process is aligned with ISO27001.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Equal opportunity
Fighting climate change
Vouchsafe is a modern business with a remote-first culture and a small carbon footprint for our size. Our office space is in the adaptively re-used building Peckham Levels (peckhamlevels.org).
We consider climate stewardship in our supply chain and only use cloud infrastructure providers with the best climate credentials.
We have pending B-Corp accreditation.Equal opportunity
Vouchsafe is a radically inclusive, co-designed product.
We’re making this work for the people most in need first: a segment of users who are underserved by other products.
People without good forms of ID are invisible to institutions. Vouchsafe will give these people a reliable way to prove who they are, without the need for them to have a paper document.
This is making it easier for them to receive a whole host of benefits and access to services they might not have been able to access otherwise.
This includes early preventative support rather than expensive crisis care or unlocking access banking and housing that are prerequisites for high-quality employment. This impact has been formalised in UN Sustainable Development Goal 16, target 9.
Vouchsafe is made with equality, diversity and inclusion in mind from the start.
It was built by a diverse, interdisciplinary team with lived experience of the issues, and where specific experience isn't in our team, we co-design with users who do have it.
Pricing
- Price
- £2 to £20 a transaction
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- We offer the first 20 verifications or first month of use (whichever comes first) free, on request.