Daon

xProof: Identity Verification (proofing, onboarding & IDV)

xProof Identity Verification (IDV) utilises patented AI technology, including advanced OCR, for swift, precise identity verification using automated ID document processing and face biometrics.

Enhanced by cutting-edge presentation attack detection and photo watchlist matching, xProof significantly reduces user friction during an onboarding process, identity proofing or within an eKYC process.

Features

• Simple, secure and seamless identity verification.
• Scan an ID, NFC, or credential. Snap a selfie. Done.
• Industry-leading and user-friendly presentation attack defence.
• Automated ID verification checks ensure the document is genuine.
• Functionality across mobile, Android, iOS, web, kiosk, and even on-site.
• Meets NIST and IAL2 standards and is DIATF certified.
• xProof processes ID documents globally from almost every sovereign entity.
• SaaS multi-tenant cloud, single-tenant cloud, or on-premises deployments available.
• Third-party checks and trained staff reviews are available.
• Robust encryption and security standards safeguard the sensitive data collected.

Benefits

• Identify individuals remotely on mobile, web, or in person.
• A seamless, user-friendly experience, designed to be accessible to all.
• iBeta tested ISO 30107-3 Level 1 and 2-compliant liveness detection
• Reduces operational costs through increased automation.
• Experience at scale, onboarding over 50 million individuals annually.
• A no-code, drag-and-drop orchestration layer.
• Simple and quick integration into existing and new systems.
• Device-agnostic, almost any device with a camera can be used.
• Continuously updated security and algorithms to protect against evolving threats.
• Implementation support is available from Customer Success.

£0.25 to £1.95 a transaction

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales-uk-ie@daon.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

526496029361908

Contact

Matthew Brawley
07702849512
sales-uk-ie@daon.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Can be integrated within customer web sites or mobile apps for identity verification. Can also be initiated via a link or QR code.
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No specific service constraints.
• System requirements: REST API

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are established in accordance with the selected service package.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 1. STANDARD: Portal access with 24-hour availability.; Response times: P1 - 1 Business Day, P2 - 1 Business Day, P3 - 1 Business Day; Cost: Included.; ; 2. BUSINESS: Email support included; Portal access with 24-hour availability.; Response times: P1 - 2 hours, P2 - 2 business hours, P3 - 6 business hours; Cost: see pricing attachment for additional cost; ; 3.ENTERPRISE: Email support included; Portal access with 24-hour availability; Response times: P1 - 1 hour, P2 - 1 hour, P3 - 4 business hours; Cost: see pricing attachment for additional cost
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers are provided with access to an easy to use web console to manage the system with access to our SDK and API documentation, and a dedicated customer support portal.; ; Daon's Customer Success team is available to provide further guidance through setup, configuration, integration, testing, etc. Additionally, they can provide both remote and onsite training and development support, as needed. These services are at an additional cost.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data can be extracted via the systems REST API.; Data will be deleted after a specified retention period; can be deleted by the client via the API or by asking Daon to remove all of the data.
• End-of-contract process: Access to APIs, removal of data and customer support for service queries. As most organisations will extract the relevant data during usage and at the end of a contract period may choose to replace the service with another provider's, this approach is typically sufficient. Further assistance if required is available from our Customer Success at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile devices can either use a mobile-based browser experience or an app-based experience via our SDKs for iOS and Android. Desktops and laptops can only use a browser experience. ; ; We recommend using a mobile device for capture of images for stronger security and higher levels of usability and provide a means of switching from desktop/laptop to mobile and back. Some features, such as NFC capture of ePassports is only available on mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: XProof is provided through REST APIs, SDKs for iOS/Android and a Web UI, which include a user interface for the end-user. A web-based console is provided for organisations to manage the service.
• Accessibility standards: None or don’t know
• Description of accessibility: The out of the box end-user interface is designed for accessibility based on WCAG 2.1 AA.
• Accessibility testing: Out of the box end-user interface has undergone by a specialist company to ensure that it can be used with relevant assistive technology such as screen readers.
• API: Yes
• What users can and can't do using the API: All of the service's functions can be accessed via a secure REST/JSON API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: A Process Designer allows organisations to configure the identity verification process. This allows the UI steps, verification methods and any external interfaces to be configured in a low-code model.

Scaling

• Independence of resources: Daon's systems are designed to scale and we process up to hundreds of thousands of identity verifications per day at peak times. We work with our customer organisations expecting high volume usage to understand their needs and plan for them to ensure consistent, reliable performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Our service captures a number of different metrics including timings, results of process/steps and metadata that can be consumed via our user interface or API.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Encryption of all sensitive data at the application layer before storage. Audit trail of access.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All of the data is available via REST APIs and webhooks. ; ; (Additionally, the data of a specific Instance can be downloaded as a password-protected archive from the console.)
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats:
  • JPEG
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: For a standard deployment, 99.9% on a monthly basis. Higher availability service levels are available with upgrades.
• Approach to resilience: Each system component is deployed in multiple availability zones. Data is also replicated to a secondary region for disaster recovery.
• Outage reporting: Email alerts/service reports

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Role-based Access Control. Sign in with Username + Password + App OTP; Single Sign-On (SSO) options also available.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe (INAB)
• ISO/IEC 27001 accreditation date: 17/10/2017
• What the ISO/IEC 27001 doesn’t cover: NA – The entirety of the standard and extensions apply.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO/IEC 30107 compliant
  • ISO/IEC 27701:2019
  • ISO/IEC 27018:2019
  • ISO/IEC 27017:2015
  • AICPA SOC 2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Daon maintains a comprehensive Information Security Management System (ISMS) and Privacy Information Management System (PIMS) which are independently audited for compliance with the AICPA SOC 2 Trust Principle for Security, plus the international standard for information security management (ISO27001:2022) and extensions for privacy management (27701:2019), cloud security (27017:2015) and management of PII in the public cloud (27018:2019). ; ; Daon’s CISO is responsible for the security and privacy compliance programs.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to service components are managed through a change control process that follows the ITIL4 Service Management practice of Change Enablement and is part of Daon’s comprehensive Information Security Management System. Application and system changes require security risk review with approval required from a security architect.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerabilities are identified through automated scans and manual validation. Patches are deployed based upon severity with a typical patching window scheduled monthly. Emergency updates can be expedited if required. We monitor threat feeds from US CISA and UK NCSC.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Both automated alerting and manual log review are used to identify potential compromises or anomalous events. Suspected or identified compromise response follows 5.24-5.29 of ISO/IEC 27002:2022 with the IRT alerted immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident processes and procedures are written and included in Daon’s ISMS. Customers may report incidents by raising a P1 ticket in the support portal. Incident response and reporting follows the ITIL4 Service Management practice of Incident Management.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Daon is committed to digital solutions, providing a climate-friendly alternative that eliminates the need for paper in identity verification or the necessity for individuals to travel to government buildings for in-person identification. This approach significantly reduces the use of paper, postage, and travel.

  Covid-19 recovery

  Daon's technology eliminates the necessity for individuals to travel to physical government buildings, facilitating swift, secure, and user-friendly verification from the comfort and safety of their homes. This makes it an effective tool in a pandemic environment.

  Tackling economic inequality

  Daon offers a cost-effective solution that is designed to be accessible to everyone; all that is required is access to the internet and a device with a camera. Our solution reduces the inconvenient and sometimes expensive necessity of travelling to government buildings. Furthermore, our service is available 24/7, enabling verification to be conducted at a time that is convenient for the user.; ; Consequently, Daon's solution contributes to the mitigation of economic inequality by enhancing the accessibility of services to a wider audience, including vulnerable individuals or those who may be incapacitated by illness or disability and thus unable to leave their homes.

  Equal opportunity

  Daon is an equal opportunities employer both globally and in the UK.; ; Further to this, our user interfaces are designed with inclusivity in mind, and we are constantly striving to minimise racial bias within our machine learning algorithms, ensuring that our solution is effective across different races, genders, ages, religions, disabilities, and socioeconomic backgrounds.

  Wellbeing

  Daon streamlines access to government services, enabling individuals to quickly and easily verify their identities online. By using Daon's technology from a computer or mobile device, individuals can bypass the traditional hassles of completing extensive paperwork, making copies of identification, or making trips to government buildings. This efficient process not only minimises stress but also improves overall well-being, freeing up time for other important activities.

Pricing

• Price: £0.25 to £1.95 a transaction
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial period typically consists of 100 transactions, available for 30 days.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales-uk-ie@daon.com. Tell them what format you need. It will help if you say what assistive technology you use.