Compliance
IDEE’s products are 100% compliant with regulations such as GDPR and PSD2.
IDEE products are built with privacy by design. We know nothing about the users and their information, and we never store any personally identifiable information (PII) on our servers.
European General Data Protection Regulation (GDPR)
No personal information is ever stored or shared. The user has total control of her data. The user decides when, where and with whom to use her identity. This is in line with GDPR privacy requirements. ENISA Guidelines for GDPR Compliance recommend “Two-factor authentication as a technical security measure for accessing systems that process personal data.”
European Payment Service Directive 2 (PSD2) SCA
IDEE user authentication factors are mutually independent, non-replicable, non-reusable, do not disclose the authentication information, cannot be reversed to reveal previous or subsequent authentication information. It also, provides dynamic linking as defined by EBA RTS PSD2 Strong Customer Authentication (SCA) requirements.
Payment Card Industry Data Security Standard
(PCI-DSS)
IDEE Multi-factor authentication solution meets PCI requirements of “multi-factor authentication (MFA) for preventing unauthorized access to computers and systems that process payment transactions”.
NIST Digital Identity Guidelines
IDEE complies with NIST SP800-63B digital identity guidelines such as using Multi-factor authentication to provide “high confidence that the claimant controls authenticator(s) bound to the subscriber’s account“.
ISO 29115 Entity Authentication Framework
The different authentication assurance levels as stipulated in ISO 29115 while accessing different services are observed by IDEE depending on the security requirements and the sensitivity of the asset to be protected. IDEE provides MFA by default not just “where substantial risk is associated with erroneous authentication”.
UK National Cyber Security Center MFA Guidance
IDEE is compliant with the NCSC Guidance for Multi-factor authentication on online services.
Privileged Account Management for the Financial Service Sector
IDEE is compliant with the NIST privileged account management for the financial services sector’s authentication requirements.
FFIEC Authentication in an Internet Banking Environment
FFIEC requires financial institutions implement multi-factor authentication for high-risk transactions involving access to customer information or the movement of funds to other parties. IDEE solution helps customers to achieve this requirement.
U.S. Cybersecurity National Action Plan
US Cybersecurity National Action Plan (CNAP) empower Americans to secure their online accounts by “moving beyond just passwords and adding an extra layer of security … by combining a strong password with additional factors”. IDEE eliminates passwords completely while providing a strong and reliable multi-factor authentication.
Federal trade commission (FTC) Standards for Safeguarding Customer Information
FTC considers multi-factor authentication as a minimum standard for allowing access to customer information for most financial institutions. It requires financial institutions to “implement multi-factor authentication for any individual accessing customer information … internal networks that contain customer information.” IDEE helps clients to comply with this requirement.