As the government moves to digital services, identity providers, like CitizenSafe, need to meet certain security criteria to ensure that your information is safe and secure.
Government Digital Services (GDS) is building GOV.UK Verify to allow you to prove your identity and access government services online, such as tax accounts, benefits and driving licence information. In addition, the information used to verify that you are who you say you are, must meet certain requirements before access to your private details can be given - again, ensuring that your data is protected.
At CitizenSafe, not only are we are dedicated to ensuring correct verification of your identity and the safety of your information, but we also want to keep the process simple for you - and our advanced technology and security does just that.
The CitizenSafe service has been designed with security in mind, with Information Security standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO/IEC 27001:2013 Information Security Management, being adopted as the benchmark Information Security frameworks for maintaining the confidentiality, integrity and availability of the CitizenSafe service. An Information Security framework is a combination of policies and procedures, which include all legal, physical and technical controls, involved in an organisation's Information Security Management processes.
We implement two-factor / two-step authentication (2FA). An “authentication factor” is the term for a category of credential that is used for proving someone’s identity - a two-step authentication requires two independent categories of credential. These are mostly divided into something that you know or have memorised, and something that you have or acquire.
An example of two-step authentication is going a cash point: you have the card and you know the PIN code to access your bank account. Another example is for online banking when you know you password and you get a secure one-time code to login in online.
Having these two different pieces of information as part of the CitizenSafe identity verification processes makes it very difficult for someone else to access your online GOV.UK information because they still can’t log into your account even if they have your username and password.
When you use CitizenSafe, you will set a password for your account and the second level of authentication will be a security code that we will send you via SMS, app or email. When you set your password, it will need to meet some minimum password complexity rules: these include things like at least one uppercase character, one lowercase character, a number, and must not be obvious information such as your date of birth.
We use a market-leading encryption provider, who implement a two-tier encryption key system, with key rotation to systematically and routinely re-encrypt data - what this terminology means is that you can trust us to keep your personal details safe.
In addition to data encryption, the CitizenSafe service utilises multiple layers of network protection and active monitoring to identify and close down threats effectively.
On top of these levels of security, there is a timing-related locking of your account - the same way as when you’re doing some online banking, and after a few minutes of no activity (if you step away from your computer), the website will automatically log you out of your account to prevent someone else from accessing it - for you to continue using the service, you will need to log in again with two-step authentication.
What’s more, digital government services using GOV.UK Verify may ask you to re-confirm your identity when you reach a critical step in that service. This could be, for example, before you submit some information to the tax office, to ensure that no one else can submit information without you knowing about it. You’ll be able to do this using the same two-step authentication login that you set up with CitizenSafe.
Another level of security means that the GOV.UK Verify gateway through which communication between you, CitizenSafe and the government service that you want to use, does not permit the service you use to know that CitizenSafe verified your identity, nor will CitizenSafe know which government service we are verifying you for.
To top it all off, at any point, you can chose to verify your identity with a different provider for a previously used service, use different providers for different services, or contact any identity provider that you have used and ask to be removed from their system.
Our forms are straightforward, and we'll only ask you the questions we need to know.
We specialise in identity verification and know how to take the stress out of your online identity check.
We won't share your details with anyone, just the government department you need.