Yoti Icon

Yoti

Meet the Guardians: Seyi Akiwowo

Meet the Guardians: Seyi Akiwowo

We’re over the moon to present our latest member of the Guardian Council – Seyi Akiwowo.    The Guardian Council The Guardian Council is our independent board of trustees and advisors. They have no financial stake in the company but are wholeheartedly invested in protecting the people we seek to serve. They bring expertise from fruitful careers in sectors like human rights, data privacy and last mile tech to advise us as we navigate the complex world of identity, digital or otherwise.     Seyi Akiwowo Seyi Akiwowo is a force to be reckoned with. She’s passionate about ending online abuse, self-care, meaningful inclusion and political leadership, and is an inspirational public speaker  who has spoken across the globe on these fundamental issues. After graduating from the London School of Economics, Seyi was elected as the youngest female black Councillor in East London at just 23. Growing up in one of the poorest boroughs in London, she became involved in politics in various ways to make a positive difference in her community.  Currently, Seyi is the Founder and Executive Director of Glitch, a young not-for-profit organisation determined to end online abuse through education, campaigns and advocacy. Glitch has a flagship training programme on Digital Citizenship, which is primarily delivered to young people to raise awareness so that they exercise their agency to navigate the online world in a positive, critical and respectful way. Glitch’s achievements are far reaching and have been recognised in Parliament, as well as in books such as Slay in Your Lane and Misogynation.    On top of all of this, Seyi’s an Amnesty International Human Rights Defender, a fellow of the Institute for the Royal Society of the Arts and a Fellow of the Institute for Canadian Citizenship. In 2017, she was invited to present at the 38th United Nations Human Rights Council on online, gender-based violence and again in 2019, to the 10th session of the Ad Hoc Committee on the Elaboration of Complementary Standards to discuss how to update the Convention on racial discrimination to include online abuse.  Seyi’s passionate about widening participation and representation of diverse groups in public life, and anyone that has met her will know how charismatic and positive she is about all of the wonderful work she’s doing. Seyi is also an expert facilitator in skills and inclusion and delivers workshops around the world, including London, Kuwait and UAE. In addition to her inspirational talks, Seyi’s also written reports and seminal pieces for The Guardian, Gender IT.org and Huffington Post.       Without further ado  So please join us in welcoming Seyi to take the fourth seat on our Guardian Council. We’re really excited to have her insight and enthusiasm onboard our mission to fix the broken identity system. If you want to follow all the interesting things she’s saying and doing, you can find her at @seyiakiwowo.

3 min read
Our approach to security and privacy

Our approach to security and privacy

Just as the right to identity is a fundamental human right, privacy is too. We created Yoti to give everybody a secure, privacy-friendly way of proving their identity, online and in person. Privacy and security, therefore, aren’t just our priority but our raison d’etre. Our free Yoti app is built with privacy and security at its core and harnesses data minimisation techniques that enable you to share less data.  We have a rigorous approach to security and have built an innovative database architecture designed to protect against data breaches or cybersecurity attacks. To ensure that we are held accountable, we are advised by our Guardian Council, an independent board of expert professionals and dedicated advisors from data privacy, human rights, online harms and last-mile technology sectors. Our mission is, and will forever be, to be the world’s trusted identity platform. This is not a journey we make on our own but with policy advisors, think tanks, researchers, academics and humanitarian bodies. As our sixth core business principle states, we are transparent about what we are doing and why, so in light of this transparency, we have answered your questions on how we protect your data.   Is Yoti recognised? Yoti is certified to meet the requirements of ISO/IEC 27001, the global gold standard for information security management.  We’re also a SOC 2 Type II certified company. We were externally audited over a six month period and we received a flawless report for the operation of our security controls. The architecture of our security systems has also been reviewed by Cigital (Synposys) and we regularly undergo penetration testing to look for any potential vulnerabilities in our security operations.   How do you keep my data secure? We have taken a radical new approach to protecting personal data. Instead of storing your information as a single record on one big database, we store each individual piece of your data separately. Imagine the Yoti database as a bank vault. Each piece of your data is split up, turned into unreadable data through encryption and stored in a different safe.  Only you have the key to access these safes, which is stored on your phone and not on the Yoti database.  When you unlock your app with your five-digit PIN, you activate your key which then pulls all of these individual pieces of data together and turns them back into readable text.  For extra security, Yoti also encrypts your key. To gain access to your safes in the vault, your key must match our Yoti key.   Can Yoti be hacked? The Yoti database is protected by high-level security and firewalls that are extremely hard to penetrate. In the unlikely situation that somebody did hack the database, the fact that you have your own encryption key means that your data would appear as random gibberish to a hacker. Imagine the bank vault with the safes again. In Yoti’s system, even if hackers broke into the vault, they still wouldn’t be able to open all the individual safes – they would need the keys from every user’s phone.     What is encryption and how does Yoti protect my data with it? Encryption is a mathematical code that turns text into meaningless strings of numbers and letters. We use AES-256 encryption, which is trusted by governments and organisations such as Apple as being virtually impossible to break.  The number refers to the length of the encryption key and means a hacker will require 2256 different combinations to break a 256-bit encrypted message. We use this encryption for both storing and sending data, so it can’t be intercepted.    Can Yoti see my data? Once we verify your account, we can see your data for seven days for security purposes. This allows us to recall any documents that may be flagged up for fraudulent purposes and protect the Yoti ecosystem. After this period, we send your data to the central Yoti database where it is stored as encrypted text. Only you can turn this back into readable text with your encryption key.    What happens when I share data? A business will request the information they need from you, which you can accept or deny with your Yoti app. When you accept a data share, the specified information is sent to the agreed third party  and both parties will get a receipt of the information exchanged. Yoti can’t see the information you have shared, we can only see the type of attribute (such as ‘name’ and ‘address’), the company and the time and date.    How is this any better than using my passport? The Yoti app allows you to share just the information strictly necessary for a transaction.  For example, to prove your age to buy alcohol in the UK, you can just share the fact that you’re over 18 and nothing else. If you were using a passport, you would have to share your photo, name and date of birth. We will have already verified your details against the ID document you used to open your Yoti, so the business can have confidence that the details shared are real and accurate without needing to have a copy of the ID document themselves. This protects you against identity fraud and means you don’t need to send ID documents insecurely via email.   How can I be sure that identities are verified correctly? When you create your Yoti Digital ID, you’re required to take a quick scan of your face during what we call a “liveness test”. This is to prove you’re a real person. We also ask you to scan an official ID document using your phone’s camera.  We then use a combination of expert AI and manual checks to accurately extract the information from your document. Our team of super recognisers verify the document is genuine and that the photo on the ID document matches your face scan. They are the 2% of the population that have superior skills in recognising faces and work in our security centre, which is a highly secure environment where phones are prohibited and only security personnel can enter.  To make sure fake and fraudulent documents aren’t being used, the security team check against the Keesing database of global ID documents and the CIFAS (Cross Industry Fraud Prevention Service) database. We also have connections with other fraud watchlists and are a member of the Association of Document Validation Professionals.   Will you ever sell my personal data? No – we will not, and cannot, sell your information to third parties for marketing or any other purpose. We give you the tools to securely share your information with a chosen organisation. That organisation pays for the check and you have a receipt of what you have shared, but we don’t have access to your personal data.   Can I delete my personal information from your systems forever? Yes. If you no longer wish to have any of your personal information on our database, you can delete your account by logging in to the app and tapping on More > Settings > Delete my account. We will ask you to take a photo of yourself so we’re sure it’s you deleting your account. We will delete this photo along with the rest of your data when we have verified it’s you. Once you delete your account, your information will be permanently deleted from our systems. If you just uninstall the app without deleting your account, you do not delete your data.   More questions? If you have any questions about privacy or security at Yoti, please drop us a line and we will be happy to clear up any doubts.

7 min read
Compliance at Yoti and why it matters to you

Compliance at Yoti and why it matters to you

Updated 29th November 2019 to reflect change of SOC 2 classification from SOC 2 Type 1 to SOC 2 Type II.   We do things differently to most tech companies. We’re proud of the fact that we always put compliance and our community first and we like to shout about it. The way we handle security and compliance is key to protecting your data. If we didn’t get that right, how could we expect anyone to trust us? And without trust, why would anyone use our app? So, with that in mind, here’s a run-through of the three main compliance accreditations we hold and why you should care. (Don’t worry, we know this stuff can be quite dry so we’ve kept it short).   ISO 27001 What is it? It’s an international standard for information security management. Quick fact: although ISO 27001 is now best practice for security around the world, it was originally published in 1995 right here in the UK. What does it mean for you? ISO 27001 is about protecting all kinds of data. Not just personal data. So that’s everything from how we monitor who enters our offices to how we pick any suppliers or partners we work with. It basically means we’ve been proven to take security seriously in all areas of the business.   SOC 2 Type II What is it? SOC2 (Service Organisation Controls) is all about companies being able to trust each other when providing and outsourcing services. There are five different criteria that an organisation can be examined on: security (which we have), confidentiality, processing integrity, availability and privacy. Our independent auditors examined the operation of our security controls over a continuous, six-month period and found no exceptions.   What does it mean for you? SOC 2 is one of the most respected and rigorous auditing standards for security in the business world. It’s considered the gold standard and is adhered to by governments, major banks and the biggest tech companies. And receiving a flawless report is almost unheard of. So when we say that security and privacy are our priority, you know we really mean it.   PAS 1296 What is it? It’s a Publicly Available Specification (PAS) for Online Age Checking. It sets out regulatory best practice for the sale of age restricted goods or access to age restricted services. We have done a self assessment against PAS 1296 and had this reviewed by a third party.   What does it mean for you? It’s all about trust. Trust that an age check performed using Yoti is reliable. For example, if you’re a parent whose child uses Yoti for proof of age accessing child-only forums or online games, you can be confident that environment is only accessed by others their age.

3 min read
Yoti joins the world’s most innovative companies in the REGTECH100 2020

Yoti joins the world’s most innovative companies in the REGTECH100 2020

We are very proud to announce that Yoti has been selected as a REGTECH100 company. RegTech The REGTECH100 is an annual list that recognises the world’s most innovative technology solution providers who are addressing the challenges of delivering regulatory requirements within financial services. The regulatory technology industry has seen huge growth in recent years as it strives to meet the needs of financial institutions as they navigate unrelenting regulatory challenges. The key players The REGTECH100 list was born to help senior management and compliance professionals navigate and evaluate which solutions are most likely to have a lasting impact on the industry. In their own words, this list is comprised of the companies every financial institution needs to know about as they consider and develop their mission critical RegTech and digital transformation strategies. We are really proud that Yoti has been selected as one of the world’s top 100 companies that are shaping the future of the compliance, risk management and cybersecurity in 2020. Yoti driving innovation with digital identities Yoti’s identity verification solutions are making strides in financial services. Our recent partnerships with Synectics Solutions and Kompli-Global create a digital  KYC journey that fuses electronic identity verification with best-in-class data services for enhanced financial crime and anti-fraud prevention. The cyprotcurreny platform Crix has also recently innovated their onboarding process with eKYC checks with our Yoti Doc Scan product. Whether it’s buying crypto-currency, authorising a payment through multi-factor authentication or verifying your identity for a bank, our innovative technology provides financial institutions with the ability to: Verify the identity of customers from over 175 nationalities to a high level of assurance through government-approved photographic ID documents. Allow customers to prove who they are remotely and securely from anywhere in the world. Digitally transform the approach to customer onboarding and customer due diligence. Reduce onboarding friction in order to deliver products and services faster than before. Enhance regulatory compliance through best-in-class technology. Mission critical  In the words of Mariyan Dimitrov, head of research at RegTech Analyst, “Employing RegTech solutions to modernise the compliance function is now mission-critical for financial institutions globally.” If you work in regulatory financial services and are keen to learn more about Yoti’s identity verification services, please get in touch with our Commercial Director for Financial Services, Gareth Narinesingh.

2 min read
How we built privacy into the Yoti app

How we built privacy into the Yoti app

Just as the right to identity is a fundamental human right, we believe privacy is too.  Yoti was built to give everybody a simple and secure way of proving and protecting their identity, online and in person.  With the free Yoti app, you can create a digital ID that allows you to prove who you are in the most privacy-friendly way. It is built with data minimisation at the core and allows you to share less data to prove your identity or age. You’re in control to show only the details you need, to the businesses and people you trust.    First things first We don’t have your ID document details unless you have chosen to add them to your account. This is totally your choice. If you don’t add your ID document, you can use other features on the app such as our password manager or get an estimated age, but you do not have a digital ID. We make sure it’s really you When registering your account, we ask you to take a quick video to prove you’re a real human being. If you want to create a digital ID, you can upload a government-issued ID document. This is either checked automatically or sent to our team of identity verification specialists. They check your document is real and that the photo matches up with the image from your video and the information taken from your document.  This is called a liveness test and is where we ask you to move your face according to instructions on the screen. If this test fails, you may be asked to say a few words so we can confirm you’re a real person. We double check that you’re the one calling the shots From your liveness test, we create a digital map of your face and encrypt it. When we need extra confirmation that it’s you, we ask you to take a seflie, which we compare to this original image.  We let you share less data Unlike a physical ID document, we store your personal information as individual pieces of data. We call these attributes – individual pieces of information that identify you as you, such as your name, date of birth etc.  By storing these attributes separately, you can share just the information required for a transaction, rather than revealing your whole identity. If you need to prove your age, you can share the fact that you’re over 18 and nothing else.   Only you hold the key When you unlock your app, you activate your master encryption key. This master key is stored on your phone and is the only way of pulling together your attributes and turning them into readable text. Yoti also encrypts your master key for extra security.   We use advanced biometric technology to keep you safe We use biometric (and non-biometric) technologies to carry out anti-spoofing, fraud prevention and security checks. This is the most effective way of verifying that you are a real person and that you’re setting up a genuine digital identity. It allows us to keep our users safe and make sure that only genuine identities are on our platform.   We’re clear and transparent We tell you what we’re doing and why in the app, in our privacy policy and in FAQs. Our customer support team are also incredibly friendly and super speedy at replying so you can get in touch at any point if you need any help.   You can always opt out Our research and development (R&D) team use some user data to develop, test and improve our age estimation technology and our anti-spoofing, fraud prevention and security checks. We do this to keep our community safe but if you are not comfortable with this, you have the option to opt out in the app. Go ID-free We’ve also built age estimation technology so you don’t even need an ID document to have an estimated age on your account. This technology can be used to allow anonymous proof of age in situations such as buying age-restricted goods at self-checkouts or proving you are over a certain age to access age-restricted content online. For all the technical bits, take a read of our whitepaper.

4 min read
He who eats bread with you

He who eats bread with you

B Corps are companies that use business as a force for good. The “B” stands for benefit, and refers to benefiting workers, benefiting the community and benefiting the environment. It is truly a revolution, driven by the nonprofit organisation B Lab, who are reminding us what companies can really do. Although the word “company” today may make you think of balance sheets and revenue, it actually originates from the French word compagnie: ”a society, friendship, intimacy; body of soldiers”.  If we look further back, we find the Latin phrase companio: “he who eats bread with you”. Companies were originally about people and sharing, which is exactly what Yoti has been about from day one.   The backstory: day one at Yoti Before we even had a name, we understood the complex ethical questions we would likely come up against. We knew that if we were going to ask people to trust us with their most personal information, we would need to set up an ethical framework to guide us and help us answer these questions.  We came up with our seven founding principles which continue to feed into everything we do. We knew we’d also need an independent board of trustees who could hold us to these principles and advise us with expertise from relevant fields, such as human rights, data privacy and last-mile tech.  And so was born the Guardian Council.  While we were setting up our foundations in the summer of 2014 and had finally settled on a name – Your Own Trusted Identity (Yoti) – B Corps had just crossed the pond from the US and launched in the UK. Their mission and framework really resonated with the kind of company we were striving to build. We were awarded our B certification in July 2015 and became one of the first founding UK B Corps. And we have been driving good ever since.   The mission To qualify as a B Corp, a company must have an explicit social or environmental mission. A certified B Corp is legally required to take into account the interests of workers, the community and the environment, as well as its shareholders, in all decisions  Yoti’s mission is to give people a safer way of proving who they are in the physical and online world. Our free consumer app and platform for business is designed to protect society from fraud – and help people know who they are dealing with, using less data.   The practicalities A company must amend its articles of incorporation to adopt B Lab’s commitment to sustainability and treating workers well, as well as meeting B Lab’s comprehensive social and environmental performance standards. The key areas assessed are:   Governance We have a strong ethical framework that is built on our seven ethical principles. Alongside the Guardian Council, we have an Internal Ethics and Trust Committee that oversees the development and implementation of our ethical approaches and ensure we develop in the right way.  We have made public pledges to the Safe Face Pledge, Biometrics Institute: 7 ethical principles, 5Rights framework, the Articl8 member code of conduct and the Fair Tax Mark.   Customers The Yoti app was built to give individuals a simple and secure way of proving and protecting their identity, online and offline. It is free, and will always be free, for the user. The app lets you share details with people you don’t know but may be interacting with online, for example on dating sites or classifieds. It also has a password manager to help you keep your passwords safe and age estimation technology that allows individuals to prove their age without needing to add  an ID document to the app. We have also teamed up with CitizenCard to give young people access to a low-cost identity document to prove their age, which has taken the price from £17 to £9.   Community We’re fully committed to supporting Sustainable Development Goal 16:9 –  to provide a legal identity for all – especially to the 1.5 billion people who have no way of proving who they are. Following an extensive period of research and evaluation of social sector needs in the UK, Africa and South East Asia, in early 2019 we launched a brand new Social Purpose Strategy. The key pillars are Digital Identity Toolkit, a Digital Identity Fellowship Programme and our offline ID solution, Yoti Keys. Yoti has also donated £17,200 to charity in 2018/19 and commits 1 percent of revenue and 2.5 percent of profit to the Yoti Foundation. Team We have a brilliant team of over 270 people who we endeavour to support in many different ways. To build a culture of self-development, we give every UK employee a LinkedIn Learning license and an annual budget of £750 for training. Everyone at Yoti also gets five ‘selfie’ days a year to focus on volunteering or personal development opportunities. We offer a multitude of free activities such as yoga, boxing, meditation, anime, running, among many, to help them achieve the life side of things.   Environment Through the use of digital ID, we’re striving to combat the huge number of lost physical ID documents – just under 40,000 out of 50 million in the UK are reported lost or stolen each year.  Our electronic signature platform helps companies save on printing thousands of pages by enabling them to sign documents digitally.  We also have a dedicated Green Team of volunteers who are responsible for managing, implementing and promoting our environmental principles and mission.   The B Corps report in all its glory For ALL the ways we are striving to drive good, please have a look at our B Corps 2019 report in all its detail and colour.  You can find our official B Impact report here.

5 min read