8

Protection from Call Scammers

Easily and quickly check the identity of callers claiming to be from companies you have accounts with.

Let us help you build trust and mitigate risk from fraud

We communicate and transact every day, but understanding we are doing so with authentic people and organisations can often be difficult, especially when we are all so busy.

Your data in the wrong hands can lead to identity theft and financial fraud and its happening on a massive scale across the world.

Our vision is to help you stop fraudulent activity aimed at you, your customers and your trading partners. We’ll tackle common scammer approaches, help you and your people to understand the issues and communicate safely.

<p>Let us help you <b>build trust</b> and mitigate risk from fraud</p>
Step 1 Step 2 Step 3

How does it work?

“(Lu-cid-i-ty) a presumed capacity to perceive the truth directly and instantaneously”

Step 1

Step 2

Step 3

An organisational user sends an identification request from their web system.

User receives a notification, signs into the app to view the incoming request

The app validates that the incoming user details have not been altered since original verification so that you can be sure that the request is from a genuine party. Further details about the individual and their organisation can be accessed via the verified links.

You can see what identification information is being requested and untick anything you are not comfortable sharing

Click to Accept or Reject the request

You can see what information you supplied

Sender receives the information you have shared with them.

Step 1 Step 2 Step 3
<p>Telephone <b>Fraud</b></p>
Plug - Telephone Fraud

Telephone Fraud

Callers pretending to be from banks and other companies are ruining lives and it is constantly in the news. More and more people are worried for friends and family and looking for ways to protect them. Luciditi is the answer in most cases.

Plug - Getting started

Getting started

Simply click on the get started button at the top of the page to register your interest and get more information.

<p>Getting <b>started</b></p>

Frequently Asked Questions

Luciditi is your defence against deception.

A digital service designed to prevent impersonation via a mobile end-user application that enables mutual verification of people and organisations in real-time. This can be done remotely or in person as a result of a phone call, email or any kind of communication.

Luciditi also supports the sharing of other sensitive and confidential information which has been attested as being true between connected parties.

It uses high-strength encryption technology, immutable data sets and a closed network of trusted relationships to ensure that data is accurate and can be independently verified.

Whenever you need to confirm someone is who they say they are, or give consent to provide confidential information (eg ID or financial details), use Luciditi to built trust and accountability into your process.

There are many ways that you can benefit from using Luciditi in your business:
    • Fast and convenient "over the phone" security procedures which eliminate repetitive questioning
    • Real-time confirmation of sensitive instructions from colleagues and partners (never rely on email!)
    • Integrate into existing workflows requiring organisation and individual validation either in person or over the phone
    • Provide real-time secure access to company information either automatically or with user explicit consent
    • Request Photo ID and Age verification for in-person identification
    • Request Identity confirmation of individuals arriving on premise
    • Accurately exchange non-ID but equally sensitive details such as bank and payment details
    • Audit confirmed requests for compliance
    • Reduce customer data retention by requesting only that which is needed, when it's needed
New users are invited into the Luciditi trust network by the organisations they have relationships with. This invitation will vary from organisation to organisation depending on their processes but ultimately relies on you downloading and using the Luciditi app to manage your relationship with them when invited to do so.

You are then able to validate who they are when they call you and identify yourself back to them. You get to decide what data you share with anyone who sends you a request and in turn may request information back from them - in real time.

You are not limited to exchanging information with the organisation who sent you the request, you can have as many active contacts as you like and manage them yourself at any time day or night via the mobile app.

The application of Luciditi is not tied to any one sector. However, due to the rise in fraud as a result of impersonation, those that benefit the most are typically within the following industries:

  • Financial Services & Banking
  • Insurance
  • Health and Social Care
  • Education
  • IT and Telecoms
  • Retail
  • Utilities
No. In order to access the mobile app and properly verify the legitamacy of others, each party requires internet access to the Luciditi service either via wifi or a mobile internet connection.
Having placed an order, your organisation will be vetted in order to establish a set of authentic identification attributes. We will typically visit your main premises and require at least one senior authorised person to sign the agreement. However, it is a simple process and assuming that you are accepted, your account will be operational within 48hrs of sign up.

Once your account is enabled you will be given your administrative user credentials in order to access to the Luciditi Web application and setup your internal users.

You'll be able to issue requests within minutes of adding your first user.

Ideal for Visitor ID, instant Enrolment or Age Checks, business users can create a time limited, single use QR code within the mobile app for another user to scan. Requests can be made from the mobile app making it ideal for busy environments

Once a user has scanned the QR code, the process is the same as remote requesting. i.e. The result is returned to the requester rather than relying on the other persons device. This is the most secure way to operate in person identification as it prevents forgery, spoofing and guaranteeing authenticity of the request response.

Unlike 'remote requesting', in person requesting doesn't require a pre-existing contact to exist between parties because the end-user initiates the QR code scan themselves. For remote requests, other parties must have asked permission to become a contact before they can send a request, preventing spamming and misuse.

Luciditi was designed from scratch in 2017 as a highly secure, cloud-based identity and data sharing product. Obviously you would expect us to say that it was secure and you would also expect us to employ state of the art encryption technology under the hood. However, without revealing anything that would compromise its security, here's how we have approached it.

There are multiple facets to the Luciditi Service which work in concert to provide a seamless user experience. Briefly, key elements comprise of Data Storage, Web Services, Web and Mobile Applications, Encryption Key Storage and System Monitoring.

We employ physical separation of user data from application data ensuring that there is no single 'honey pot' of data. Even if user data was stolen, there would be no way to tie it to a specific user, nor could it be read without the owner of that data's encryption key.

Each individual data item (eg Name or Date of Birth) is stored and encrypted separately so just retrieving information about one person requires multiple requests and knowledge that not present within the same data set.

The Luciditi Data service runs on entirely separate hardware, accessible only to the Luciditi Service and never the outside world. The only way to retrieve data from it is via Luciditi itself.

Data is transferred between architecture elements using a combination of high-strength symmetric and asymmetric encryption (also known as 'public key encryption'). Encrypted data can only be read by the owner of the private key which is held individually by Organisations or App users - not Luciditi. It's not possible for us or anyone else to read your data.

No data is stored in the Luciditi app so losing your device does not mean losing your data.

The app is further secured by pin or biometrics (device dependant) and certain 'account actions' require password confirmation.

Data hashes and digital signatures prove the authenticity/immutability of data so that you can be sure that when you receive data from someone else, it cannot have been modified since it was first attested by a trusted authority.

What all this means is that the Luciditi is secure. More importantly, you and only you can read your data unless you give someone your explicit consent to read the data you choose. That's why you can trust Luciditi to hold and exchange your data.

By the very nature of public key encryption, losing your encryption keys means losing access to your data. This is because every single data item is encrypted using a form of encryption that is in all practical terms unbreakable. It relies on the fact that only the key holder has a copy of their private key which is used to read the data. Your public key can be shared with others so that they can encrypt data in a way that only you can access.

So as you can see, the privacy of your keys is very important and they need to be kept safe.

To give you a secure environment to store them in, we provide a key backup service for every account. This is a closed system, running on independent infrastructure with the sole purpose of securing your keys. It has no knowledge of Luciditi and so there is no way to tie your key data stored in the backup service back to your Luciditi account. The service is not accessible to the internet and can only be accessed via Luciditi.

In technical terms it uses a Hardware Security Modules (HSM's) - highly secure hardware that is designed to be impenetrable from hackers. The HSM's used are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.

Alternatively, if you want to store your keys entirely off-line and manage them yourself, we allow you to download key-pairs in a standard key file format.

No. For security purposes, accounts are restricted to a single device at any one time and are not tied a mobile number.

Even if a fraudster manages to convince a mobile operator to give them a clone of your SIM card, they can't move your Luciditi account without knowing multiple factors and initiating system generated alerts. And in the unlikely event that they did all of this without you or us noticing, they would still need your encryption keys in order to access your data.