Let us help you mitigate risk from fraud and build trust

We communicate and transact every day but understanding we are doing so with authentic people and organisations can often be difficult, especially when many situations require us to trust people without absolute certainty of who they are.

Your data – even small fragments of it – are a valuable commodity which fraudsters can easily extract and piece together for exploitation and financial gain. It’s happening on a daily basis across the world – but now Luciditi tackles the problem head on.

Our vision was create a solution for businesses, their employees and private individuals that stops unsecured access to sensitive data – especially the elements that are the key to determining trust. Luciditi allows both parties to confirm their identity to each other by sharing the minimal amount of data possible in the most secure way permitted by current technology.

Luciditi provides a highly secure and valuable tool to implement processes that are near-instant and frictionless. The human element that’s responsible for fraud via social engineering can now be eliminated.

Get a demo

<p>Let us help you mitigate risk from fraud and <b>build trust</b></p>

Luciditi has multiple applications across industry.

It protects you from deception by:

Reducing the risk of financial fraud caused by employees being targeted with Impersonation, Social Engineering and Business Email Compromise (BEC)
Enhancing any existing identification process with a far higher degree of compliance
Providing a continuous Know Your Customer (KYC) workflow in all sensitive interactions, not just on initial acquisition
Reducing the time of customer security checks over the telephone
Adding identity verification and secure data exchange to areas where it’s not currently practical – either due to cost, practicality or time constraints
Demonstrating to regulatory bodies and institutions a serious commitment to Data Security

There are 3 ways a business can benefit from Luciditi:

Internally within an Organisation
For your own employees
Outside of an Organisation for Business to Business
With other business users in other organisations
Outside of an Organisation for Business to Consumers
With private individuals

Within your Organisation

Employee validation

Provides real-time confirmation of sensitive instructions from colleagues (since email should never rely on )
Integrates into existing workflows that require employee validation in person or over the phone
Provides access to company information either automatically or with explicit consent
Audit confirmed requests for compliance

Outside of your Organisation
B2B

Business user validation

Real-time confirmation of sensitive instructions during day to day business. Email can no longer be relied on
Integrates into existing workflows requiring employee validation in person or over the phone
Securely exchanged sensitive details such as bank and payment information
Audit confirmed requests for compliance

Outside of your Organisation
B2C

Customer validation

Realtime confirmation of customer identity – guaranteed as authentic and unaltered since attestation
Integrates into existing workflows requiring customer verification in person or over the phone
Securely exchanges sensitive details such as ID, Financial or Personal information
Reduces customer data retention by requesting only that which is needed and only when it is needed
Audit confirmed requests for compliance

How does it work?

Luciditi can be used to check identity in a whole host of scenarios. For example, validating someone’s Age in person or confirming their identity over the telephone. A typical over-the-phone verification takes less than 20 seconds – lets look at an example.

Step 1

Step 2

Step 3

As part of an incoming call from a customer, a business user sends them a request to verify their identity.

It could also be one of their own employees or an employee in another business.

Luciditi notifies the customer in real time by forwarding a secure request to their Luciditi App.

On opening the notification they can immediately see that the details of the sender are accurate and verified. They are presented with a list of what information is required.

The user is able to deselect any data items they do not wish to share before pressing Accept. Alternatively they can Deny the request entirely.

Click the play button to see an incoming request being interrogated and then Accepted.

Once accepted, the sender of the request is notified immediately showing them the data that their customer consented to supply.

They can also see that the data supplied has been verified and is accurate.

Making Luciditi work in Business

Whilst Luciditi is driven on the user side by a Web interface and a mobile app, it can also be integrated into your own business systems.

The Luciditi API for Business is supported by clear instructive documentation that make it simple to integrate.

For those users who want to use Luciditi “out of the box” with minimal integration, firewalls can be configured to link directly to your account on the Luciditi Web interface.

Just tell us what you want to achieve, and our experienced integration team will help you get it done as fast as possible.

Let’s talk – arrange a demo

To better understand the simplicity of our defence against deception, we recommend that you contact us to have an exploratory chat followed by a demonstration.

We’ll show you how it works, talk through our approach to security as well as explain the myriad of uses for Luciditi.

For those that have a specific use-case requiring a variation from our normal approach, we’ll be happy to discuss a customised implementation.

The ‘Frequently Asked Questions’ section at the bottom of this page is also a good place to expand your understanding.

Get a demo

Luciditi Subscription Tiers

We offer tiered pricing plans designed to make the service affordable for all types of business customer. A straight-forward annual cost enables the service to budgeted for regardless of usage, avoiding the uncertainty of unpredictable transaction charges.

Micro

Check icon Less than 10 Employees

Check icon Less than £2m Turnover

Get a demo

Small

Check icon Less than 50 Employees

Check icon Less than £10m Turnover

Get a demo

Large

Check icon Less than 250 Employees

Check icon Less than £50m Turnover

Get a demo

Enterprise

Check icon More than 250 Employees

Check icon More than £50m Turnover

Get a demo

Frequently Asked Questions

What is Luciditi?

Luciditi is your defence against deception.

A digital service designed to prevent impersonation via a mobile end-user application that enables mutual verification of people and organisations in real-time. This can be done remotely or in person as a result of a phone call, email or any kind of communication.

Luciditi also supports the sharing of other sensitive and confidential information which has been attested as being true between connected parties.

It uses high-strength encryption technology, immutable data sets and a closed network of trusted relationships to ensure that data is accurate and can be independently verified.

Whenever you need to confirm someone is who they say they are, or give consent to provide confidential information (eg ID or financial details), use Luciditi to built trust and accountability into your process.

As a business, what can I use Luciditi for?

There are many ways that you can benefit from using Luciditi in your business:

- Fast and convenient "over the phone" security procedures which eliminate repetitive questioning
- Real-time confirmation of sensitive instructions from colleagues and partners (never rely on email!)
- Integrate into existing workflows requiring organisation and individual validation either in person or over the phone
- Provide real-time secure access to company information either automatically or with user explicit consent
- Request Photo ID and Age verification for in-person identification
- Request Identity confirmation of individuals arriving on premise
- Accurately exchange non-ID but equally sensitive details such as bank and payment details
- Audit confirmed requests for compliance
- Reduce customer data retention by requesting only that which is needed, when it's needed

As a private individual, what can I use Luciditi for?

New users are invited into the Luciditi trust network by the organisations they have relationships with. This invitation will vary from organisation to organisation depending on their processes but ultimately relies on you downloading and using the Luciditi app to manage your relationship with them when invited to do so.

You are then able to validate who they are when they call you and identify yourself back to them. You get to decide what data you share with anyone who sends you a request and in turn may request information back from them - in real time.

You are not limited to exchanging information with the organisation who sent you the request, you can have as many active contacts as you like and manage them yourself at any time day or night via the mobile app.

Which industry sectors can benefit from Luciditi?

The application of Luciditi is not tied to any one sector. However, due to the rise in fraud as a result of impersonation, those that benefit the most are typically within the following industries:

Financial Services & Banking
Insurance
Health and Social Care
Education
IT and Telecoms
Retail
Utilities

Does Luciditi work offline?

No. In order to access the mobile app and properly verify the legitamacy of others, each party requires internet access to the Luciditi service either via wifi or a mobile internet connection.

As a business how do I sign-up for Luciditi?

Having placed an order, your organisation will be vetted in order to establish a set of authentic identification attributes. We will typically visit your main premises and require at least one senior authorised person to sign the agreement. However, it is a simple process and assuming that you are accepted, your account will be operational within 48hrs of sign up.

Once your account is enabled you will be given your administrative user credentials in order to access to the Luciditi Web application and setup your internal users.

You'll be able to issue requests within minutes of adding your first user.

How does In-Person Identification Work

Ideal for Visitor ID, instant Enrolment or Age Checks, business users can create a time limited, single use QR code within the mobile app for another user to scan. Requests can be made from the mobile app making it ideal for busy environments

Once a user has scanned the QR code, the process is the same as remote requesting. i.e. The result is returned to the requester rather than relying on the other persons device. This is the most secure way to operate in person identification as it prevents forgery, spoofing and guaranteeing authenticity of the request response.

Unlike 'remote requesting', in person requesting doesn't require a pre-existing contact to exist between parties because the end-user initiates the QR code scan themselves. For remote requests, other parties must have asked permission to become a contact before they can send a request, preventing spamming and misuse.

How secure is Luciditi

Luciditi was designed from scratch in 2017 as a highly secure, cloud-based identity and data sharing product. Obviously you would expect us to say that it was secure and you would also expect us to employ state of the art encryption technology under the hood. However, without revealing anything that would compromise its security, here's how we have approached it.

There are multiple facets to the Luciditi Service which work in concert to provide a seamless user experience. Briefly, key elements comprise of Data Storage, Web Services, Web and Mobile Applications, Encryption Key Storage and System Monitoring.

We employ physical separation of user data from application data ensuring that there is no single 'honey pot' of data. Even if user data was stolen, there would be no way to tie it to a specific user, nor could it be read without the owner of that data's encryption key.

Each individual data item (eg Name or Date of Birth) is stored and encrypted separately so just retrieving information about one person requires multiple requests and knowledge that not present within the same data set.

The Luciditi Data service runs on entirely separate hardware, accessible only to the Luciditi Service and never the outside world. The only way to retrieve data from it is via Luciditi itself.

Data is transferred between architecture elements using a combination of high-strength symmetric and asymmetric encryption (also known as 'public key encryption'). Encrypted data can only be read by the owner of the private key which is held individually by Organisations or App users - not Luciditi. It's not possible for us or anyone else to read your data.

No data is stored in the Luciditi app so losing your device does not mean losing your data.

The app is further secured by pin or biometrics (device dependant) and certain 'account actions' require password confirmation.

Data hashes and digital signatures prove the authenticity/immutability of data so that you can be sure that when you receive data from someone else, it cannot have been modified since it was first attested by a trusted authority.

What all this means is that the Luciditi is secure. More importantly, you and only you can read your data unless you give someone your explicit consent to read the data you choose. That's why you can trust Luciditi to hold and exchange your data.

What happens if I lose my encryption keys?

By the very nature of public key encryption, losing your encryption keys means losing access to your data. This is because every single data item is encrypted using a form of encryption that is in all practical terms unbreakable. It relies on the fact that only the key holder has a copy of their private key which is used to read the data. Your public key can be shared with others so that they can encrypt data in a way that only you can access.

So as you can see, the privacy of your keys is very important and they need to be kept safe.

To give you a secure environment to store them in, we provide a key backup service for every account. This is a closed system, running on independent infrastructure with the sole purpose of securing your keys. It has no knowledge of Luciditi and so there is no way to tie your key data stored in the backup service back to your Luciditi account. The service is not accessible to the internet and can only be accessed via Luciditi.

In technical terms it uses a Hardware Security Modules (HSM's) - highly secure hardware that is designed to be impenetrable from hackers. The HSM's used are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.

Alternatively, if you want to store your keys entirely off-line and manage them yourself, we allow you to download key-pairs in a standard key file format.

Can my Luciditi account be cloned by fraudsters using SIM swap?

No. For security purposes, accounts are restricted to a single device at any one time and are not tied a mobile number.

Even if a fraudster manages to convince a mobile operator to give them a clone of your SIM card, they can't move your Luciditi account without knowing multiple factors and initiating system generated alerts. And in the unlikely event that they did all of this without you or us noticing, they would still need your encryption keys in order to access your data.