Frequently asked questions about VerifID’s verification process.
Site and Domain Security
When considering a website’s security, there are several important factors that we take into account before we provide a real time verification page for a website owner.
- SSL/TLS Encryption: One of the most important aspects of website security is the use of SSL/TLS encryption. This encryption protocol helps to protect sensitive information, such as passwords and credit card numbers, from being intercepted by unauthorized parties. Websites that use SSL/TLS encryption are indicated by a green padlock icon in the address bar or the prefix “https” in the URL.
- Domain Validation: It is also important to ensure that the website has a valid and properly registered domain name. This can help to prevent phishing scams and ensure that the website is trustworthy.
- Firewall Protection: Firewalls help to prevent unauthorized access to a website’s server and can also help to prevent hacking attempts. It is important to ensure that the website has a strong firewall in place to help protect sensitive information.
- Regular Software Updates: Websites should regularly update their software to ensure that they are protected against the latest security threats. This includes updating the website’s content management system, plugins, and themes.
- Penetration Testing: Penetration testing is a method of simulating a hacking attempt to identify vulnerabilities in a website’s security. This can help to identify and remediate any security weaknesses before they can be exploited by attackers.
- Data Backup: Regular backups of a website’s data can help to ensure that critical information is not lost in the event of a security breach. It is important to have a robust data backup system in place to help protect sensitive information.
- User Authentication: Strong user authentication mechanisms, such as two-factor authentication, can help to prevent unauthorized access to a website and protect sensitive information.
Ensure that your website is protected against potential security threats to sensitive information with VerifID® vulnerabilities scan.
Vulnerabilities Checks
- Malware : Malware (short for “malicious software”) is a file or code delivered over a network that infects, explores, steals, or does almost anything an attacker wants. Malware has many variants, so there are many ways to infect computers.
- Phishing : Phishing is the fraudulent practise of sending emails or other messages falsely claiming to be from reputable companies to get personal information like passwords and credit card numbers.
- SQL Injection Attack : SQL injection (SQLI) is a common type of attack that uses malicious SQL commands for underlying database manipulation to access data that was not meant to be displayed. Confidential company data, user lists, and customer data may be included.
- Cross-Site Scripting (XSS) : Cross-site scripting (XSS) attacks inject malicious executable scripts into trusted applications or websites. Users are often lured into XSS attacks by malicious links.
- Denial of Service (DoS) : “DoS,” which stands for “Denial of Service,” is group of cyber attacks that are meant to make a service inaccessible to it’s users. Most individuals are aware about DoS attacks against well-known websites because these are often covered in the news.
- Session Hijacking and Man-in-the-Middle Attacks : Represent a form of session hijacking and involve attackers acting as relays or proxies inside of legitimate data transfers that are in progress.
Terms and Conditions Verbiage Check
- Mentions of POPIA in terms
- Mentions appoint an Information Officer to maintain compliance
- Mentions disclosure of the collection and use of all personal information
- Mentions provision of channels responding to “data subjects” access and rectification requests
- Mentions provision of notification channels for security compromises
- Mentions written contracts with the data operators
- Mentions adequate protection in cross border data transfers
- Mentions provision documentation of all personal data processing operations