Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
RESDEX –
Security and Compliance
Making Resdex - KYC compliant and secure
KYC Requirements
 Verify Identity and the address of the person/entity to whom the services have
been sold.
 Each recrui...
Security requirements
 Prevent unauthorized access in customer accounts
 Provide Mobile number validation & OTP based au...
Phases
Phase I
Already live
1. New sub-user creation with
email-ids only
Planned
1. Old sub-user name migration to
emails ...
Already Live
1. New sub user creation with email-IDs only
2. Mandatory Email verification for new sub user addition
3. Mob...
New Sub User creation with email address
only
Already Live
 A super user can create a sub user with a
valid email address...
Mandatory Email Verification for new
users
• All new sub users will be needed to verify
their email address before they ca...
Mobile Number Optional Validation for
sub users
• User will be able to add and verify her mobile
number
• Super user will ...
Address / PAN Card Proof submission
As per legal requirement, Know Your Customer compliance
needs verified information on ...
Going Live
1. OTP based login authentication for sub users –
Optional
What is OTP based login authentication?
 Users will be required to enter a One Time Password (OTP) after submitting
usern...
In the Optional Phase, Super Users can activate
OTP based login authentication for users
 By default OTP is OFF for all c...
Only users with verified email ID will get OTP while
logging in
• As soon as super user turns OTP setting ON, he is notifi...
Super User notification when he switches the OTP
setting OFF
• OTP will become mandatory for all users and super users in ...
User will be prompted for OTP after submitting
username & password
 If super user has activated OTP
 If username is a ve...
The OTP will be sent via mail on verified email ID
and SMS on verified mobile number
 Users without verified email ID as ...
In case of delay, user can resend OTP
 OTP is specific to a user and login session.
 User A’s OTP cannot be used by User...
The OTP will be prompted when user logs in from
CSM or NaukriRecruiter login pages well
 After successful login, OTP will...
Thank You
Upcoming SlideShare
Loading in …5
×

Resdex Enhanced Security using Login OTP for sub users

18,274 views

Published on

Additional layer of security using One-Time Password (OTP) for login whenever login pattern of users change.
This will help prevent unauthorized access in Naukri.com sub user accounts.

Published in: Recruiting & HR
  • Dating for everyone is here: ❤❤❤ http://bit.ly/2u6xbL5 ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ❤❤❤ http://bit.ly/2u6xbL5 ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Resdex Enhanced Security using Login OTP for sub users

  1. 1. RESDEX – Security and Compliance Making Resdex - KYC compliant and secure
  2. 2. KYC Requirements  Verify Identity and the address of the person/entity to whom the services have been sold.  Each recruiter account offered by Naukri to be uniquely identifiable and verified.  Any change in the contact details needs to be revalidated in the same manner.
  3. 3. Security requirements  Prevent unauthorized access in customer accounts  Provide Mobile number validation & OTP based authentication for user login
  4. 4. Phases Phase I Already live 1. New sub-user creation with email-ids only Planned 1. Old sub-user name migration to emails with mandatory email verification 2. Mandatory Login OTP for sub users 3. OTP based authentication for super users Already Live 1. Mandatory Email verification for new sub user addition 2. Mobile number validation for sub users – Optional Phase II Phase III Already Live Address/PANCARD proof submission Going Live OTP based login authentication for sub users – Optional Phase IV
  5. 5. Already Live 1. New sub user creation with email-IDs only 2. Mandatory Email verification for new sub user addition 3. Mobile number validation for sub users – Optional 4. Address / PAN Card proof submission prior to subscription activation
  6. 6. New Sub User creation with email address only Already Live  A super user can create a sub user with a valid email address as username  The email address entered in username will be used for communication as well
  7. 7. Mandatory Email Verification for new users • All new sub users will be needed to verify their email address before they can login and start using the subscriptions. • Steps for adding a sub user – – Super user adds a new sub user email- id – Sub user verifies the email-id Already Live Pending Users section: Users in this section cannot login in the Company account or use any subscriptions. This section will be collapsed by default.
  8. 8. Mobile Number Optional Validation for sub users • User will be able to add and verify her mobile number • Super user will have the ability to add / edit mobile number of a sub user • Users from 2 different company accounts cannot have the same mobile number verified Already Live
  9. 9. Address / PAN Card Proof submission As per legal requirement, Know Your Customer compliance needs verified information on client identity and address  Clients will need to upload their PAN card and Address proof KYC compliance will be required before product activation  Once approved, KYC will not be needed on every transaction  If company details are modified, then PAN card and Address proof will need to be uploaded again  Exclusion - KYC not needed  If net revenue in current FY < INR 11450 (10K+14.5% service tax)  For clients with international country code  For trial subscriptions  In case a client has applied for PAN Card:- Client can submit acknowledgment of PAN card application Get 15 day waiver post approval from Sales heads Re-ask Client to submit PANCARD After 15 days Subscriptions will be reactivated from ERP without extension* The running subscriptions will be deactivated from ERP * Extension if any needed by the client will have to be taken up by Account manager directly with finance. Successful Failed Verification of PAN Card Already Live
  10. 10. Going Live 1. OTP based login authentication for sub users – Optional
  11. 11. What is OTP based login authentication?  Users will be required to enter a One Time Password (OTP) after submitting username/password before they can use any Naukri service.  The OTP will be sent on verified email ID and mobile number.  This will be rolled out in the following 3 phases:- Initially this will be optional. Super user can change Login OTP setting for his sub users The Login OTP will be made mandatory for all users Super user will need to enter Login OTP as well Optional Phase Mandatory Phase Going Live Planned
  12. 12. In the Optional Phase, Super Users can activate OTP based login authentication for users  By default OTP is OFF for all clients  Super user can change Login OTP setting for all sub users in his account from Manage Users page Super user selects Enhanced Security setting User A doesn’t have verified email Id as username User A will not get Login OTP screen User B has verified email Id as username User B will get Login OTP screen Going Live
  13. 13. Only users with verified email ID will get OTP while logging in • As soon as super user turns OTP setting ON, he is notified about how many users will be prompted for OTP while logging in. • Super user will need to get username of remaining users changed to valid and unique email ID so that OTP can apply to all users
  14. 14. Super User notification when he switches the OTP setting OFF • OTP will become mandatory for all users and super users in 3 months.
  15. 15. User will be prompted for OTP after submitting username & password  If super user has activated OTP  If username is a verified email ID  If user’s login pattern has changed  If user has not submitted OTP in last 7-10 days 1 3 2
  16. 16. The OTP will be sent via mail on verified email ID and SMS on verified mobile number  Users without verified email ID as user-name will not be covered under the Security setting.  In the Optional Phase, they will not be prompted for OTP while Login even if super user has enabled OTP based login.  However, they will also need to enter OTP when Login OTP becomes mandatory. OTP for login into your Naukri user account vridhi.chowdhry@naukri.com is 3472AtFk. This is valid for 30 minutes.
  17. 17. In case of delay, user can resend OTP  OTP is specific to a user and login session.  User A’s OTP cannot be used by User B, even if they are in the same company account.  User A’s OTP for 1 system / browser cannot be used by User B for a different System / Browser.  OTP will expire  After 30 minutes of generation  If it has been used once  If user has been prompted for entering OTP but has not entered OTP for 2 hours, he will need to start again by submitting username and password.  Resent OTP will be valid for another 30 minutes  Any of the valid unused OTPs can be used for validation.
  18. 18. The OTP will be prompted when user logs in from CSM or NaukriRecruiter login pages well  After successful login, OTP will not be prompted for 7-10 days unless user’s login pattern changes.  Pure NaukriRecruiter profile that is not linked to any sub / super user account will not be asked for Login OTP.
  19. 19. Thank You

×