The growing risk of fraudulent payments from erroneous banking information is a significant threat. Bad actors utilize various attack vectors such as spoofed emails and compromised accounts to deceive businesses and access sensitive data. Graphite Connect employs a robust "Know-Your-Supplier" approach and advanced data validation to mitigate the risk of fraud.
Graphite's "Know-Your-Supplier" process adds stronger user data protections while minimizing delays and intrusive concerns related to in-person video calls with support and verification personnel. Verifying the user's identity early in the onboarding process is crucial - preventing bad actors from even entering the application is a pivotal security measure. Most other market solutions only offer data validation, leaving room for bad actors to enter and have several attempts at bypassing validation methods.
Layered Security Approach
Graphite Connect uses multiple layers of security, approvals, and validations to safeguard against attacks. These security layers ensure that only authorized users have access to sensitive data and that the data that is entered is valid and can be trusted. Here are the ten steps Graphite takes to ensure data security and validity:
- Elimination of Email Vulnerabilities
Graphite's network architecture removes email as an attack vector by discontinuing acceptance of supplier data changes via email by procurement teams. - Two-Factor Authentication (2FA)
Users must enable either two-factor authentication or a mobile authentication application during sign-up to secure their accounts. - Telecom Verification for Phone Numbers
In supported regions, users will undergo verification through a telecom check using public data, IP verification, and possession check. With this check, Graphite identifies and prevents bad actors who’ve SIM swapped, phone ported, or many other common attack vectors. - ID Verification
Users without mobile 2FA or in unsupported regions undergo ID verification. Our in-app solution allows for quick validation using valid identification and a selfie. This process uses enhanced AI and image recognition to verify users within minutes. - Video Call Verification
Users unable to verify through telecom or ID verification can undergo a video call verification with our global support team. Any high-risk situations are elevated to the requesting company’s team for their review. - Domain Verification
After identification verification, Graphite validates supplier email addresses to ensure they match the owned domains of the requested supplier. With enriched third-party data, Graphite can not only identify multiple valid domains, but also any relevant security concerns. - Secondary Approvals
Most organizations are required to have secondary approvals, ensuring all changes to sensitive data are reviewed and approved by two authorized users. - Location Data Validation
All location data is verified through third-party data validations, with non matches receiving an extra validation from our validations team. - Tax Data Validation
Advanced Optical Character Recognition (OCR) is employed, ensuring validity and accuracy of tax data and documentation. - Bank Validation
OCR and third-party data verification allows for extra security on the most sensitive supplier data. Our OCR technology validates that information is accurate, while our data verification ensures bank validity and ownership.
Common Questions
Are all my suppliers required to verify their identity?
The risk of fraudulent payments due to erroneous updates in banking information poses a growing threat to companies. Bad actors exploit various vectors such as spoofed emails or compromised accounts to deceive businesses. Graphite Connect employs a Know Your Supplier approach coupled with enhanced data validation measures.
This means that all users who go through supplier onboarding will be required to verify their identity through our identity verification.
How is verification data used or stored?
Graphite takes your data security as a top priority. The data we use to identify you is never stored or used for purposes other than identity verification. To find out more please visit our Privacy Policy and Terms of Services pages.
Why do suppliers need to provide a government-issued ID as part of the onboarding process?
Graphite's "Know-Your-Supplier" approach requires verifying the identity of the individuals representing your company. When required, providing a government-issued ID allows us to confirm that you are who you claim to be, which is crucial before you can add additional users or enter sensitive tax and banking information. This step helps protect both your company and Graphite from potential fraud or misrepresentation.
Why are you asking for a user image as part of the onboarding process?
The user image requirement is an additional security measure to help verify the identity of the individuals accessing the Graphite platform. Providing a clear, recent photo of yourself helps our team match the person to the government-issued ID and phone number you've submitted. This multi-factor approach strengthens the overall identity confirmation process.
Can suppliers use a scanned copy of a government ID, or does it need to be a physical card?
Graphite accepts only original physical government-issued cards and documents. We recommend Driver’s Licenses, ID Cards, Residence Permits, and Passports, but in total, over 11,000 document types spanning 230 countries are acceptable.
Graphite Connect provides industry-leading security for business data. Contact us to learn how we can safeguard your company. For questions or more information, contact our support team at support@graphiteconnect.com.