Supplier Onboarding Security & Identity Verification: How It Works

  • Updated

Updated April 2024 to reflect new changes to the Graphite Supplier Onboarding process.

Graphite’s vision is to build the largest & most secure network of verified suppliers and vendors in the world.

As a part of this goal, and in order to protect our customers against bad actors who are using AI and traditional fraud methods to hijack bank payments, we have put in place multiple security checks in our Supplier Onboarding flow.

 

 

In addition to two-factor authentication (2FA), Graphite validates certain data points provided by vendors and suppliers in the onboarding process in order to ensure accuracy and prevent fraud.

These data points include (but are not limited to):

  • Mobile phone
  • PII like name and email
  • Company Locations
  • Bank account
  • Company name / DBA
  • Tax Identification Number (TIN)
  • Tax Classification

Previously, our application required two authenticated users or a scheduled call with the Graphite team to make adjustments to sensitive data. April 2024 updated this process to require all suppliers to have their identities verified prior to entering the system through either telecom or automated ID verification. The new automated and manual ID verification processes both require users to present valid government-issued ID. While the manual ID verification process is still available as a fallback to new vendors, our new telecom and government ID verification is the fastest way to get onboarded and enhances overall security.  

The new process does this digitally and in real-time as the vendor completes onboarding. It is fast, secure and SOC II compliant in how we collect this data and store it. In order to validate tax and bank information securely, this is a critical step in our flow. Manual identity verification is still available for vendors who are unable to complete the streamlined government validation process and can be scheduled with the Graphite team by emailing support@graphiteconnect.com. Over 11,000 IDs are accepted from 200+ countries.

Deep fakes make it increasingly difficult to rely on traditional methods to trust and validate the identity of the users and the integrity of the data. Graphite is committed to protecting you and your data. Verifying vendors is a critical piece of this commitment.

 

Frequently Asked Questions

Are all my suppliers required to verify their identity?

The risk of fraudulent payments due to erroneous updates in banking information poses a growing threat to companies. Bad actors exploit various vectors such as spoofed emails or compromised accounts to deceive businesses. Graphite Connect employs a Know Your Supplier approach coupled with enhanced data validation measures.

This means that all users who go through supplier onboarding will be required to verify their identity through our identity verification.

How is verification data used or stored?

Graphite takes your data security as a top priority. The data we use to identify you is never stored or used for purposes other than identity verification. To find out more please visit our Privacy Policy and Terms of Services pages. 

Why do suppliers need to provide a government-issued ID as part of the onboarding process?

Graphite's "Know-Your-Supplier" approach requires verifying the identity of the individuals representing your company. When required, providing a government-issued ID allows us to confirm that you are who you claim to be, which is crucial before you can add additional users or enter sensitive tax and banking information. This step helps protect both your company and Graphite from potential fraud or misrepresentation.

Why are you asking for a user image as part of the onboarding process?

The user image requirement is an additional security measure to help verify the identity of the individuals accessing the Graphite platform. Providing a clear, recent photo of yourself helps our team match the person to the government-issued ID and phone number you've submitted. This multi-factor approach strengthens the overall identity confirmation process.

Can suppliers use a scanned copy of a government ID, or does it need to be a physical card?

Graphite accepts only original physical government-issued cards and documents. We recommend Driver’s Licenses, ID Cards, Residence Permits, and Passports, but in total, over 11,000 document types spanning 230 countries are acceptable.

Was this article helpful?

0 out of 0 found this helpful