Frequently Asked Questions.

How is OneID more secure than other OOB, two-factor solutions?

OneID is the only digital identity solution that provides end-to-end security through independent digital signatures across two (or more) devices. Where other out-of-band solutions, like SMS verification, can easily be attacked (number porting, spoofing, MITB, MITM, Eurograbber), OneID’s architecture is immune to today’s most common attacks.

OneID works with devices people already have – laptops, tablets, smartphones – and does not require another token or device.

How much does OneID cost?

OneID offers a subscription model to business customers. Please contact us for more details.

How does OneID protect my business from fraud?

With OneID as an authentication solution for your site, you are protected in a few ways.

First, users who sign in with OneID are going to be the same as the last time they signed in. No one can use their credentials – since their login is digitally signed across two devices and the OneID encrypted cloud repository.

Secondly, with no password database to manage, a business is able to minimize risk around breaching and unauthorized use of that data.

Third, customers can optionally require an authorization via the OneID Remote mobile app for purchases over a certain amount, reducing the chance of illegitimate use of a device with OneID. Also, should a device be stolen, users can instantly deactivate OneID on that device – further reducing the chance of unauthorized purchases using OneID.

What is involved in integrating OneID?

OneID has many reference implementations for popular e-commerce and banking platforms, such as Marketlive, Jagged Peak, ShopVisible and Acadaca, as well as blogging and CMS platforms like WordPress and Drupal, making integration fast and simple. And should you choose to integrate directly, it’s a matter of minutes or hours, not days or weeks. Read more on our Integration pages.

How does OneID help on my mobile website?

OneID is an ideal solution for the mobile web, where customers experience the most friction in sign in and checkout. With OneID, customers simply tap to sign in, tap to complete forms and tap to checkout, increasing conversion for you and convenience for them.

Does OneID have a solution to support my mobile application?

OneID is an ideal solution for the mobile web experience – helping customers ‘tap, not type’ their way to checkout.

As for mobile application user authentication, we are busy working on adapting the OneID architecture to support mobile applications. We know how critical the mobile platform is for businesses and customers alike and expect to have a solution in mid-2013, if not sooner.

How is a user’s data stored?

OneID uses public-key cryptography architecture at the device level before sending that encrypted string to the OneID cloud repository.

Does OneID meet FFIEC requirements?

OneID meets or exceeds FFIEC requirements on customer authentication and out-of-band/2-factor authorization, including:

  • “Use of dual customer authorization through different access devices.”
  • “Use of out-of-band verification for transactions.”
  • “Enhanced controls over account activities and transaction value threshold.”
  • “Use of advanced device identification techniques.”

But beyond meeting these requirements, OneID doesn’t add any friction to a customer’s experience. OneID is simple for users.

Does OneID do single sign-on (SSO) for enterprise?

While OneID’s architecture is strong enough to protect the threats and vulnerabilities for enterprise, the solution as it’s designed today is designed for customers.