Ruka hadi maudhui makuu
Didit Yakusanya $7.5M Kujenga Miundombinu ya Utambulisho na Udanganyifu
Didit
Ulinzi Dhidi ya Utekaji Nyara wa Akaunti

Zuia utekaji nyara wa akaunti kwa ukaguzi wa uso. Ongeza ulinzi pale hatari inapoongezeka.

Hatua ya kibayometriki katika nyakati halisi ambazo washambuliaji hulenga, uhamishaji, kuweka upya nenosiri, kuingia kwa kifaa kipya. Uamuzi chini ya sekunde mbili, karibu $0.13 kwa kila tukio. Uthibitishaji 500 bure kila mwezi.

Inaungwa mkono na
Y CombinatorRobinhood Ventures
Firecrawl
Slash
Crnogorski Telekom
UCSF Neuroscape
Bit2Me
Shiply

Inaaminika na mashirika 2,000+ duniani kote.

Mrundikano wa giza usioeleweka wa utekaji nyara wa akaunti, paneli nne zinazoelea za kioo cheusi kinachopitisha mwanga katika mtazamo wa 3D kwenye rangi nyeusi kabisa, zikipitishwa na mstari wima wa Didit Blue unaong'aa na kuwekewa fremu na mabano manne ya skana yanayong'aa. Kila paneli hubeba motifu ndogo nyeupe isiyo dhahiri ya mapishi ya hatua ya juu.

Jinsi washambuliaji wanavyoshambulia

Nenosiri zilizoibiwa. Vipindi vilivyoibiwa. Chagua uso badala yake.

Utekaji nyara wa vitambulisho, SIM-swap, na mashambulizi ya 'stolen-session-cookie' yote hupita nywila na nambari za mara moja. Zibadilishe na hatua ya Didit wakati wa kitendo, $0.10 kwa kila simu, uamuzi chini ya sekunde mbili, 500 bure kila mwezi.

Jinsi inavyofanya kazi

Kuanzia kujisajili hadi mtumiaji aliyethibitishwa kwa hatua nne.

  1. Hatua 01

    Unda mtiririko wa kazi

    Chagua ukaguzi unaotaka, ID, liveness, ulinganishaji wa uso, vikwazo, anwani, umri, simu, barua pepe, maswali maalum. Ziburute kwenye mtiririko katika dashibodi, au tuma mtiririko huo huo kwenye API yetu. Panga masharti, fanya majaribio ya A/B, hakuna msimbo unaohitajika.

  2. Hatua 02

    Unganisha

    Pachika moja kwa moja na SDK yetu ya Web, iOS, Android, React Native, au Flutter. Elekeza kwenye ukurasa uliopangishwa. Au tuma tu kiungo kwa mtumiaji wako, kwa barua pepe, SMS, WhatsApp, popote. Chagua kinachofaa stack yako.

  3. Hatua 03

    Mtumiaji anapitia mtiririko

    Didit inasimamia kamera, ishara za mwanga, uhamishaji wa simu, na ufikiaji. Wakati mtumiaji yuko kwenye mtiririko, tunapima ishara 200+ za udanganyifu kwa wakati halisi na kuthibitisha kila sehemu dhidi ya vyanzo vya data vya mamlaka. Matokeo chini ya sekunde mbili.

  4. Hatua 04

    Unapokea matokeo

    Webhooks zilizotiwa saini za wakati halisi huweka database yako sawa pindi tu mtumiaji anapoidhinishwa, kukataliwa, au kupelekwa kukaguliwa. Uliza API inapohitajika. Au fungua console kukagua kila session, kila signal, na kudhibiti kesi kwa njia yako.

Imejengwa kwa ajili ya mapishi · Bei kama miundombinu

Uwezo sita. Step-up moja. ~$0.13 kwa kila tukio.

Ulinzi wa ATO ni mchanganyiko, si ukaguzi mmoja. Washa kila uwezo kwa kila workflow katika Workflow Builder, au ziunganishe moja kwa moja kupitia API.
01 · Kichocheo cha Step-up

Unachagua wakati. Didit inafanya ukaguzi.

Sera ya step-up inakaa kwenye Workflow Builder, uhamisho wa thamani kubwa, kuweka upya nenosiri, malipo kwa eneo jipya, kuingia kwa kifaa kipya, hitilafu ya kijiografia. Weka lango la awali na Device & IP Analysis ikiwa unataka tu ukaguzi wa uso wakati ishara za mtandao zinaonekana hatari. Hakuna haja ya ku-redeploy kubadili sheria.
Moduli ya Workflow Orchestrator
02 · Step-up ya Biometriska

Step-up moja. Uamuzi chini ya sekunde mbili.

Injini ileile ya biometriska ambayo mtumiaji alipitia wakati wa kujisajili, iBeta Level 1 Presentation Attack Detection (PAD) pamoja na face match 1:1 dhidi ya picha iliyohifadhiwa. $0.10 kwa kila session. Inazuia phishing na SIM-swap. Chini ya sekunde mbili kutoka mwanzo hadi mwisho kwenye Android za kiwango cha chini.
Moduli ya Biometric Authentication
03 · Face match 1:1 dhidi ya kujisajili

Lengo la kulinganisha ni picha ya mtumiaji iliyohifadhiwa.

Face Match 1:1 inalinganisha kila selfie ya step-up dhidi ya picha ya mtumiaji iliyohifadhiwa wakati wa kujisajili. Inarudisha alama ya kufanana ya 0–1.0 pamoja na maonyo; kizingiti kinaweza kurekebishwa kwa kila workflow. Selfie iliyoibiwa haiwezi kupita, lengo limefungwa kwa usajili wa awali, si picha mpya iliyopigwa.
Moduli ya Face Match 1:1
04 · Ulinzi dhidi ya Deepfake

Chapisha. Rudia. Barakoa. Deepfake. Zote zimezuiwa.

Imejaribiwa kwa uhuru katika iBeta na kuthibitishwa katika Level 1 PAD dhidi ya orodha kamili ya ISO/IEC 30107-3. Inazuia picha zilizochapishwa, marudio ya skrini, barakoa za karatasi / silikoni / mpira, mashambulizi ya morph, na deepfakes zinazozalishwa na AI za mmiliki wa akaunti. Inajaribiwa tena kila mwaka.
Moduli ya Liveness
05 · IP + ukaguzi wa awali wa kifaa

VPN, datacenter, Tor, zimewekewa bendera kabla ya ukaguzi wa uso.

Pima IP (Internet Protocol) address ya mtumiaji na alama ya kifaa kabla ya step-up kuanza. Inarudisha alama ya hatari ya 0–100 pamoja na bendera za VPN, proxy, Tor, datacenter, nchi, na ASN. $0.03 kwa kila ukaguzi, chini ya 100ms. Ruka step-up kwenye kifaa kinachoaminika + mtandao wenye hatari ndogo.
Moduli ya Device & IP Analysis
06 · Uamuzi wa Webhook

Webhook moja. Matawi matatu. Imekamilika.

Webhook iliyotiwa saini inatua na uamuzi, Imeidhinishwa, Imekataliwa, Inakaguliwa, Haijamalizika. Thibitisha X-Signature-V2 na HMAC SHA-256 kabla ya kusoma body. Payload sawa kwenye kila step-up; gawanya hatua ya awali ipasavyo. Ishara 200+ za udanganyifu zimefichuliwa bila gharama ya ziada.
Rejea ya Webhook
Unganisha

Session moja. Webhook moja iliyotiwa saini. Matawi matatu.

Fungua step-up dhidi ya workflow ya biometriska. Soma uamuzi uliotiwa saini. Gawanya hatua.
POST /v3/session/Step-up
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_ato_step_up",
    "vendor_data": "user-42",
    "metadata": { "trigger": "high_value_transfer" },
    // base64 KYC enrolment selfie, ≤ 1MB
    "portrait_image": "/9j/4AAQSkZJRgABAQE..."
  }'
201Imeundwa{ "session_url": "verify.didit.me/..." }
Zuia hatua hadi webhook itue status: Approved.nyaraka →
POST /webhooks/diditUamuzi
// X-Signature-V2 verified upstream
if (payload.status === "Imeidhinishwa") {
  unblockAction(payload.vendor_data);
} else if (payload.status === "Imekataliwa") {
  logWarnings(payload.liveness.warnings);
  blockAndAlert(payload.vendor_data);
}
200Sawahali Imeidhinishwa · Imekataliwa · Inapitiwa · Haijakamilika
Thibitisha X-Signature-V2 kabla ya kusoma payload.nyaraka →
Ujumuishaji tayari kwa agent

Tuma ulinzi wa account-takeover kwa prompt moja.

Bandika kwenye Claude Code, Cursor, Codex, Devin, Aider, au Replit Agent. Jaza stack yako. Agent huunganisha trigger, hufungua session ya step-up, huthibitisha webhook, na huchanganua action asili.
didit-integration-prompt.md
You are integrating Didit account-takeover defence into an application that already has the user signed in. Your job: when a sensitive action fires (large transfer, password reset, payout to a new destination, new-device login, geo anomaly), gate it on a Didit biometric step-up. One API call. One signed webhook. Three branches.

WHY THIS SHAPE
  - Credential stuffing, SIM-swap, and stolen-session-cookie attacks all walk past passwords and SMS one-time codes. A face check at the moment of the sensitive action does not.
  - Didit runs Passive Liveness (the user is alive, present, not a deepfake) plus 1:1 Face Match against the portrait captured at sign-up. A stolen selfie cannot pass — the comparison target is locked to the original enrollment.
  - $0.10 per step-up (Biometric Authentication module) + $0.03 IP pre-check (optional) = around $0.13 per event. Sub-two-second verdict on entry-level Android. 500 verifications free every month.

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
  - A webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header using your webhook secret.
 HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature.  - A Workflow Builder workflow that bundles Passive Liveness + Face Match 1:1 (with the user's stored sign-up portrait as the comparison target). Optionally compose Device & IP Analysis ahead of the step-up to pre-gate the check.
  - Persist the user's sign-up portrait — either base64 on your side, or rely on Didit's stored enrollment via vendor_data lookup.

STEP 1 — Decide WHEN to step up (your code, not Didit's)
  Run your usual fraud signals. Common triggers worth a biometric step-up:
    - Wire / crypto transfer above the user's daily limit
    - Password / email reset on a session less than 24h old
    - Payout to a bank account or wallet seen for the first time
    - Login from a new device or new country
    - Velocity anomaly — N actions of type T within window W

  Cheap pre-check (optional, ~100ms, $0.03):
    - Score the user's IP via Device & IP Analysis. If the IP is a residential trusted address with a low risk score AND the device fingerprint matches the user's trusted device, skip the step-up. Otherwise run Step 2.

STEP 2 — Create a biometric step-up session
  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<wf id bundling Passive Liveness + Face Match 1:1>",
      "vendor_data": "<your user id, max 256 chars>",
      "callback": "https://<your-app>/ato/step-up/callback",
      "metadata": {
        "trigger": "high_value_transfer",
        "action_id": "<your internal action reference>"
      },
      "portrait_image": "<base64 JPEG of the user's stored sign-up portrait, ≤ 1 MB — REQUIRED when the workflow has FACE_MATCH active; the step-up matches the new live selfie against this stored reference>"
    }

  Response: 201 Created with a hosted session URL. Redirect the user there inline (or open it in a webview / Didit mobile SDK). The action stays BLOCKED on your side until the signed webhook lands.

STEP 3 — Read the signed webhook on completion
  Didit POSTs the decision to your callback. Verify X-Signature-V2 (HMAC SHA-256 of the raw request body using your webhook secret) BEFORE reading the JSON.

  Payload (excerpted):
    {
      "session_id": "<uuid>",
      "vendor_data": "<your user id>",
      "status": "Approved",
      "liveness": { "status": "Approved" },
      "face":     { "status": "Approved", "similarity_score": 0.94 },
      "ip_analysis": { "status": "Approved", "score": 11 }
    }

  Session status enum (exact case, Title Case With Spaces): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

STEP 4 — Branch the original action on status
  Approved      → unblock the sensitive action. Log session_id + similarity score on the audit trail.
  In Review     → hold the action, route to a human review queue.
  Declined      → block the action, log liveness warnings (mask / deepfake / replay / morph), alert the user.
  Not Finished  → invite the user to retry with a fresh session URL.
  Expired       → resend the link; the original session has timed out.
  Abandoned     → the user closed the flow before completing; resend the link.

STEP 5 — (Optional) Pull the full decision payload
  GET https://verification.didit.me/v3/session/{session_id}/decision/
  Headers:
    x-api-key: <your api key>
  Returns the same payload as the webhook plus the structured signals (liveness warnings, face-match similarity, IP / device flags). Use for analyst review.

WEBHOOK EVENT NAMES
  - Sessions: standard session webhook (one endpoint, status field tells you where in the lifecycle).
  - Verify X-Signature-V2 (HMAC SHA-256) on every payload.

CONSTRAINTS
  - Session statuses use Title Case With Spaces (Approved, In Review). Never use UPPER_SNAKE_CASE for session verdicts — that's the Transactions API and lives in a different surface.
  - 1:1 face match's comparison target is the user's STORED sign-up portrait, not a freshly captured one. A stolen selfie cannot pass.
  - iBeta Level 1 Presentation Attack Detection (PAD) certified against the full ISO/IEC 30107-3 catalogue — print, replay, paper / silicone / latex mask, deepfake, morph.
  - The Workflow Builder is where you choose the modules in the step-up — change them in the console without redeploying.
  - 200+ fraud signals are surfaced on every session at no extra cost — read them off the decision payload, don't re-query.

Read the docs:
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/core-technology/biometric-auth/overview
  - https://docs.didit.me/core-technology/ip-analysis/overview
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.
Inatii kwa muundo

Fungua nchi mpya kwa kubofya mara moja. Tunafanya kazi ngumu.

Tunafungua kampuni tanzu za ndani, tunapata leseni, tunafanya majaribio ya kupenya, tunapata vyeti, na tunalingana na kila kanuni mpya. Ili kusafirisha uthibitishaji katika nchi mpya, geuza swichi. Nchi 220+ ziko hewani, zinakaguliwa na kupimwa kila robo mwaka, mtoa huduma pekee wa utambulisho ambaye serikali ya nchi mwanachama wa EU imemwita rasmi kuwa salama zaidi kuliko uthibitishaji wa ana kwa ana.
Soma faili ya usalama na utiifu
EU financial sandbox
Tesoro · SEPBLAC · BdE
Jugendschutz geprüft
FSM · JMStV §4(2) · 2026
ISO/IEC 27001
Usalama wa habari · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned kwa muundo

Namba za uthibitisho

Namba za uthibitisho
  • iBeta L1
    Utambuzi wa Mashambulizi ya Uwasilishaji uliothibitishwa kwa uhuru, hujaribiwa upya kila mwaka.
  • <0s
    Uamuzi wa step-up mwisho-kwa-mwisho kwenye Android ya kiwango cha chini.
  • ~$0.13
    Kwa kila tukio, $0.10 biometric step-up pamoja na $0.03 hiari ya IP pre-check.
  • 0
    Uthibitishaji wa bure kila mwezi, kwenye kila akaunti.
Ngazi tatu, orodha moja ya bei

Anza bure. Lipa kulingana na matumizi. Panua hadi Enterprise.

Uthibitishaji 500 bila malipo kila mwezi, milele. Lipa kadri unavyotumia kwa uzalishaji. Mikataba maalum, uhifadhi wa data, na SLA (Service Level Agreements) kwenye Enterprise.
Bure

Bure

$0 / mwezi. Hakuna kadi ya mkopo inayohitajika.

  • Kifurushi cha bure cha KYC (Uthibitishaji wa Kitambulisho + Passive Liveness + Face Match + Uchambuzi wa Kifaa & IP), 500 / mwezi, kila mwezi
  • Watumiaji Waliozuiwa
  • Utambuzi wa Marudio
  • Ishara 200+ za udanganyifu kwenye kila session
  • KYC inayoweza kutumika tena kwenye mtandao wa Didit
  • Jukwaa la Usimamizi wa Kesi
  • Workflow Builder
  • Nyaraka za umma, sandbox, SDKs, server ya MCP (Model Context Protocol)
  • Usaidizi wa jamii
Maarufu zaidi
Lipa kulingana na matumizi

Kulingana na Matumizi

Lipa tu kwa unachotumia. Moduli 25+. Bei za umma kwa kila moduli, hakuna ada ya chini ya kila mwezi.

  • KYC kamili kwa $0.33 (Kitambulisho + Biometric + IP / Kifaa)
  • Data za AML 10,000+, vikwazo, PEPs, habari hasi
  • Vyanzo vya data vya serikali 1,000+ kwa Uthibitishaji wa Database
  • Ufuatiliaji wa Miamala kwa $0.02 kwa kila muamala
  • KYB ya moja kwa moja kwa $2.00 kwa kila biashara
  • Uchunguzi wa Wallet kwa $0.15 kwa kila ukaguzi
  • Mtiririko wa uthibitishaji wa Whitelabel, brand yako, miundombinu yetu
Biashara Kubwa

Biashara Kubwa

MSA & SLA maalum. Kwa idadi kubwa na programu zilizodhibitiwa.

  • Mikataba ya kila mwaka
  • MSA, DPA, na SLA maalum
  • Kituo maalum cha Slack na WhatsApp
  • Wakaguzi wa mikono wanapohitajika
  • Masharti ya muuzaji na white-label
  • Vipengele vya kipekee na ushirikiano wa washirika
  • CSM aliyetajwa, ukaguzi wa usalama, usaidizi wa kufuata

Anza bure → lipa tu wakati ukaguzi unafanyika → fungua Enterprise kwa mkataba maalum, SLA, au uhifadhi wa data.

FAQ

Maswali ya kawaida

Didit ni nini?

Didit ni miundombinu ya utambulisho na udanganyifu, jukwaa ambalo tulitamani lingekuwepo tulipokuwa tukijenga bidhaa zetu wenyewe: wazi, rahisi, na rafiki kwa watengenezaji, ili lifanye kazi kama sehemu halisi ya stack yako badala ya "black box" unayounganisha.

API moja inashughulikia kuthibitisha watu (KYC, mjue mteja wako), kuthibitisha biashara (KYB, mjue biashara yako), kuchunguza pochi za crypto (KYT, mjue muamala wako), na kufuatilia miamala kwa wakati halisi, kwenye stack iliyojengwa kuwa:

  • Haraka, chini ya sekunde 2 p99 kwenye kila kipindi
  • Inaaminika, inatumika na kampuni 1,500+ katika nchi 220+
  • Salama, SOC 2 Type 1, ISO 27001, GDPR-native, na kuthibitishwa rasmi na mdhibiti wa kifedha wa Uhispania kuwa salama zaidi kuliko kumthibitisha mtu ana kwa ana

Msingi wake: aina 14,000+ za hati katika lugha 48+, vyanzo vya data 1,000+, na ishara za udanganyifu 200+ kwenye kila kipindi. Miundombinu ya Didit hujifunza kwa nguvu kutoka kila kipindi na inaboreshwa kila siku.

Shambulio la udhibiti wa akaunti ni nini?

Udhibiti wa akaunti (ATO) hutokea wakati mshambuliaji anapata udhibiti wa akaunti halali ya mtumiaji, kwa kawaida kwa kutumia vitambulisho vilivyoibiwa, "session cookie" iliyotekwa, au "SIM-swap" inayopokea Nenosiri la Mara Moja (OTP). Kutoka hapo huondoa pesa kwenye pochi, huhamisha fedha, hubadilisha maelezo ya malipo, au huweka upya barua pepe na kumzuia mmiliki halisi kuingia.

Shambulio hilo hupita nenosiri kwa sababu nenosiri tayari ni sahihi. Hupita msimbo wa Short Message Service (SMS) kwa sababu mshambuliaji anadhibiti namba ya simu. Ulinzi ni kukatisha wakati wa hatua kwa kitu ambacho mshambuliaji hana, uso wa mtumiaji halali.

Kwa nini misimbo ya mara moja ya SMS haizuii ATO tena?

Kwa sababu udanganyifu wa SIM-swap huweka msimbo wa Short Message Service (SMS) kwenye mfuko wa mshambuliaji. Mshambuliaji humshawishi mtoa huduma kuhamisha namba ya mwathirika kwenye Subscriber Identity Module (SIM) mpya; kuanzia hapo, kila msimbo ambao benki hutuma hufika kwenye simu ya mshambuliaji.

"Phishing kits" za 2026 pia huhamisha msimbo kwa wakati halisi, mtumiaji huuchapa kwenye ukurasa bandia, kit huurudia kwenye tovuti halisi, kipindi hufunguka. SMS hutoa siri moja inayoshirikiwa kwa kila chaneli; biometrics hutoa uthibitisho wa kila hatua unaohusishwa na binadamu aliye mbele ya kamera.

Uthibitishaji ni wa haraka kiasi gani kwa mtumiaji wangu wa mwisho?

Mchakato mzima kwa kawaida huchukua chini ya sekunde 30 kuanzia mwanzo hadi mwisho, chukua kitambulisho, piga picha hati, piga picha ya selfie, umemaliza. Huu ndio mchakato wa haraka zaidi sokoni. Watoa huduma wa zamani wa KYC kwa kawaida huchukua zaidi ya sekunde 90 kwa mchakato huo huo.

Kwa upande wa "back end", Didit hurejesha matokeo kwa chini ya sekunde mbili kwa p99, ikipimwa kuanzia wakati mtumiaji anamaliza selfie hadi wakati webhook yako inapoanza. Upigaji picha wa simu umeboreshwa kwa simu za polepole na mitandao ya polepole: "progressive image compression", upakiaji wa "lazy software development kit", na uhamishaji wa kugusa mara moja kutoka kompyuta hadi simu kupitia msimbo wa QR ikiwa mtumiaji anaanza kwenye wavuti.

Uthibitisho wa kibayometriki wa "step-up" unatofautianaje na usajili wa kibayometriki?

Usajili hunasa utambulisho wa mtumiaji kwa mara ya kwanza, hati ya utambulisho ya serikali, Optical Character Recognition (OCR), Passive Liveness, na picha inayoanza kuwa msingi wa usajili. Ni mchakato mzito, wa mara moja.

Step-up ni toleo jepesi, linaloweza kurudiwa. Injini ile ile ya "liveness" huendeshwa kwenye selfie mpya; Face Match 1:1 hulinganisha selfie mpya na picha iliyohifadhiwa ya usajili. Hakuna hati ya utambulisho, hakuna OCR. Chini ya sekunde mbili, $0.10 kwa kila kipindi.

Nini hutokea ikiwa mtumiaji atashindwa, kuacha, au muda wake kuisha?

Kila kipindi huishia kwenye mojawapo ya hali saba zilizo wazi, hivyo code yako daima inajua nini cha kufanya:

  • Approved, kila ukaguzi umefaulu. Endeleza mtumiaji.
  • Declined, ukaguzi mmoja au zaidi umeshindwa. Unaweza kumruhusu mtumiaji kutuma upya hatua maalum iliyoshindwa (kwa mfano, kupiga tena selfie) bila kuendesha upya mchakato mzima.
  • In Review, imewekwa alama kwa ukaguzi wa kufuata sheria. Fungua kesi kwenye console, angalia kila ishara, amua kuidhinisha au kukataa.
  • In Progress, mtumiaji yuko katikati ya mchakato.
  • Not Started, kiungo kimetumwa, mtumiaji bado hajafungua. Tuma ukumbusho ikiwa itakaa muda mrefu sana.
  • Abandoned, mtumiaji alifungua kiungo lakini hakumaliza kwa wakati. Mshirikishe tena au muda wake uishe.
  • Expired, kiungo cha kipindi kimepitwa na wakati. Unda kipindi kipya.

Webhook iliyosainiwa huwashwa kwenye kila mabadiliko ya hali, hivyo database yako daima inabaki sawa. Vipindi vilivyoachwa na vilivyokataliwa ni bure.

Data ya mteja wangu inakaa wapi na inalindwaje?

Data ya uzalishaji inachakatwa na kuhifadhiwa katika Umoja wa Ulaya kwa chaguo-msingi, kwenye Amazon Web Services. Mikataba ya biashara inaweza kuomba maeneo mbadala kwa mamlaka ambazo wadhibiti wao wanahitaji.

Usimbaji fiche kila mahali. AES-256 ikiwa imetulia kwenye kila database, hifadhi ya vitu, na "backup". Transport Layer Security 1.3 ikiwa inahamishwa kwenye kila API call, webhook, na kipindi cha Business Console. Data ya kibayometriki imesimbwa kwa kutumia Customer Master Key tofauti.

Uhifadhi ni wako kudhibiti. Uhifadhi wa chaguo-msingi ni usio na kikomo (unlimited) isipokuwa ukisanidi muda mfupi, kati ya siku 30 na miaka 10 kwa kila programu, na unaweza kufuta kipindi chochote cha kibinafsi wakati wowote kutoka kwenye dashibodi au API.

Vyeti: SOC 2 Type 1 (ukaguzi wa Type 2 unaendelea), ISO/IEC 27001:2022, iBeta Level 1 PAD, na uthibitisho wa umma kutoka Tesoro / SEPBLAC / CNMV ya Uhispania kwamba uthibitishaji wa utambulisho wa mbali wa Didit ni salama zaidi kuliko kumthibitisha mtu ana kwa ana. Ripoti kamili inapatikana /security-compliance.

Je, Didit inatii sheria za tasnia yangu?

Didit inatii sheria kwa chaguo-msingi kwa wadhibiti muhimu kwa miundombinu ya utambulisho:

  • GDPR + UK GDPR, mgawanyo wa "controller / processor", Mkataba kamili wa Uchakataji Data ulichapishwa, mamlaka kuu ya usimamizi imetajwa (AEPD ya Uhispania).
  • AMLD6 + EU AML Single Rulebook, orodha 1,300+ za vikwazo, watu walio wazi kisiasa, na orodha za habari mbaya zimechunguzwa kwa wakati halisi.
  • eIDAS 2.0, inalingana na EU Digital Identity Wallet; tayari kwa utambulisho unaoweza kutumika tena.
  • MiCA (Markets in Crypto-Assets), tayari kwa "crypto on-ramps", "exchanges", na "custodians".
  • DORA, Digital Operational Resilience Act, uthabiti wa uendeshaji wa huduma za kifedha za EU.
  • BIPA, CUBI, Washington HB 1493, CCPA / CPRA, faragha ya kibayometriki ya Marekani (Illinois, Texas, Washington) na faragha ya watumiaji ya California.
  • UK Online Safety Act, "age-gating" na majukumu ya usalama wa watoto.
  • FATF Travel Rule, data ya mwanzilishi na mnufaika kwenye uhamishaji wa crypto, inaoana na IVMS-101.

Memo ya kina, kila cheti, kila barua ya mdhibiti: /security-compliance.

Ninaweza kuunganisha na kuanza kuthibitisha watumiaji haraka kiasi gani?
  • Sekunde 60 hadi akaunti ya sandbox kwenye business.didit.me, hakuna kadi ya mkopo.
  • Dakika 5 hadi uthibitishaji unaofanya kazi kupitia Claude Code, Cursor, au wakala yeyote wa kuandika code kupitia seva yetu ya Model Context Protocol (MCP).
  • Wikiendi moja hadi muunganisho tayari kwa uzalishaji na uthibitishaji wa "signed-webhook", majaribio upya, na mchakato wa kurekebisha wakati mtumiaji anakataliwa.

Njia tatu za kuunganisha, chagua inayofaa stack yako:

  • Pachika asili na Web, iOS, Android, React Native, au Flutter SDK yetu.
  • Mwelekeze mtumiaji kwenye ukurasa wa uthibitishaji uliopangishwa, hakuna SDK.
  • Tuma kiungo kwa barua pepe, SMS, WhatsApp, au chaneli yoyote, hakuna kazi ya "front-end".

Dashibodi ile ile, bili ile ile, bei ile ile ya kulipa kwa mafanikio kwa zote tatu. Mwongozo wa hatua kwa hatua unapatikana docs.didit.me/integration/integration-prompt.

Ninawezaje kuangalia mtandao kabla ya uthibitisho wa uso kuanza?

Fanya Uchambuzi wa Kifaa na IP kabla ya "step-up". $0.03 kwa kila ukaguzi, chini ya 100ms, hurejesha alama ya hatari ya 0–100 pamoja na bendera za Virtual Private Network (VPN), "proxy", The Onion Router (Tor), "datacenter", nchi, na Autonomous System Number (ASN).

Ikiwa mtandao unaonekana safi (Internet Service Provider (ISP) ya makazi, "device fingerprint" inayoaminika, hakuna mabadiliko ya nchi), ruka uthibitisho wa uso. Ikiwa alama ni ya juu au bendera yoyote inawaka, fanya "step-up". Hiyo huweka bajeti ya kibayometriki kwenye matukio ambayo yanahitaji kweli.

Inagharimu kiasi gani kwa kila hatua iliyolindwa?

Vipengele viwili:

  • Uthibitishaji wa Kibayometriki wa "step-up": $0.10 kwa kila kipindi
  • Uchambuzi wa Kifaa na IP wa "pre-check" (hiari): $0.03 kwa kila simu

Karibu $0.13 kwa kila hatua nyeti iliyochunguzwa kikamilifu. Uthibitishaji 500 wa kwanza kila mwezi ni bure kwenye kila akaunti, timu nyingi hugundua kuwa kiasi chao cha "step-up" kinakaa ndani ya posho hiyo kwa wiki chache za kwanza.

Hakuna kiwango cha chini, hakuna ahadi ya kila mwaka, hakuna bei kwa kila kiti.

Ni tasnia gani zinazotumia "recipe" hii?

"Recipe" hii inatumika kwa timu yoyote inayoshughulikia hatua zenye thamani kubwa. Mifumo ya kawaida inayotumika:

  • Fintech / neobank: "step up" kwenye uhamishaji unaozidi kikomo cha kila siku na kwenye mabadiliko ya akaunti ya malipo
  • Crypto exchange: "step up" kwenye uondoaji wa pesa kwenda kwenye pochi isiyo kwenye orodha ya kuruhusiwa
  • Marketplace: "step up" kwenye malipo kwenda kwenye akaunti mpya ya benki na kwenye hatua za kuorodhesha kwa wingi
  • iGaming: "step up" kwenye uondoaji wa pesa na kwenye "overrides" za kikomo cha michezo ya kubahatisha inayowajibika
  • Telecom / utilities: "step up" kwenye "SIM-port-out" na maombi ya mabadiliko ya anwani

Workflow Builder ile ile, "triggers" tofauti, muunganisho mmoja, mstari mmoja wa bei.

Miundombinu ya utambulisho na udanganyifu.

API moja kwa KYC, KYB, Ufuatiliaji wa Miamala, na Uchunguzi wa Wallet. Unganisha ndani ya dakika 5.

Uliza AI ifupishe ukurasa huu