AnnouncementsFeaturedKashoo News

We’ve Added a New Measure of Security: Phone Verification

By April 29, 2019 No Comments

Whether you’ve been a Kashoo user for a while or you’re new to our software, you may have noticed that we have added a phone verification step before you can connect your bank feed. This is a measure to increase the level of account security and trust. With more and more cases of cyber security breaches happening to even some of the largest companies, we’re always looking to further improve our security processes.

As we provide accounting software, we want to make sure your financial data, including your bank feed information, is kept safe and seen by your eyes only. Kashoo allows users to connect to bank and credit card accounts, and because of this, we are obliged to implement certain regulations aiming at increasing the level of your account’s security.

Why Phone Verification?

While we are focused on ensuring all of our client’s data is kept safe, we still want to make sure we’re providing the least annoying method of verification. As basic CAPTCHA’s are already considered to be an unsatisfactory method of human verification based on industry standards, phone verification was the next best solution that works on a global scale.

NPR’s Planet Money had a great podcast episode on this topic explaining what CAPTCHA is and why verifying that you’re human is important for data security.

Phone verification is our security measure of choice because the act of verifying your identity through your phone is easy if you are the legitimate owner of the phone number. It’s incredibly more complex and hard to do if your motivation is to scam the system. Compared to creating a bogus email account, generating a fake mobile phone number where the attacker must open an account with a legitimate telecommunications company to obtain a SIM card is usually too time, effort, and cost-heavy to be worth it.

How Does Phone Verification Work?

With Phone Verification, the owner of the phone number is sent a time-sensitive code via an SMS text message which they then type back into the Kashoo system to prove their access to the phone number provided.  This can help establish identity information and that they’re not a bot. Companies typically use this when users are signing up for a new account, refreshing user details, or sometimes even authorizing upgrades. Since nearly all mobile phones can receive SMS messages and are universal, phone number verification is one of the top choices when it comes to globally accessible security solutions.

Note: We do not allow VOIP phone numbers. We do use SMS text messages to verify so we don’t allow landlines to be used for phone verification. 

The number that you use for verification will only be used for this purpose. We will keep this information private and in line with our privacy policy it will not be sold to third parties Once you’ve verified your phone number, it is stored in your user account. If you ever need to change your number, just head to your ‘Settings’, ‘Edit User Account’, and under ‘Phone Number’ you can edit your number and area code. Once you hit ‘Save’, we’ll automatically send you a new text message to verify that your number is yours.

How To Further Protect Your Account

If you want to further ensure your account safety, we recommend you use a unique password for every account. Even if you come up with a highly complex password that may seem virtually impossible for anyone to guess, the safety of your accounts is still at risk if you use that same password for every account. Using unique passwords for each account means that even if one of your accounts are breached, your other accounts are not at risk.

Scared you’re going to forget all of the different passwords? Use a password manager! Our favourite is 1Password.

Kashoo Takes Your Privacy Seriously

We understand that the data that you provide is personal, private, and sensitive, and we take the protection of this data very seriously. We are aware that adding phone verification is another step in Kashoo’s on-boarding process, but it was one that was absolutely necessary to include. Having these additional steps in place to verify that somebody is a valid user, prevents bad actors from using techniques such as credential stuffing against our systems.

If you want to learn more about Credential Stuffing and how it affects your business, check out Gimlet Media’s Reply All episode: