This Agreement was last updated on 5th March 2024. 1. Credit This document is based on an SEQ Legal privacy policy template available at www.seqlegal.com. Commercial legal templates, including template web advertising and marketing contracts, are supplied by SEQ Legal to customers around the globe. 2. Cookie and Data Objects A cookie is a small data file made up of letters and numbers which is placed by a website on the device you use to access the Internet. Cookies serve different purposes. We use cookies to help us to improve our site and to provide us with information about usage of the website. Most web browsers allow you to have some control over the placing of cookies on your device through your browser settings. To find out more about cookies, including how to see what cookies have been set and how to block, manage and delete them, please visit www.allaboutcookies.org/manage-cookies. With HTML5, web pages can store data objects locally within the user’s browser. Earlier, this was done with cookies. However, Web Storage is more secure and faster. The data is not included with every server request, but used ONLY when asked for. It is also possible to store large amounts of data, without affecting the website’s performance. The data is stored in key/value pairs, and a web page can only access data stored by itself.
MIRACL Trust® Documentation MIRACL Trust® is a user authentication service which completely replaces the typical password-based authentication which is normally used when accessing online services, so removes your largest cyber-security risk, and streamlines your user experience to increase customer satisfaction. Here you will find all you need to integrate MIRACL Trust® into your own website/application. View Documentation SSO Server Documentation MIRACL SSO Server makes use of the SAML protocol to enable companies to give their users the convenience of one login to multiple apps and websites using the MIRACL Trust® authentication platform. It can also be used to configure internal Single Sign-On access to particular Service Providers thereby controlling internal access to company-specific accounts.
Experian chooses zero-knowledge proof to power its product for Gov.UK Verify. To ensure that UK citizens using Gov.UK Verify have secure access to their online accounts, Experian is using distributed cryptography technology from MIRACL to provide highly secure authentication to millions of UK citizens. Experian is a certified identity assurance provider for GOV.UK Verify, the new way for UK citizens to use government services online like renewing your driving license or filling out your tax safely, securely and straightforwardly.
This Agreement was last updated on 5th March 2024. Introduction Background to the General Data Protection Regulation ('GDPR') The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the "rights and freedoms" of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent. Summary information on the data that we collect when providing MIRACL's authentication services A key philosophy of MIRACL's approach is to store as little personal data as possible on its users. With that in mind, the only pieces of data that we store on end users are: User ID, which may be email address Geolocation IP address This data is collected at the time of registration for the service (and Geolocation and IP address at each authentication). We require these pieces of information in order to provide the service, and therefore do so on a legal / contractual basis. Our Data Protection Officer can be contacted at privacy@miracl.com We act as a Data Controller when providing the service, and work with third parties (such as Google Cloud Platform, Amazon Web Services and Microsoft Azure) to provide the processing on our behalf. In most cases, our processing will take place within the European Economic Area, although in some specific, and justifiable cases, some processing may take place in other jurisdictions All personal data that we hold on a user can be removed from our systems on request to privacy@miracl.com. Definitions \*Establishment\* – Miracl International Limited with registered address of 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom. Miracl is the trading name of Miracl International Limited. \*Personal data\* – any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. \*Special categories of personal data\* – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. \*Data controller\* – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. \*Data subject\* – any living individual who is the subject of personal data held by an organisation. \*Processing\* – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. \*Profiling\* – is any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse or predict that person's performance at work, economic situation, location, health, personal preferences, reliability, or behaviour. This definition is linked to the right of the data subject to object to profiling and a right to be informed about the existence of profiling, of measures based on profiling and the envisaged effects of profiling on the individual. \*Personal data breach\* – a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. There is an obligation on the controller to report personal data breaches to the supervisory authority and where the breach is likely to adversely affect the personal data or privacy of the data subject. \*Data subject consent\* - means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data. \*Child\* – the GDPR defines a child as anyone under the age of 16 years old, although this may be lowered to 13 by Member State law. The processing of personal data of a child is only lawful if parental or custodian consent has been obtained. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child. \*Third party\* – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. \*Filing system\* – any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis. Policy statement Miracl International Limited ("MIRACL, "we", "us") are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the "rights and freedoms" of individuals whose information MIRACL collects and processes in accordance with the General Data Protection Regulation (GDPR). Compliance with the GDPR is described by this policy and other relevant policies along with connected processes and procedures. The GDPR and this policy apply to all of Miracl International Limited's personal data processing functions, including those performed on customers', clients', employees', suppliers' and partners' personal data, and any other personal data the organisation processes from any source. Miracl International Limited has established objectives for data protection and privacy. The Data Protection Officer is responsible for reviewing the register of processing annually in the light of any changes to Miracl International Limited's activities (as determined by changes to the data inventory register and the management review) and to any additional requirements identified by means of data protection impact assessments. This register needs to be available on the supervisory authority's request. This policy applies to all Employees/Staff and interested parties of Miracl International Limited such as outsourced suppliers. Any breach of the GDPR will be dealt with under Miracl International Limited's disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities. Partners and any third parties working with or for Miracl International Limited, and who have or may have access to personal data, will be expected to have read, understood and to comply with this policy. No third party may access personal data held by Miracl International Limited without having first entered into a data confidentiality agreement, which imposes on the third party obligations no less onerous than those to which Miracl International Limited is committed, and which gives Miracl International Limited the right to audit compliance with the agreement. Responsibilities and roles under the General Data Protection Regulation Miracl International Limited is a data controller and/or data processor under the GDPR. In relation to Employees / Staff data, we act as the Data Processor. When delivering our service to customers, we act as the Data Controller only, and rely on third parties to act as the Data Processor Top Management and all those in managerial or supervisory roles throughout Miracl International Limited are responsible for developing and encouraging good information handling practices within Miracl International Limited; responsibilities are set out in individual job descriptions. The Data Protection Officer is responsible for the management of personal data within Miracl International Limited and for ensuring that compliance with data protection legislation and good practice can be demonstrated. This accountability includes: development and implementation of the GDPR as required by this policy; and Security and risk management in relation to compliance with the policy. The Data Protection Officer, who Board of Directors considers to be suitably qualified and experienced, has been appointed to take responsibility for Miracl International Limited's compliance with this policy on a day-to-day basis and, in particular, has direct responsibility for ensuring that Miracl International Limited complies with the GDPR, as do other manager's in respect of data processing that takes place within their area of responsibility. The Data Protection Officer has specific responsibilities in respect of procedures such as the Subject Access Request Procedure and are the first point of call for Employees/Staff seeking clarification on any aspect of data protection compliance. Compliance with data protection legislation is the responsibility of all Employees/Staff of Miracl International Limited who process personal data. Miracl International Limited's GDPR Training Policy sets out specific training and awareness requirements in relation to specific roles and Employees/Staff of Miracl International Limited generally. Employees/Staff of Miracl International Limited are responsible for ensuring that any personal data about them and supplied by them to Miracl International Limited is accurate and up-to-date. Data protection principles All processing of personal data must be conducted in accordance with the data protection principles as set out in Article 5 of the GDPR. Miracl International Limited’s policies and procedures are designed to ensure compliance with the principles.
The Tech City Bank (TCB) app demo is an example of how a bank can integrate MIRACL Trust® into their iOS or Google Play applications while meeting the “strong authentication” requirement for PSD2. It provides an end-user scenario for downloading, activating and using MIRACL Trust® to securely authenticate into an app. Watch a demonstration (0:12 second video) There are multiple user scenarios with which you can use MIRACL Trust for signing in, so in this demo instance, please follow the instructions for this scenario:
This Agreement was last updated on 5th March 2024. MIRACL Service Agreement BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY USING THE MIRACL SERVICES, YOU AGREE TO THE TERMS OF THIS AGREEMENT AND CONFIRM YOU ARE NOT BARRED UNDER ANY APPLICABLE LAWS FROM DOING SO. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
“Protecting the person online and giving them a good user experience of the services they are using is a key goal for us as a business. MIRACL is a pioneering company that helps us achieve that”. > > Nick Mothershaw, UK&I Director of Identity and Fraud, Experian. Multi-Factor Means Stronger Strong authentication means a user provides two or more of the following when requesting access: Something only the user has (a token in mobile app) Something only the user knows (a 4 digit pin) Somewhere the user is (a known time or place) For maximum security you should ideally authenticate with something you know, something you have, and something you are. Typically that would be a password, a physical device of some sort, and a biometric like a fingerprint. For the moment the industry appears to be content with just two factor authentication, which could be any two out of these three.
How many user logins per month? Currency EUR USD Billing period Month Year Free €0/month Up to 10,000 logins per month SLA 100% Email Support Email ID Email Verification OIDC Integration Default PIN Pad - - - - Get Started Business €100/month Up to 2,500,000 logins per month SLA 100% Live Support with 24/7 Critical Support Any ID (Email, Username, Phone # etc) Any User Verification Supported OIDC, Mobile SDKs Customised PIN Pad Digital Signing QR and Push initiated Login - - Get Started Enterprise As low as €0.003/login Unlimited Logins SLA 100% Live Support with 24/7 Critical Support Any ID (Email, Username, Phone # etc) Any User Verification Supported OIDC, Browser & Mobile SDKs Customer Hosted PIN Pad Digital Signing QR and Push initiated Login Management API Access Single Tenant and On-Premise Contact Sales
Liberate Your Users From Password Anxiety The password is to user security what the cassette player is to music: outdated, inefficient, and prone to failing at the worst possible moment. It’s time we embrace the future. It’s time we go passwordless. Everything about our lives is online now. It’s not just photo albums and instant messenger chats but our entire existence. Think about how much information lives behind these simple passwords: bank accounts and tax documents; personal correspondence and business plans. Think about how many passwords you have to remember on a typical day. Think about how many special characters or capital letters or numeric digits the average user has to hold in their mind just to function. Then think about this: all those passwords, all that annoying inconvenience, all those exhausting captcha logins -- none of them are even keeping us safe. Passwords are inherently vulnerable Truth is, most users are not disciplined about creating and rotating unique passwords for their various accounts. This means that it only takes a little bit of social engineering for bad actors to access their lives. And that’s not the worst of it. Even if users did practice perfect password discipline, they would still be vulnerable. Most companies store all their user’s passwords in a single file on their servers. Even with expensive, high tech security measures, this has not been effective. It just takes one clever hacker to unlock the door and walk away with an entire database of user info. A simple solution It doesn’t have to be this way. Companies can save money, improve security, and make life easier for their users by embracing solutions built on basic cryptographic principles. Biometrics Anybody with a newer mobile phone has likely experienced the magic of biometric authentication. The beauty of these options -- which rely on recognition of each individual’s unique physical properties is that you can’t “forget” your own self; you are also hard to replicate. Biometric authentication can include recognition of fingerprints, faces, irises, voices, and even heartbeats. Biometric authentication is fast and effective. Some users, however, might fear sharing their unique personal data with tech companies; and if compromised, that data presents an even bigger risk. You can change a password, but you cannot change your fingerprint. Multi-Factor Authentication Multi-Factor Authentication (MFA) is exactly what it sounds like. Instead of just using a password to log in, you add a second “test.” Traditionally, that’s entering a one-time code sent by SMS or email; other times it can be entering an app and responding to a prompt. But, MFA doesn’t have to include a password or a second user step at all! The MFA process can also include biometrics or unique cryptography. A Zero-knowledge proof protocol allows users to prove their identity without actually sharing vulnerable information. In some cases all it takes is a 4-digit pin and the magic of a cryptographic token stored in a browser or mobile app. This June 23rd, do the right thing for your company and your users: go passwordless. Account takeovers cost businesses a combined $25 billion (!) in 2020, according to Juniper Research. HALF of all help desk calls are to deal with simple password resets, according to research by OKTA. More than 1/3 of online transactions are abandoned at checkout because users forget their passwords, MasterCard has found.
This Agreement was last updated on 5th March 2024. MIRACL INTERNATIONAL LIMITED (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.miracl.com (the “Site”) you are accepting and consenting to the practices described in this policy.
As part of its call to improve the customer experience across the rapidly expanding personal finance sector, the European Banking Authority has included a mandate for financial services companies to provide “strong customer authentication”. For more information about the European Banking Authority’s PSD2 requirements for Strong Customer Authentication, please see the EBA’s “Final Report on Draft RTS on SCA and CSC” here The EBA (and others) define 'strong customer authentication' as a process whereby a user independently provides two or more of the following when requesting access to their account online, or when initiating an electronic payment transaction: Knowledge: Something only the user knows Possession: Something only the user has Inherence: Something the user is MIRACL allows any financial services organization to comply with the PSD2 requirement to provide Strong Customer Authentication for web and mobile banking applications without sending, storing, or synchronizing any security-related information in whole form. Ever.
MIRACL Trust® Supports Multiple Authentication Factors / Notification Channels You Currently Have in Place. MIRACL Trust® easily integrates into any point of your web and mobile application security process, and can support the authentication mechanisms you have planned / in place (including biometrics) to provide a non-repudiable audit trail of the people, devices, and transactions being authenticated by your users or machines. MIRACL Trust® for website login in-browser or with a smartphone application is designed to work at an internet scale; delivers multi-factor authentication to your external audiences with no disruption of the service; improves the user experience; and minimizes customer churn when deploying additional security, all at a fraction of the cost of the competition. After registering an app (standard, SSO or RADIUS) with the MIRACL Trust® MFA Authentication portal (Get Started) you will be issued the keys to integrate MIRACL authentication into your product.
Thank You We’ve sent you an email with a verification link. Follow the link to complete the verification. Check your spam folder if you don’t see the email.
Click here to download the PDF Instructions The Tech City Bank (TCB) demo is an example of how a bank can integrate MIRACL Trust® into their mobile and web applications while meeting the “strong authentication” requirement for PSD2. It provides an end-user scenario for downloading, activating and using MIRACL Trust® to securely authenticate both into a mobile application and into a web application (from the mobile app). Watch a demonstration (0:30 second video)
Welcome to Tech City Bank The Tech City Bank (TCB) demo is an example of how a bank can integrate MIRACL Trust® into their mobile and web applications while meeting the “strong authentication” requirement for PSD2. It provides an end-user scenario for downloading, activating and using MIRACL Trust® to securely authenticate into a web application. There are multiple user scenarios with which you can use MIRACL Trust for signing in, so in this demo instance, please follow the instructions for this scenario:
Why you don’t want your companies name in the headlines Over 6 Billion Records have been breached since 2013. These super high profile smash and grab attacks on global scale cloud service providers, such as Google, Twitter, Evernote, mean the focus on better security is not just important for your customers and employees; but also crucial for your brand. The balance between user friendliness and credible security is a key issue for any provider or web site owner needing to improve their secure authentication. But is there an authentication service that gets the balance right? We know usernames and passwords are a no-no, and hardware tokens are cumbersome, so how about an authentication service that requires no hardware, can be used for any digital service, on any device, with an easier experience than passwords? Wouldn’t that be innovative.
Prove You Know a Secret Without Revealing That Secret to Me MIRACL Trust® utilizes an ISO/IEC approved zero-knowledge technique, which means that the end user can prove to the authentication service that they know a secret, without revealing that secret to the verifying party. No security-related information is stored on our servers or yours which means that there is nothing for a hacker to steal. User authentication takes place on the device (against an incomplete software token in a web browser or mobile application) and is secure against database breaches and man-in-the-middle intercept attacks because no credentials are exchanged between clients and servers in whole form.
