Version 1.0
Prepared by: @Lorraine Sebata
Approved by: @Simon Cooper
Reviewed date: 2025-12-17
Next review date: 2026-12-17
This policy applies to all staff members, agents, and authorized representatives of Easyterms. who handle customer communications via telephone, email, web portal, or chat platforms.
To establish a consistent, secure, and rigorous process for verifying customer identity before discussing, accessing, or disclosing any personal or account-related information. This policy is designed to prevent identity theft, fraud, and unauthorized data disclosure.
This policy applies to all staff members, agents, and authorized representatives of Easyterms . who handle customer communications via telephone, email, web portal, or chat platforms.
To ensure a high degree of certainty, identity must be challenged using four (4) specific parameters:
Full Name: The complete legal name as registered in the system.
Email Address: The registered email address associated with the account.
National Insurance (NI) Number: The customer's unique statutory identification number.
Date of Birth: The customer's date of birth in DD/MM/YYYY format.
Easyterms Ltd. adopts a "3-of-4" verification rule:
Pass: A minimum of three (3) out of four (4) parameters must be successfully validated.
Fail: If two (2) or fewer parameters are matched, the verification is deemed failed, and no information may be disclosed.
This policy adheres to the Data Protection (Privacy of Personal Information) Act, 2003 and other applicable legislation. All verification details must be treated as highly confidential and stored in secure, encrypted formats.
Customer Service/Operations Staff: Responsible for conducting the verification process professionally for every interaction.
Supervisors/Managers: Responsible for auditing interactions and providing guidance on failed verifications or vulnerable customers.
COO/CFO: Responsible for approving policy exceptions and overseeing security incident procedures.
Fraud Prevention Team: Responsible for investigating accounts flagged due to repeated failed verification attempts.
This policy will be reviewed annually or following any significant security incident or regulatory change to ensure it remains effective against emerging fraud trends.