Additional security controls we add to Zoom for ID verification sessions
The confidentiality of your pieces of ID and personal information is of the utmost importance to us. We use the Zoom video conferencing platform to conduct identity verification sessions. Zoom security has progressed significantly over the past few years and has earned our trust in the process.
Here are additional controls we have set to improve security and privacy:
- Audio & video encryption is always enabled end-to-end, meaning from your device to the device of our agent (thus audio from phone lines is not supported since it cannot be encrypted from one end to the other)
- End-to-End encryption is now AES 256-bit ECB.
- We have whitelisted Zoom data centers in Canada, USA and Europe for hosting audio/video sessions. All other Zoom data centers worldwide are banned.
- Cloud recording is disabled company wide; recording is performed on the agent’s computer.
- The Zoom meeting ID is never reused and is only valid during the planned meeting, which lasts about 10 minutes.
- The Zoom meeting ID is random, and has been increased to 11 digits long (100 billion possibilities), making it nearly impossible for a 3rd party to randomly join a session.
- Virtual waiting room is mandatory and we only allow one customer at a time with our agent. This prevents a 3rd party to interfere in the session, even if he has the session ID.
For your security and the accuracy of the session, we strongly recommend using a smart phone.
The protection of your privacy remains at the heart of our concerns. We continuously look at improving mechanisms to increase the confidentiality of exchanges with our customers.