Post on 15-Apr-2017
RESDEX –Security and Compliance
Making Resdex - KYC compliant and secure
KYC Requirements
Verify Identity and the address of the person/entity to whom the services
have been sold.
Each recruiter account offered by Naukri to be uniquely identifiable and
verified.
Any change in the contact details needs to be revalidated in the same manner.
Security requirements
Prevent unauthorized access in customer accounts
Provide Mobile number validation & OTP based authentication for user login
Phases
Phase I
Already live
1. New sub-user creation with email-ids only
Planned
1. Old sub-user name migration to
emails with mandatory email
verification
2. Mandatory Login OTP for sub
users
3. OTP based authentication for
super users
Already Live
1. Mandatory Email verification for new sub user addition
2. Mobile number validation for sub users – Optional
Phase II
Phase III
Already Live
1. Address/PANCARD proof submission
2. OTP based login authentication for
sub users – Optional
Going Live
OTP based login authentication for
Super Users - Optional
Phase IV
Going Live
1. OTP based login authentication for super users – Optional
OTP based login authentication for super users Super Users will be required to
enter a One Time Password (OTP) after submitting username/password before they can use any Naukri service.
The OTP will be sent on verified email ID.
Super user can change Login OTP setting for all users in his account from Manage Users page
By default OTP is OFF for all clients
OTP will become mandatory for all users and super users in 3 months.
Going Live
Super User will be prompted for OTP after submitting username & password
If super user has activated OTP If super user’s login ID / username is a verified
email ID If super user’s login pattern has changed If super user has not submitted OTP in last few
days
1
3
2
Going Live
The OTP will be sent via mail on verified email ID
Super Users without verified email ID as user-name will not be covered under the Security setting.
However, users in their accounts having verified email ID will get Login OTP if the Security setting is enabled.
All users will need to enter OTP when Login OTP becomes mandatory.
Going Live
In case of delay, super user can resend OTP OTP is specific to a super user and login session. Super User A’s OTP for 1 system / browser cannot be
used for a different System / Browser.
OTP will expire After 30 minutes of generation If it has been used once If super user has been prompted for entering OTP
but has not entered OTP for 2 hours, he will need to start again by submitting username and password.
Resent OTP will be valid for another 30 minutes Any of the valid unused OTPs can be used for
validation.
Going Live
The OTP will be prompted when super user logs in from CSM or NaukriRecruiter login pages well
After successful login, OTP will not be prompted for a few days unless super user’s login pattern changes.
Pure NaukriRecruiter profile that is not linked to any sub / super user account will not be asked for Login OTP.
Going Live
Thank You