Virtual Capture provides the optimal account holder application experience across all devices that is both innovative and secure.
The following security measures are in place within Virtual Capture to ensure the safety of the information entered by each applicant in a virtual application:
Verification of Application ID
When actions such as saving a screen, adding an applicant, or adding a comment are performed in a virtual application, the Application ID is verified to ensure that it is has not been modified from the original Application ID that was created at the start of the application. If an applicant attempts to change the Application ID to a number that is not associated with the current application, the user receives an error and is logged out of Virtual Capture.
 |
For a list of the actions that verify the value of the Application ID during the virtual application process, please see the Applicant Security section of the Virtual Capture Overview topic in the Administrator Guide. |
Verification of TIN
Idle Applications
The following security measures are in place to ensure the safety of an idle application:
- When an applicant signs in to Virtual Capture through their financial institution's web site and is idle for 15 minutes without starting an application, an error message is displayed upon clicking
. - When an in progress application is idle for 15 minutes, the applicant is automatically logged out of Virtual Capture. After an application is idle for 14 minutes, a message displays to inform the applicant that he or she is about to be logged out and provide the ability to click Continue to keep the application in session.
Authentication Token for Single Sign On
The Virtual Capture Single Sign On (SSO) method provides a secure authentication process for each applicant trying to access Virtual Capture. The SSO method is called directly from the online banking application's server to obtain an authentication token which validates and encrypts the data being sent in the request to access Virtual Capture.
Within the Single Sign-on section of the Login tab in Virtual Capture Settings, system administrators are able to determine the IP Addresses permitted to access Virtual Capture and can also configure the number of minutes that the authentication token is considered valid.
For more information, please see the Virtual Capture Single Sign-On Specifications document available on the Temenos Collaboration Portal.