RESDEX –Security and Compliance

Making Resdex - KYC compliant and secure

KYC Requirements

Verify Identity and the address of the person/entity to whom the services

have been sold.

Each recruiter account offered by Naukri to be uniquely identifiable and

verified.

Any change in the contact details needs to be revalidated in the same manner.

Security requirements

Prevent unauthorized access in customer accounts

Provide Mobile number validation & OTP based authentication for user login

Phases

Phase I

Already live

1. New sub-user creation with email-ids only

Planned

1. Old sub-user name migration to

emails with mandatory email

verification

2. Mandatory Login OTP for sub

users

3. OTP based authentication for

super users

Already Live

1. Mandatory Email verification for new sub user addition

2. Mobile number validation for sub users – Optional

Phase II

Phase III

Already Live

Address/PANCARD proof submission

Going Live

OTP based login authentication for sub

users – Optional

Phase IV

Already Live1. New sub user creation with email-IDs only2. Mandatory Email verification for new sub user addition3. Mobile number validation for sub users – Optional4. Address / PAN Card proof submission prior to subscription activation

New Sub User creation with email address only

Already Live

A super user can create a sub user with a valid email address as username

The email address entered in username will be used for communication as well

Mandatory Email Verification for new users

• All new sub users will be needed to verify their email address before they can login and start using the subscriptions.

• Steps for adding a sub user – – Super user adds a new sub user email-

id– Sub user verifies the email-id

Already Live

Pending Users section: Users in this section cannot login in the Company account or use any subscriptions. This section will be collapsed by default.

Mobile Number Optional Validation for sub users

• User will be able to add and verify her mobile number

• Super user will have the ability to add / edit mobile number of a sub user

• Users from 2 different company accounts cannot have the same mobile number verified

Already Live

Address / PAN Card Proof submissionAs per legal requirement, Know Your Customer compliance needs verified information on client identity and address

Clients will need to upload their PAN card and Address proof

KYC compliance will be required before product activation

Once approved, KYC will not be needed on every transaction

If company details are modified, then PAN card and Address proof will need to be uploaded again

Exclusion - KYC not needed

If net revenue in current FY < INR 11450 (10K+14.5% service tax)

For clients with international country code

For trial subscriptions

In case a client has applied for PAN Card:-

Client can submit acknowledgment

of PAN card application

Get 15 day waiver post approval from

Sales heads

Re-ask Client to submit PANCARD

After 15 days

Subscriptions will be reactivated from ERP without extension*

The running subscriptions will be deactivated from ERP

* Extension if any needed by the client will have to be taken up by Account manager directly with finance.

Successful

Failed

Verification of PAN Card

Already Live

Going Live

1. OTP based login authentication for sub users – Optional

What is OTP based login authentication? Users will be required to enter a One Time Password (OTP) after submitting

username/password before they can use any Naukri service. The OTP will be sent on verified email ID and mobile number.

This will be rolled out in the following 3 phases:-

Initially this will be optional. Super user can change Login OTP setting for his sub users

The Login OTP will be made mandatory for all users

Super user will need to enter Login OTP as well

Optional Phase Mandatory Phase

Going Live Planned

In the Optional Phase, Super Users can activate OTP based login authentication for users

By default OTP is OFF for all clients Super user can change Login OTP setting for

all sub users in his account from Manage Users page

Super user selects Enhanced Security setting

User A doesn’t have verified email Id as username

User A will not get Login OTP screen

User B has verified email Id as username

User B will get Login OTP screen

Going Live

Only users with verified email ID will get OTP while logging in

• As soon as super user turns OTP setting ON, he is notified about how many users will be prompted for OTP while logging in.

• Super user will need to get username of remaining users changed to valid and unique email ID so that OTP can apply to all users

Super User notification when he switches the OTP setting OFF

• OTP will become mandatory for all users and super users in 3 months.

User will be prompted for OTP after submitting username & password

If super user has activated OTP If username is a verified email ID If user’s login pattern has changed If user has not submitted OTP in last 7-10 days

1

3

2

The OTP will be sent via mail on verified email ID and SMS on verified mobile number

Users without verified email ID as user-name will not be covered under the Security setting.

In the Optional Phase, they will not be prompted for OTP while Login even if super user has enabled OTP based login.

However, they will also need to enter OTP when Login OTP becomes mandatory.

OTP for login into your Naukri user account vridhi.chowdhry@naukri.com is 3472AtFk. This is valid for 30 minutes.

In case of delay, user can resend OTP OTP is specific to a user and login session. User A’s OTP cannot be used by User B, even if they are

in the same company account. User A’s OTP for 1 system / browser cannot be used by

User B for a different System / Browser.

OTP will expire After 30 minutes of generation If it has been used once If user has been prompted for entering OTP but has

not entered OTP for 2 hours, he will need to start again by submitting username and password.

Resent OTP will be valid for another 30 minutes Any of the valid unused OTPs can be used for

validation.

The OTP will be prompted when user logs in from CSM or NaukriRecruiter login pages well

After successful login, OTP will not be prompted for 7-10 days unless user’s login pattern changes.

Pure NaukriRecruiter profile that is not linked to any sub / super user account will not be asked for Login OTP.

Thank You