What measures are in place to keep my account safe?
Security is absolutely paramount at Tally. To begin opening a Tally account you must prove you have access to a genuine mobile number and email account. You will be sent a one-time pin code via SMS and a separate one-time-pin code via email. Once you have proven access to these, you will be asked to create a 4 digit passcode. This 4 digit passcode will then be linked to your Tally account. It is not possible to access a Tally account without these three factors of identification.
As a fourth layer of security, and to make accessing your account easier, we also recommend using Biometrics over your 4 digit passcode. Apple users can choose from FaceID (facial recognition) or TouchD (fingerprint recognition). Android users can choose from FaceUnlock (facial recognition) or Fingerprint (fingerprint recognition).
When you have authenticated your phone number and email address, we store encrypted data relative to your Tally account. This is required to access your account. The encrypted data is not accessible from your device and cannot be read by anyone accessing your phone’s storage.
1. If the device that is trying to access your account has already accessed the account once or more before, we will know that your account is partly authenticated. We do this by checking the encrypted data stored on the device. This will then prompt us to ask for more information to access your account. This will be in the form of your 4 digit passcode, or more securely if you are using it, your chosen form of Biometrics. We do this so that you do not have to go through verifying your mobile number and email address each time you log into your account. You should at no time reveal your 4 digit passcode to anyone.
2. If the device that is trying to access your account has not already accessed it once before, we will prompt the user to enter the mobile number associated with the account. The user will be asked for the 4 digit code. If this is entered incorrectly, the authentication will fail and will result in a reset of the login process, taking the user back to entering the mobile number.
3. If the device that is trying to access your account has already accessed it once before but the app session has logged out, then the same process as above in point 2 will proceed. This is due to the encrypted data being removed from your device on log out, further bolstering security.
Our team monitors all account activity very closely and we pick up and identify when and if we think there has been any untoward or fraudulent activity. If you think your account has been compromised, you must contact us as soon as you suspect this and we will take the appropriate action to remove all access to it and reset all authentication processes.
The same as the above is true for accessing our internal systems. Our team must have passed authentication to access these systems and we monitor this very closely.
Tally uses best-in-class security technology to ensure the safeguarding of our platform, administrative and security systems. For security reasons, we do not disclose any further detail about the methods or technologies implemented.