What measures are in place to keep my account safe?
Security is absolutely paramount at Tally. To begin opening a Tally Account, you must prove you have access to a genuine mobile number and email account.
You will be sent a one-time pin code via SMS and a separate one-time pin code via email. Once you have proven access to these, you will be asked to create a 4 digit passcode. This 4 digit passcode will then be linked to your Tally Account. It is not possible to access a Tally Account without this three-factor identification process.
As a fourth layer of security, and to make accessing your account easier, we also recommend using Biometrics. Apple users can choose from FaceID (facial recognition) or TouchD (fingerprint recognition). Android users can choose from FaceUnlock (facial recognition) or Fingerprint (fingerprint recognition).
Once you have authenticated your phone number and email address, we store encrypted data relative to your Tally Account. This is required to access your account. The encrypted data is not accessible from your device and cannot be read by anyone accessing your phone’s storage.
1. If the device trying to access your account has already accessed the account once or more before, we will know that your account is partly authenticated. We do this by checking the encrypted data stored on the device. This will prompt us to ask for more information to access your account. This will be in the form of your 4 digit passcode or your chosen form of Biometrics if you have opted for this additional layer of security. We do this so that you do not have to verify your mobile number and email address each time you log into your account. You should at no time reveal your 4 digit passcode to anyone.
2. If the device trying to access your account has not accessed it previously, we will prompt the user to enter the mobile number associated with the account. The user will be asked for the 4 digit code. If this is entered incorrectly, the authentication will fail and result in a reset of the login process, taking the user back to entering the mobile number.
3. If the device trying to access your account has accessed it before, but the app session has logged out, the same process outlined in point 2 will ensue. This is because the encrypted data is removed from your device during the logout, further bolstering security.
Our team monitors all account activity very closely, and we pick up and identify when and if we think there has been any untoward or fraudulent activity. If you think your account has been compromised, you must contact us as soon as you suspect this, and we will take the appropriate action to remove all access to it and reset all authentication processes.
The same as the above is true for accessing our internal systems. Our team must have passed authentication to access these systems, and we monitor this very closely.
Tally uses best-in-class security technology to ensure the safeguarding of our platform, administrative and security systems. For security reasons, we do not disclose any further detail about the methods or technologies implemented.