Skip to content
oHallo Help

Setting up identity verification

Identity verification controls when the AI is willing to share personal account information with a caller and when it requires the caller to prove who they are first. The platform never bills you for this layer; it is a safety and compliance surface that ships with every workspace.

This page walks an operator from “no verification configured” to “first verification” in three steps.

What you’ll set up

Section titled “What you’ll set up”
  1. A lookup tool that returns information only the genuine account holder would know — for example, the most recent order date or current account balance. The verification specialist will ask the caller a question whose answer depends on this tool’s response.
  2. A data category tag for the tool so the platform knows whether the answers it returns are recent transactions, current account state, or longer-lived profile details. The platform asks higher-confidence questions first.
  3. A workspace assurance posture that says which tools require an identified caller before they will run.

Step 1 — Attach a lookup tool

Section titled “Step 1 — Attach a lookup tool”

Open Settings — Workspaces — (your workspace) — Identity & Verification in the dashboard. Under Data sources click + Attach lookup tool. The flyout asks you to pick:

  • An MCP connection from your MCP Hub. This is the connection you already use to fetch account data when the AI runs other tools.
  • A tool name from that connection. Pick a tool whose result the caller would recognise immediately when read back.
  • A data category — one of:
    • Transaction history — recent orders, payments, refunds, calls, deliveries. The strongest verification signal because an attacker rarely knows what a caller did yesterday.
    • Account state — current balance, active subscriptions, last login. Strong but less so than transaction history.
    • Customer profile — date of birth, address, mother’s maiden name. The weakest because this data is often guessable or available through open-source intelligence.

You can attach multiple tools. The verification specialist asks questions in the order Transaction history -> Account state -> Customer profile, so attaching at least one transaction-history tool meaningfully strengthens your posture.

Step 2 — Confirm the verification settings

Section titled “Step 2 — Confirm the verification settings”

Below the Data sources section, the Verification settings panel exposes the configurable knobs. The defaults are designed to match the standards-cited reference (NIST SP 800-63A and PSD2 SCA), so most workspaces don’t need to change them. The most common adjustment is:

  • Number of KBV questions — the platform default is 4. You can lower this to 2 or 3 for a friendlier flow, but the Compliance Posture footer at the bottom of the page will switch from “Follows the standard” to “Aligned with the standard’s principles” for the rows it affects.
  • Recognised caller ID (ANI + SHAKEN) — the default pairs the recognised number with at least one KBV question. Setting this to “Standalone identification” means a recognised number on its own counts as identification. The posture footer will mark this as a deviation — a phone number is not proof that the right person is holding the handset.

Every change is saved as soon as you choose it; there is no separate Save button.

Step 3 — Set per-tool assurance levels

Section titled “Step 3 — Set per-tool assurance levels”

Open Settings — MCP Hub — (your MCP connection). Each tool in that connection’s Tools table has an Assurance column with three options:

  • anonymous — no identification required. Default for tools that return public information.
  • identified — the caller must be linked to a contact before the tool runs. The platform floor for tools whose result includes personal data, and for any state-changing tool (placing an order, scheduling a callback, updating an address).
  • high-assurance — the caller must additionally satisfy a second factor of a different category. The platform floor for destructive or financially material tools (cancellations, refunds, password resets).

The dropdown shows the platform floor for each tool’s risk classification; you can raise it but not lower it below the floor.

You’re ready

Section titled “You’re ready”

The verification specialist now activates the first time the AI tries to call an identified-gated tool with an unknown caller. The caller is asked the questions, gets a magic-link if they want to receive one by email, and the platform records every step in the workspace’s Identity events audit log for you to review.

If you’d like the platform to never ask for verification on a particular tool, set that tool’s assurance to anonymous — subject to the platform floors above.

Looking for the product? Visit ohallo.eu  ·  Developer documentation  ·  Contact

Copyright 2026 oHallo ApS. All rights reserved.