10.30.2025 Brittani Yeager
Estimated Reading Time: 6 Minutes
If you’re hoping to offer identity theft protection or cybersecurity services to your consumer audience, it’s essential to carefully evaluate the security posture of any potential provider.
In particular, for many companies considering launching a consumer identity protection solution, the issue of securely storing and transmitting all customers’ private information can feel like a source of liability.
You may even be hoping to avoid passing customers’ sensitive details through your own system – while still serving up a seamless and secure experience powered by a trustworthy provider.
With the Iris® Powered by Generali identity protection platform, you can do just that.
Iris enables you to integrate popular identity theft protection solutions into your product while minimizing risks associated with handling sensitive customer data.
Iris’ Identity Protection Platform Offers Insulation, Yet Flexibility, Around Customer Data
Iris’ Identity Protection API Suite and SDKs enable you to add features to your product that collect and transmit certain sensitive customer data – but keep that data out of your back-end systems.
Sample mobile app mockup showing a “Welcome” screen collecting customer information to be monitored, including name, phone number, date of birth, email address, Social Security number, and street address.
At the same time, we do offer some flexibility for scenarios where you prefer to handle the data yourself, in favor of increased control or efficiency.
We achieve this balance via a mix of both browser-to-machine (B2M) and machine-to-machine (M2M) APIs. Some solutions are offered in both varieties, while others are available only in one or the other.
Let’s walk through how the B2M model protects you, and what the alternative M2M model involves.
Iris’ B2M Identity Protection APIs and SDKs: Outsource Sensitive Customer Data Handling
The browser-to-machine API model, on which our SDKs are also built, is the more common model and the one that keeps much customer data out of your systems. Instead, data flows straight from the customer’s device to Iris.
Diagram showing software data flow in B2M model between your UI, your back-end, and the Iris platform. Data flows in two paths. For less sensitive operations, your application makes API calls to your back-end, which makes calls to Iris’ M2M APIs. For operations that could contain customer PII, your application makes calls directly to Iris’ B2M APIs.
While not all operations and data can be handled through the B2M APIs (more below), Iris’ B2M API structure especially protects a few key categories of customer data:
- Information that is required to enroll customers in specific services, such as Social Security number (SSN) or contact information
- Information specifically added by customers for monitoring – safeguarding this is fundamental to any identity protection experience!
- Contents of alerts received, which can include passwords, unique IDs and other personally identifying information, and the sources where data was exposed
You will still be required to encrypt data that you do touch, but the B2M model enables you to limit the amount and types of data with which you come into contact.
Iris’ M2M Identity Protection APIs: Core Customer Operations, Direct Connection, and Granular Control
Alongside our browser-to-machine option, Iris maintains machine-to-machine APIs for some of our solutions, as well as certain core platform operations.
With Iris’ machine-to-machine APIs, all customer data is transmitted from the customer’s device to your back-end system and then to Iris.
Diagram showing software data flow in M2M model. For all operations, your UI makes calls to your back-end, which then makes calls to Iris’ M2M APIs.
There are some scenarios where Iris’ M2M APIs are what you want:
- They are sometimes required, such as when creating or deleting customers, or pulling certain customer data.
- They can be more efficient for operations that address multiple customers simultaneously.
- They can give more granular control over data flow and operations.
For example, you can use either the B2M or M2M variant of our Identity Monitoring solution. However, using Iris’ M2M APIs to power your monitoring and alerts will mean that all the items customers wish to monitor, as well as the contents of their individual alerts, will land in your systems before being transmitted either to Iris or to the customer.
What sort of data are we talking about? Think not just names and contact information, but also dates of birth, SSNs, financial account numbers, and other data that can be used to impersonate or defraud consumers.
To be sure, Iris requires all of this data to be encrypted throughout its journey, and we provide detailed documentation on how to meet our standards. Nevertheless, using our M2M APIs for monitoring and alerts entails a greater responsibility on your part to keep this potential trove of “identity theft ingredients” safe at all times.
Beyond the API Level: Security and Privacy Across the Iris Identity Protection Platform
Beyond the structural insulation of our B2M APIs, Iris offers numerous other practices and precautions to safeguard customer information.
Below are just a few examples. For a deeper look, please visit our Security and Privacy Center.
Security and Privacy Audit Certifications
Iris maintains a rigorous schedule of external audits to validate the strength of our security posture.
- We are SOC 2 Type 2 compliant.
- We hold the Trusted Cloud Provider (TCP) designation and CSA STAR Level 2 certification from the Cloud Security Alliance (CSA).
- For payment processing, typically used with our Iris OnWatch® web portals, we hold PCI DSS Level 1 designation.
Guidance on Secure Identity Protection Product Design
When you work with the Iris API Suite to power identity and cyber protection solutions in your own products, we’ll help you construct a user journey that maintains security and privacy at every step.
Sample desktop software mockup showing request to verify the customer’s email address via one-time passcode.
How to Get Started Integrating with the Iris Identity Protection API Suite
If you are interested in learning how the Iris platform can help you offer identity theft protection or consumer cybersecurity solutions to your audience, explore our available API solutions further here.
.png?width=102&height=102&name=Iris-Generali-Logo-White%20(1).png){kind=logo}
