Overview
Engine online
RBI AD-2025 ready
TrueSecurix · live
Privacy-first · Risk-based · Continuous

Trust is not a gate you pass once.
It is a score that follows the identity.

VISHWAS turns identity into a living trust score for every customer and every employee, across the app, net banking, branch, call centre and onboarding. Genuine users feel nothing. Risk meets friction only when it appears.

● Live engine We did not start from a prototype. The onboarding layer is TrueSecurix, our deployed fraud platform, with 100% of deepfakes caught across 10 generator families and 0% of genuine customers auto-rejected. VISHWAS extends it into continuous trust across every channel.
Session trust ● live
92trust
  • Behavioral rhythmmatched
  • Device bindingknown
  • Geo-velocitynormal
  • Step-up requiredno
₹48,021cr Bank fraud value in India, FY26, a three-year high even as case counts fell.
~3,000% Rise in deepfake fraud attempts between 2022 and 2025, now injected straight into KYC video feeds.
1 Apr2026 RBI deadline for risk-based authentication under the Authentication Directions, 2025.
₹250cr Maximum penalty under the DPDP Act, which rewards collecting less personal data, not more.

One engine. Seven risks. Two sides of the bank.

The theme asks for a single framework that handles the full spread of identity risk. VISHWAS does, with one trust score feeding every channel.

Account takeover

Continuous behavioral matching catches a stolen session even after a valid password and OTP, because the impostor cannot reproduce the rhythm.

KYC & onboarding fraud

Powered by TrueSecurix, our live deployed engine, the onboarding layer flags deepfakes, face-swap, document forgery and synthetic identity before an account is ever created.

Insider & privileged misuse

The same engine pointed inward builds a behavior baseline for staff and raises an alert when privileged access strays from it.

Suspicious recovery

Account recovery is scored against the cross-channel history, so a reset from a new device in a new place demands proportionate proof.

New device & SIM-swap

Device binding and SIM-swap signals drop trust the moment the channel changes underneath a familiar identity.

Behavioral anomalies

On-device models learn each customer privately and surface drift in real time, with a plain reason an auditor can read.

How a single session is decided

From signal to decision in under a heartbeat, with raw behavior staying on the device.

01

Sense on device

Typing rhythm, swipe, motion and navigation are read locally on the customer's own device.

02

Score locally

A compact model turns behavior into a trust signal. Only the signal leaves, never the raw data.

03

Fuse risk

The engine fuses device, geo-velocity, SIM-swap and beneficiary-graph signals into one score.

04

Act in proportion

Healthy score stays silent. Elevated risk triggers step-up. High risk is held and logged.

Live Trust Engine

This is real. Type into the secure field below and your own typing rhythm and pointer motion are read in this browser to compute a live trust score. Nothing is sent anywhere.

Secure transfer

Mobile banking

Inject a risk condition

Identity trust score

Frictionless
92 / 100 High trust
Behavioral rhythm
Pointer dynamics
Device trust
Geo-velocity
Beneficiary graph

Why this decision

  • Typing rhythm matches the enrolled profile.
  • Request from a bound, recognised device.
  • Location consistent with recent activity.

Risk Console

What a Bank of Baroda fraud analyst sees. Every decision is explainable and carries an immutable audit reference.

1,28,940Sessions scored today
99.2%Cleared with zero friction
214Step-ups triggered
37High-risk holds

Live session stream

auto-refresh
SessionChannelTrustDecisionReason

Identity graph

mule cluster

A single device and beneficiary shared across four "new" customers. The graph exposes the ring that point-in-time checks miss.

Onboarding Trust · powered by TrueSecurix

Layer one of the fabric, and the part already live in production. Our deployed engine at truesecurix.com scores the onboarding selfie and documents for deepfakes, face-swap, forgery and synthetic identity. RBI tightened V-CIP rules in August 2025 to require exactly this. VISHWAS plugs it in as the front door, then keeps verifying long after onboarding.

100%deepfakes caught, across 10 generator families
0%genuine customers auto-rejected
~0.4smedian verdict, measured in production
Livebilling customers at truesecurix.com

Onboarding video feed

authentic
live capture · geotagged · India

Detection

Approved
Synthetic media probability3%
  • Passive liveness · blink & micro-motion present
  • Frequency-domain artefacts · none detected
  • Camera-injection signature · absent
  • Face-document match · 0.97
  • Geotag & IP origin · within India

Enterprise Trust

The theme names enterprise identities and privileged-access misuse. The same engine, turned inward, watches the people inside the bank.

Privileged user · EMP-20471

Core banking · Ops
Role baseline
normal band
Records accessed
+640% vs peers
Access hour
02:14 IST
Export attempts
bulk PII

Insider alert

Contain

Privileged access deviating from baseline

A core-banking operator is reading customer records at 640% of peer volume, outside working hours, with bulk export attempts. Session privileges were stepped down and a case was opened automatically.

Privileges reduced SOC notified Audit ref #IT-99204

Built for the rulebook

Every feature lines up with a specific obligation. This is a security product and a compliance path in one.

RBI

Authentication Directions, 2025

Risk-based authentication with step-up only on elevated risk, due 1 April 2026.

VISHWAS risk engine and adaptive step-up are this control, out of the box.
RBI

Master Direction on KYC · V-CIP

Mandatory deepfake and spoof detection, geotagging and India-only origin for video onboarding.

Delivered by the V-CIP Shield with liveness, injection and origin checks.
DPDP

Data minimisation & purpose limitation

Collect the least personal data needed, for a stated purpose, with consent.

On-device scoring means raw behavior is never collected. Only a score leaves the device.
DPDP

Accountability & breach duty

Demonstrable decisions and reporting of personal-data breaches.

Every decision carries a plain reason and an immutable audit reference.
India Stack

Aadhaar eKYC · DigiLocker · AA

Consent-led identity and document rails already trusted nationwide.

VISHWAS consumes these as verified inputs rather than rebuilding identity.
Scale

Channel & volume ready

One score across app, net banking, branch, ATM, call centre and onboarding.

Stream-first design built to grow with customer and transaction volume.

Where data lives

Customer deviceRaw behavior, biometrics, model inference
trust score + risk flags only
Bank trust planeScore, decision, audit log. No raw behavior.