OSFI: The Office of the Superintendent of Financial Institutions (OSFI) is a Canadian independent federal government agency that regulates and supervises more than 400 federally regulated financial institutions (FRFIs) to determine whether they are in sound financial condition and meeting their requirements, including the implementation of MFA . In Guideline B-13 Technology and Cyber Risk Management Section 3.2.7 OSFI requires that federally regulated financial institutions implement MFA across external-facing channels, and ensure that accounts are securely authenticated, managed, and audited to detect unauthorized access requests. Caller verification software can help entities comply with this requirement by verifying the identity of callers using MFA, before granting access to systems and data and by logging verification attempts. 

HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to implement reasonable and appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). One of the technical safeguards required by HIPAA is access control, which includes implementing unique user identification, emergency access procedures, and automatic logoff. Caller verification software can help covered entities comply with the access control requirement by verifying the identity of callers before granting access to ePHI. HIPAA Security Rule, 45 CFR § 164.308(a)(1)(ii)(D).

PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) requires entities that accept, process, transmit, or store payment card data to implement various security controls to protect cardholder data. One of the requirements under PCI DSS is to restrict access to cardholder data by business need-to-know. Caller verification software can help entities comply with this requirement by verifying the identity of callers before granting access to payment card data. PCI DSS Requirement 7.1.

GDPR: The General Data Protection Regulation (GDPR) requires controllers to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. One of the security measures recommended by the GDPR is two-factor authentication, which requires at least two independent factors to verify the identity of a user. Caller verification software can provide a second factor of authentication by verifying the identity of callers before granting access to personal data. GDPR Article 32.

NIST: The National Institute of Standards and Technology specifically calls out knowledge-based authenticators as being insufficient. This means that call centers and help desks using security questions to verify callers are not NIST complaint.  Caller Verify opens up all the factors Okta supports including high assurance factors like push notifications and TOTP codes.