Verifying Chat Users

There are two methods for implementing user verification in your chatbot flow:

Registed Chats

See Registered Chats for more information.

External Bot Flow

See Setting User Verification Configuration for more information

What is required

Two things are required in order to implement user verification in your chatbot flow:

  1. Include patientSmsNumber, patientEmailAddress, and/or security questions and answers in your register chat call or in your create user verification call..
  2. Use the "Verify user" step as one of the first steps in the chatbot associated with the widget topic.

Two-Factor Authentication Methods

MedChat supports three two-factor authentication methods for verifying the patient of a registered chat:

  • Security Questions
  • Email
  • SMS

📘

What is two-factor authentication?

Two-factor authentication is a method of verifying a person is who they say they are, based on multiple factors. The first factor is often a password or a unique link. The second factor is something that only the intended individual can provide and could come from one of the following categories:

  • Something you know (like a PIN or answers to security questions)
  • Something you have (like a smartphone or an email account)
  • Something you are (like a fingerprint)

It's assumed that the source system has data about the patient that falls into one of the above categories that is suitable for verifying the identity of the patient.

Verify User Chatbot Step

The Verify User chatbot step should be one of the first steps in the chatbot, and it has one of two possible outcomes:

  1. The user passes verification and the chatbot continues down the success flow.
  2. The user fails verification and the chatbot continues down the failure flow.

🚧

The Verify User step should be one of the first steps in the chatbot.

The Verify User step first attempts to retrieve the user verification configuration.

If the configuration isn't found, the chatbot will continue with the flow without trying to verify the user. You can configure this scenario to either go down the success or failure path. This is useful in cases where a chatbot may be used by users who do not exist in your system, thus you will be unable to verify them with the chatbot.

If the configuration is found, the Verify User step determines which verification methods are available (security questions, email, and/or SMS). If multiple verification methods are available, the user is presented with a prompt to select which verification method they'd like to use.

For any of the verification methods, if the user fails verification and other available verification methods remain, he/she is given the opportunity to verify via the remaining verification method(s).

1660

High-level flow chart showing the Verify User chatbot step logic.

Security Questions Verification

With security questions verification, the source system provides one or two security questions and answers. Care should be taken in selecting appropriate security questions and answers. Avoid questions with answers that may be ambiguous to the patient. Questions and answers will be stored in the MedChat database.

The Verify User step prompts the user to answer the security question(s). If multiple questions are provided, the user must answer both correctly to pass verification. Evaluation of answers is a simple case-sensitive string comparison, with any leading and trailing whitespace trimmed.

The user is given up to three chances to answer the security questions correctly.

Email Verification

With email verification, the source system provides the patient's email address. The Verify User step sends a security code via email to the patient and prompts the user to enter the code.

The user is given up to three chances to enter the correct code.

SMS Verification

With SMS verification, the source system provides the patient's SMS-capable phone number. The Verify User step sends a security code via SMS text to the patient and prompts the user to enter the code.

The user is given up to three chances to enter the correct code.