Non-banking firms in Nigeria would no longer be able to provide Bank Verification Number (BVN) validation for their customers, following a directive from the primary custodian of Nigeria’s BVN service, the Nigerian Interbank Settlement System (NIBSS). The affected fintech companies include Paystack, Flutterwave, and all non-bank firms that provide financial services.
BVN validation is a means of verifying a customer and is largely used by financial services providers for Know Your Customer (KYC) purposes. It is particularly useful in validating a customer’s date of birth, mobile number, first name, and last name, which helps businesses clearly know the customer they are dealing with.
NIBSS is the primary custodian of BVN service in Nigeria. Interestingly, the BVN technology was not built by the Nigerian government but by commercial banks at the cost of $60 million. However, given that NIBSS is a regulatory department under the Central Bank of Nigeria, the financial services regulator, managing the BVN is under its purview.
Read Also: Lessons for Nigerian banks from JP Morgan Chase Co
As a result of the suspension by NIBSS, Paystack said in a note to a customer that its BVN Resolve service will be temporarily unavailable starting from midnight of April 8.
The BVN Resolve service enables businesses under Paystack to build a KYC profile for a Nigerian-based customer using the customer’s BVN. It comes in two layers: Standard and Premium. Customers on the Premium pay a fee to have access to all the information in the Standard as well as more granular information for a more detailed KYC profile.
The NIBSS suspension of BVN verification represents a revenue loss for Paystack and other companies that earn income from offering customers BVN verification services.
It also removes a critical layer of security check on customers, thereby putting the fintech companies at risk of not accurately knowing the customers they deal with. BVN verification makes it easy to see who has a bank account and banks cannot issue accounts without conducting due diligence on the potential customer. Hence, BVN gives a layer of confidence to non-bank companies particularly in the process of onboarding a new customer.
Experts, however, say NIBSS may have good intentions but the engagement is not being properly executed.
“Apparently some people are abusing access to the BVN APIs. I mean, if I know your bank account number, I would know your BVN and with your BVN I would know your life details,” said Adedeji Olowe, CEO of Trium.
“What they should have done is set a standard for those who should have access. Set a timeline for compliance. Put a fine for non-compliance,” he said.
Edmund Olotu, founder and chief innovation officer of Tech Advance, a payment application development company, however, said there are other ways to verify customers. These include knowledge-based authentication, two-factor authentication, online verification, and database methods.
Knowledge-based authentication (KBA) verifies a person’s identity by requiring a response to security questions. Two-factor or multi-factor authentication requires the customer to enter a code sent to their email or mobile phone.
Online verification uses techniques to determine if a government-issued ID relates to the users, including artificial intelligence, computer vision, and human review. Database ID methods use data from a variety of sources to verify someone’s identity card.
Given that the BVN was built by commercial banks, the verification suspension may well be an opportunity for operators in the fintech ecosystem to build their own verification system, said Olotu.
“This is the time for us FinTechs to build our own system by contributing all our data to a central repository,” he said.
