At the same time, Nigeria is a significant source of financial and cybercrime. According to the Sumsub Fraud Study 2021, the country is a global leader in ID document forgery. This brings additional challenges for fintech companies onboarding Nigerian users. This article provides practical tips for performing KYC checks on Nigerian customers that can help avoid sanctions and fraud.
- Who’s affected
- How to ensure proper Customer Due Diligence
- Identification and verification requirements
- How to check Nigerian ID documents
- How to build the most secure onboarding for Nigerian users
The Nigerian financial sector falls under the Central Bank of Nigeria Regulations of 2013 (Anti-money Laundering and Combating the Financing of Terrorism in Banks and Other Financial Institutions in Nigeria) as amended in 2019 (the CBN’s regulations). These regulations define the services conducted by “financial institutions,” including, but not limited to:
- accepting deposits and other repayable funds;
- transferring money or value;
- issuing and managing credit/debit cards, cheques, money orders, banker’s drafts, electronic money;
- issuing securities.
As for cryptocurrency businesses, they can’t technically operate in Nigeria, as the CBN prohibited banks and financial institutions from facilitating payments for crypto exchanges. Still, cryptocurrency is not considered illegal, so Nigerian citizens have resorted to peer-to-peer platforms currently not falling under any AML regulations.
How to ensure proper Customer Due Diligence
Along with the CBN’s regulations, Nigerian businesses must implement a number of AML measures described in the Money Laundering (Prohibition) Act of 2011 and Securities and Exchange Commission Regulations of 2013 (Capital Market Operators Anti-Money Laundering and Combating the Financing of Terrorism). These regulations prescribe risk-based CDD procedures as a part of AML obligations, which include:
1. Conducting CDD in cases defined by regulations. CDD is not only necessary at the beginning of the customer relationship. It also comes into play during an existing customer relationship, including when:
- an occasional transaction exceeds US$1,000 or equivalent in other currencies, either carried out in a single operation or across several operations that appear to be linked;
- an occasional transaction is made by wire transfer, either cross-border or domestic;
- there is suspicion that the amount involved in a transaction are proceeds of money laundering or terrorist financing.
Businesses are also required to conduct CDD if they doubt the accuracy of previously obtained identity information.
2. Conducting Enhanced Due Diligence (EDD) in cases defined by regulations. Businesses must implement enhanced checks for higher-risk customers:
- non-resident customers;
- private banking customers;
- Politically Exposed Persons (PEPs)
Enhanced Due Diligence is a series of supplementary measures in the customer verification process. This includes obtaining approval from senior management or requesting sources of wealth or funds prior to reaching a verdict about a potential customer.
Identification and verification requirements
To ensure proper CDD, Nigerian businesses must identify and verify their users. To identify Nigerian users, businesses must require the following details, where relevant:
- date and place of birth;
- telephone/fax number and email address;
- occupation and name of employer;
- unique identifier, for example, the National Identification Number (NIN);
- bank verification number;
- type of account and nature of banking relationship;
The CBN’s regulations list official documents that businesses must accept as users’ proof of identity and proof of address when verifying Nigerian users:
Proof of identity:
- birth certificate;
- identity card;
- social security records.
Proof of address:
- tax assessment;
- bank statement;
- current utility bill (gas, electricity, telephone, or mobile phone bill);
The CBN’s regulations also approve of other verification methods, such as contacting the customer by phone to verify their phone number or certification of the customer’s identity by an embassy official or notary.
Verification through the National Identity Database
In 2007, Nigeria established the National Identity Database to combine citizens’ identity information and biometrics into a National Identification Number (NIN). Having access to the database, businesses can verify users by comparing obtained identity information with the database details linked to a person’s NIN. Accordingly, the database enables user verification by three options:
- NIN with fingerprint;
- demographic data.
The document that confirms the user’s presence on the National Identity Database is called an NIN Slip (NINS). However, the Slip itself isn’t an identity document; rather, it serves as a receipt of one’s enrollment in the database. Accordingly, verification of the Slip is done by checking details within the National Identity Database itself.
How to check Nigerian ID documents
According to the Sumsub Identity Fraud Study, Nigerian IDs are among the most forged documents in the world. That’s why we recommend paying extra attention to the verification process when it comes to Nigerian users. So, let’s take a closer look at official ID documents in Nigeria and their characteristics.
Types of official Nigerian identity documents
The following IDs can be used for verification of Nigerian users:
- National Electronic Identity Card (e-ID card). This is issued by the National Identity Management Commission. Nigerians receive this card after enrollment to the National Identity Database and getting an NIN. The card is chip-enabled, and the details encoded in the chip include the user’s NIN and other credentials.
- Digital ID. This is a virtual version of the National Electronic Identity Card. Digital IDs can only be verified on the official Mobile ID App. It can’t be verified as a hard copy.
- e-Passport. Nigerian e-passports are issued by the Nigeria Immigration Service according to the ECOWAS design. The passport is enabled with an electronic chip containing the person’s biometry. Ordinary citizens get standard passports (green cover) while government officials get official ones (blue cover).
- National Drivers Licence (NDL). This document is issued by the Federal Road Safety Commission to those who have completed driving school. An optional addition to the driving licence is the National Digital Driver Licence, which is available as a mobile app.
- Voter Card. This is issued by the Independent National Electoral Commission to prove the identity of voters during elections. Verification of this document can be performed by checking the VIN number on the Voter Verification Platform.
Let’s examine some tips for detecting altered documents based on Sumsub’s experience with onboarding Nigerian users.
How to detect tampered documents
To effectively detect document alteration, businesses should apply a four-step screening process.
1. Checking document integrity
Checking integrity means making sure that all elements, fonts, and colors correspond with the documents’ official templates. The ID document must contain:
- owner’s full name;
- owner’s full date of birth;
- document number;
- validity data (issue date or validity period);
- owner’s photo;
- owner’s signature (if applicable).
The integrity of Nigerian documents can be checked based on templates from official resources:
- Nigerian passport and driving licence templates are provided by the Public Register of Authentic identity and travel Documents Online (PRADO);
- National e-ID card templates are provided by the official site of the National Identity Management Commission.
2. Checking security features
To check document security features like watermarks, holograms, seals, etc., we recommend using AI-powered systems due to the extensive number of checks needed for each document. Here’s a list of the security features to be screened just for the National Drivers Licence:
- thermal dye sublimation printing technique;
- facial image;
- secondary (ghost) image;
- iridescent laminate;
- UV feature.
3. Checking image authenticity
The image authenticity check examines whether ID images have been altered by photoshop or other means. This can be done by automated signature and pixel analysis which distinguishes deliberate image tampering from benign cosmetic changes like cropping, resizing, or rotation.
4. Validating MRZs (Machine-Readable Zones)
Nigerian passports and e-ID cards contain an MRZ—a codified element that facilitates automated scanning of personal data. The MRZ consists of two or three lines of characters, numbers, and separators, that are decoded during scanning. The extracted information is then compared with the data that’s visible on the document.
How to build the most secure onboarding for Nigerian users
Tampered documents aren’t the only risk occurring at the verification stage. Fraudsters can also purchase real documents on the darknet, which makes detecting identity theft more complicated since no document alteration is occurring. Here’s Sumsub’s take on the most secure and efficient onboarding process:
- Automated document screening. Businesses should introduce a reliable system that checks documents and detects alterations. Automated solutions are preferable since they’re better equipped to process high rates of forgery.
- Database checks. Businesses should use database screening as an additional step to ensure fully secure onboarding. This can be done by accessing and reviewing governmental databases, PEPs, sanctions lists, and internal blocklists of other platforms.
- Facial biometrics. Businesses can employ liveness technology to ensure that the true document holder is present during the KYC check. This also prevents fraudsters from using masks or deepfakes to get verified.
All in all, a secure onboarding process should include a combination of approaches, such as image authenticity analysis, database screening, and biometric checks.