The digital world is increasingly changing and ‘know your customer’ - popularly known as ‘KYC’ - is the major pain point for a lot of organizations today. The importance of this process in overall identity security is the reason why, despite its daunting nature, organizations will never let it go.
In this era, organizations - especially in the telecommunications space - have various KYC processes that they adopt in order to verify their customers. The three main processes are: Capture and Store, Capture and Share, and Capture and Validate, and they define what happens to data before and after the initial capture exercise.
Identity is data
The SIM registration process involves capturing the identity of mobile phone subscribers. In this context, identity is data, including biometric data (fingerprint), textual KYC details, and pictorial data (passport). After verification, the data serves as proof of identity and access to SIM registration benefits for subscribers. But what happens to the data after that?
Two things. First the captured data is shared, then it is eventually stored. Hence, the Capture and Share and the Capture and Store processes. These two separate processes can occur independently. However, in our case, these processes occur simultaneously - the data is shared with the regulatory body and stored in their database.
Let’s define this further. The Capture and Share process entails capturing KYC details of subscribers and sharing the data with the government or regulatory bodies upon capture - in our case the Nigerian Communications Commission (NCC). The Capture and Store process involves capturing KYC details of subscribers and storing the data in a third-party database - the telephone service provider’s (or “telco’s”) central database.
These two processes, as well as reducing the possibility of errors, also allow for uniformity of data. This means that a telco can onboard a new subscriber by leveraging data that already exists from prior registration with another telco without needing to capture the individual’s details all over again. The shortcomings of this process, however, lie in its implications around data security and the misuse of data.
Challenges and solutions
Building capture systems, regardless of whether you will eventually store or share the data, can be challenging. Over the years, we have had to apply the deepest levels of critical thinking to solve most of these challenges and deliver working solutions. Here are some of the problems we’ve faced, and some the solutions we’ve found have worked:
User experience versus functionality
One challenge we faced was finding a way to strike a balance between an amazing user experience and capturing data that adhered strictly to world-renowned standards. This is still an ongoing feat, done in the spirit of agile continuous improvement.
Ensuring secure data transit in internet-dead zones
We were able to solve this issue by introducing an offline feature. This capability allowed for seamless data capture and transit even without the internet. In these cases, the captured data is stored in an encrypted mode on the device, and syncs to the backend once the agent/user migrates to a location with an internet connection, after which the data is automatically deleted from the device.
Inventive quality checks to counter fraud
We were able to solve this issue by introducing a liveness detection check during capture. This is made possible by a challenge-response-event which checks that the subject being captured is alive by asking them to take certain actions, like blinking or tilting their heads, during capture.
Capturing pictorial data with compliance
We had challenges with the backgrounds of most captured images as our system was built to reject pictures with noisy backgrounds. So, we thought, rather than have a uniform background or spend time on checks, we could implement an in-app background clean-up model that can detect noise in a background and clean it up by cropping the image out and imposing a white background.
The future goal for KYC
So, what’s next for KYC and Africa? Migrating to a Capture and Validate KYC process is a top priority for us in Nigeria. But what exactly do we mean by the Capture and Validate process? It involves capturing details of subscribers and validating them against a government database managed by the government authority or regulatory body.
According to GSMA, only 16 countries mandating SIM registration follow this approach. Of these, 11 countries require Mobile Network Operators to use biometric-authentication processes when registering their prepaid SIM customers.
Today, Nigeria is slowly migrating to the Capture and Validate process, and we’re excited to be actively working with the telco’s and regulators to make it a reality.