Bank Verification Number (BVN) is one of the most common ID types in Nigeria with 56.6 million registered BVNs on record. Because of its widespread adoption, BVN has become a common ID type for financial services providers to conduct KYC checks.
To access a customer's BVN information, the Central Bank of Nigeria (CBN) requires that explicit consent is provided by the individual BVN holder. With an increasing number of organisations accessing BVN information, there is growing concern that service providers are collecting BVN data without explicit consent.
Nigeria Inter-Bank Settlement System (NIBSS) is the agency that has built the API connections to the BVN database. To prevent access to BVN data without explicit and verifiable consent, NIBSS has created a consent management platform called “iGree” to collect user consent directly.
What is iGree?
iGree is a centralised consent management platform managed by NIBSS.
In practical terms, it is a user interface that is inserted into a merchant’s end-user onboarding flow that allows NIBSS to collect consent directly.
The purpose of iGree is to ensure the personal data of Nigerians with registered BVNs is protected and only collected with their knowledge. NIBSS is committed to delivering a scalable and secure consent layer to protect Nigerian consumers with minimal user interference.
Who Are the Parties Involved in Administering iGree?
What is the User Journey?
To verify BVN there will now be a frame from NIBSS inserted into the journey. This will be entirely incorporated into the merchant’s app and the user will not have to exit the app to complete the KYC process.
Here is what the user will see when providing consent through iGree:
- Provide NIBSS with their BVN number.
- Complete 2-factor authentication using an OTP via email or phone number.
- Agree to allow Smile Identity to access their BVN data.
Can iGree replace my current consent layer?
While iGree collects direct consent for the use of BVN data, merchants may be collecting other data that is not covered under the iGree consent request. iGree should serve as a secondary consent layer on top of the merchant’s standard data consent agreement.
While this will add a step to the merchant KYC flow, our iGree integration is designed so the user experience feels like a seamless consent to 2FA flow.
Here is an example of the experience using Biometric KYC:
Old User Flow
New User Flow
What’s an OTP?
OTP is short for “one-time password”, it is a method of authentication that leverages a generated passcode that can only be used one time. An OTP often is a numeric code that is sent to a contact or device that you would be in possession of, such as an email or phone number.
The iGree OTP will give the BVN holder the option to send the passcode to either a phone number or email that they used to register their BVN. If the holder is no longer in possession of any of the contacts they provided when registering the BVN they will have to update their contact information at any branch of the bank where they registered for their BVN in order to complete the iGree consent.
How does this impact my Smile Identity integration?
In order to check BVNs merchants will have to ensure users complete the iGree flow. Smile Identity is integrating iGree into all of our SDKs to make the user journey as seamless as possible.
Existing Using a Smile Identity Mobile SDK
Partners who currently access BVN through one of our Mobile SDK options will simply have to update to the latest version of the Mobile SDK and the iGree frames will be available for them to use.
Existing Partners Using Smile Identity Hosted Integration
Partners who currently access BVN through our Hosted Integration option do not have to make any code changes. The iGree frames will just be available to the end user.
Existing Partners Using the Smile Identity REST API
Once the transition to iGree is completed, BVN checks will no longer be available via REST API. NIBSS will be deprecating the direct API endpoint.
New Smile Identity Partners
New partners will have to go through a few steps to verify BVN holder’s information.
- They will need to complete their Partner KYC and be approved for BVN access.
- Integrated into one of our Mobile SDK or Web SDK options.
- Run check through a BVN supported product including; Basic KYC, Enhanced KYC or Biometric KYC.
The implementation of iGree is a step forward in securing the personal information of Nigerians and building trust online.