National IDs are important for KYC, but frequent downtimes hinder their reliability, reports Smile Identity
In 2022, National ID databases in Africa experienced an average daily downtime of 6%, according to Smile Identity's KYC report. This frequent downtime hinders their reliability as a sole verification step in onboarding customers on the continent.
Smile Identity, a leading digital KYC provider in Africa, was founded in 2017 by Mark Straub (CEO) and William Bares. Leveraging anonymised data from nearly 50 million KYC checks, the company has put together its second report on the state of KYC in Africa.
Globally, the internet has been a critical driver of digitalisation, and it's no different in Africa. Between 2017 and 2022, the number of internet users on the continent nearly doubled to over half a billion. In turn, the growing internet penetration has promoted digital activities, including the shift towards digital financial and commercial services, which has led to increased financial inclusion.
Just as we have names and identity cards in the physical world, the acceleration of electronically-mediated interactions has warranted the need for a robust digital identity infrastructure. Customers need to trust that personal information and digital assets are safe. Businesses need to know their customers to deliver personalised services and mitigate fraud. Finally, industry regulators and governments need to do their job of regulating the interaction among their constituents and upholding the values of their society.
These policymakers quickly realised that the former paper/plastic-based, offline identity mechanisms they had needed to be improved in this new age of digitalisation. As a result, governments and industry regulators have worked with other stakeholders to provide the foundational digital identity infrastructure for their nations, upon which individuals and businesses transact.
For instance, Nigeria has government-issued biometric IDs (NIN) and banking regulator-issued IDs (BVN).
A biometric-based identity is essential because it adds a third factor of authentication that bad actors cannot easily falsify. The first two prevalent factors of authentication—what you know (e.g. a password/PIN) and what you own (e.g. a hardware token)—can be stolen through cyber crime or analogue crime.
According to Smile Identity's report, "relying on textual KYC alone can result in 50% more fraud going undetected". Since 48% of fraud attacks in Africa are from stolen identities, it makes sense that textual-only identity validation is most susceptible to exploitation. The fact that an agent has access to a valid ID does not mean they are the authorised account holder.
The role and drawback of National IDs for KYC in Africa
National IDs are a source of truth for biometric identity information about an individual. However, only some countries mandate their citizens to have a national ID, as alternative government-issued IDs are acceptable.
Thus, many businesses in Africa rely heavily on Government-issued IDs like driver's licences, international passports, voter's cards and national identity numbers (NIN) for KYC and customer onboarding.
Data from Smile Identity reveals that the Social Security Number Insurance Trust (SSNIT), administered by the National Pension Scheme in Ghana, is a widely-used source of Identity, akin to Nigeria's BVN.
KYC checks against Ghana's SSNIT and passport number reveal the most severe biometric fraud attempts on the continent, 24% and 21%, respectively. Followed by Kenya's National ID at 19% before getting to Nigeria's BVN (10%) and NIN (8%)
The firm reliance on National IDs has made them vulnerable to exploitation and exposed some weaknesses.
There are two emerging trends in collecting and validating identity data. First, some businesses capture identity information but wait to verify it. Second, those that attempt to verify through providers like Smile Identity could face downtimes from the National ID service.
An ideal scenario would be to collect and instantly verify a user's identity so you can swiftly make business decisions on whether to progress or discard a prospective user in your acquisition funnel.
Every day in 2022, Smile Identity recorded an average of 6% downtime (unscheduled outages) from national ID databases. It gets worse. On 61 out of 365 days, some databases had up to 10% downtime. The ID type with the most outage had 130 days of over 10% downtime.
In a developing digital economy where trust is low, downtime-induced validation failure could be the difference between acquiring a new customer or a drop-off.
Initially, the pan-African identity solution provider minimised the effect of downtimes by automating retries, but they quickly discovered that that approach was insufficient.
"While we mitigate downtimes with automated retries and asynchronous callbacks for our partners, when a sustained outage strikes, users feel the impact", reads a statement in Smile Identity's 2022 KYC report. So, they added Document Verification to their solution sets.
Document verification is a commonly used tool for KYC across the world. It typically involves collecting and verifying the photo ID portion of a user-submitted identity document, like a driver's licence, against a live selfie.
With this technology, identity service providers no longer have to rely solely on the real-time response from a national ID database on the validity of an ID number. Instead, they can leverage the static nature of a document and verify it using their technology while adding that extra layer of live biometric verification.
The topic of KYC continues to be closely monitored and discussed amongst local and international stakeholders. Thus, businesses must keep an eye out for emerging trends and policies.
For instance, data protection and user consent have become increasingly popular.
The Smile Identity report, in its "country deep dives" section, highlights new initiatives by the Nigeria Inter-Bank Settlement System (NIBSS) and National Identity Management Commission (NIMC) to introduce consent layers called iGree and virtual NIN (vNIN), respectively, which aim to transfer the process of collecting user consent from businesses to ID issuing authorities.
These Nigerian policies create standards for using digital identity credentials and aim to give users a higher level of security and control when interacting with businesses.
Other African nations are also modernising their ID infrastructure to harmonise data, reduce fraud, improve service delivery, and increase inclusion.
Find out more in Smile Identity's State of KYC 2022 report.