In July 2022, the Central Bank of Nigeria (CBN) through the interbank service, NIBSS, issued a directive to alter the process for BVN data retrieval.
As a means to ensure consumer privacy and general data security, the CBN now requires that all providers get electronic consent from BVN holders before they can retrieve data on them. This means that BVN holders will be made aware of a request to access their BVN data and will also be sent a one-time password to indicate their consent electronically.
The BVN has been an integral part of identity verification in Nigeria, especially for financial services businesses, since it was introduced in February 2014. Prior to last year's directive, BVN holders simply had to enter their accurate BVN into a field and a provider would simply return BVN data upon validation.
Introducing the igree Consent layer with Mono's BVN endpoint
We're excited to announce that we have made the necessary updates to our BVN lookup services as required by both CBN and NIBSS, to ensure that businesses that use Mono's BVN lookup API are compliant with the new BVN holder consent process.
Following this directive, the flow of BVN data retrieval using Mono will happen in the following simple steps:
Initiate the BVN endpoint with a BVN passed
The BVN holder chooses the preferred one-time password method (email/SMS (phone number))
The BVN holder receives and shares the OTP with you
You pass the OTP and upon validation, receive accurate BVN data on the user.
What this means for your business
The CBN directive on the consent layer for BVN data retrieval is already in effect, and the traditional method of accessing BVN data without user consent will be redundant by the 30th of March 2023 [an update from the earlier scheduled 8th of February]. This means you can continue to access BVN Data through the legacy validation method in the meantime, but must ensure that your BVN data retrieval process and user onboarding flows are updated in line with this directive before the deadline.
To comply with this directive as a business and ensure that you can continue to securely onboard users with BVN, here's what you need to do.
As a Mono partner
If you already use Mono's BVN lookup service, you simply need to follow these steps:
Create an OTP verification process in your existing user onboarding flow to account for the new BVN consent layer.
Follow the BVN Lookup (consent) implementation guide on our documentation.
Ensure that all new users/yet-to-be-validated users on your service are notified of this directive.
For new users
If you would like to use Mono's BVN service, you can send a request for approval to us at firstname.lastname@example.org. Kindly note that approval for this service is only granted on a case-by-case basis after a thorough validation process.