Regardless of rising fraud issues, Nigerian monetary know-how firm OPay has continued to undertake lax registration processes that make its digital platform susceptible to dangerous actors, checks by TechCabal have revealed.
Because it launched in 2018, OPay has grow to be one of many greatest cell cash providers in Nigeria and has pursued an elaborate advertising and marketing marketing campaign to win over new prospects, notably unbanked individuals who shouldn’t have a checking account. To attract in unbanked prospects, the corporate joined different fintechs and industrial banks to simplify the registration course of for brand spanking new customers, together with eradicating strict necessities for id verification for essentially the most fundamental checking account kind with restricted options.
Nevertheless, in current months, these lax requirements have drawn criticism following rising issues over financial fraud in the country. Now, checks by TechCabal present that OPay continues to permit new customers to enroll to its platform with out correct verification.
After submitting fundamental private info to the Chinese language-owned fintech app, new prospects can confirm their id utilizing a cellphone quantity, a Nationwide Identification Quantity (NIN), a checking account quantity or a financial institution verification quantity (BVN). Customers should additionally submit a real-time facial verification to verify their id. OPay makes use of a tiered verification course of — starting from tier 1 to 4 — permitting customers to entry a bigger suite of providers as soon as they submit a BVN or an NIN.
Nevertheless, a number of checks present that OPay’s fundamental account verification course of for tier 1 is weak, and the facial id system is porous, which may permit dangerous actors to register for the service and start finishing up transactions inside 60 seconds. In a single take a look at, OPay allowed a person to enroll on the service utilizing fundamental private info, identify and birthday, a few celeb to register. Whereas OPay requires customers to submit both a checking account or cellphone quantity for verification, the app didn’t proceed to confirm the main points.
Though OPay claims to require facial recognition to finish the registration course of, maybe to match the document to the checking account, the app merely took an image and accepted the person. A person accomplished the facial recognition whereas the newly created account was feminine. OPay’s system didn’t flag this anomaly, even days after creating the account.
The checks present the weaknesses in OPay’s account administration processes, which may make it a haven for dangerous actors trying to impersonate and defraud unsuspecting victims.
“Face verification will not be fixing for something if it doesn’t match the BVN particulars,” stated a KYC professional who requested to not be named so they might communicate freely. The professional urged that OPay ought to accumulate a person’s BVN earlier than verifying their face.
OPay didn’t instantly reply to TechCabal’s request for feedback.
Below OPay’s fundamental account kind, tier 1, customers can deposit as much as N300,000 of their cell cash wallets, and make transactions of as much as N50,000. Whereas these transaction limits are restricted, the convenience of making dozens of fraudulent OPay accounts raises issues about safety practices on the firm.
Within the first week of December, the Central Bank of Nigeria (CBN) warned towards such a weak verification course of. The banking regulator tasked all monetary providers to implement stricter know-your-customer (KYC) processes and disable financial institution accounts or cell cash wallets that haven’t been verified with a BVN or a NIN. Monetary providers are anticipated to conform earlier than the deadline in April 2024.
*Further reporting by Religion Omoniyi