ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               10     Identity verification in DFS accounts and transactions      83


               10.1  Overview

               As DFS grows in developing countries, regulators have imposed KYC rules that require SPs to identify users on
               their systems. With a few exceptions, some type of identity must be provided by the user for account openings
               and CICO services.  The KYC rules are derived from standards established by the G7’s Financial Action Task
                               84
               Force on standards in financial services aimed at AML initiatives.
                                                                     85
               The progenitor for these verification systems, however, has been at the mobile phone SIM card level, where
               regulators have for a number of years mandated the registration of prepaid SIM card users. Prepaid SIM
               registration is currently mandated in around 90 countries.  While SIM registration is often not sufficient KYC
                                                                86
               to open a DFS account, some jurisdictions where there is registration allow a DFS account linked to each SIM
               card under registration to be opened. SIM registration may sometimes be sufficient to open a DFS account that
               does not allow cash-out, with additional KYC information and verification required for full account functionality.

               In some countries, the number of DFS accounts one person may have may be limited. In Jordan, for example,
               a user may only have two DFS accounts, even though they may have multiple mobile numbers and SIMs.


               10.2  Technologies used

               The lack of a verifiable address or similar document for onboarding and assisting in verifying identity for
               transaction purposes has been a handicap to these efforts. In addition, most of these onboarding and
               verification procedures have involved manual processes involving fragile documents.

               With more countries insisting on identifying verification for SIM and DFS registrations and transacting,
               biometric-based onboarding and verification systems have emerged.  Initial implementations have involved
                                                                         87
               capturing fingerprint data, with evolving implementations using Iris capture, bolstered by drops in costs for
               this technology.

               In India, for example, Unique Identification Authority of India’s national identity verification system uses a
               sequence of biometric capture devices to collect the biometric and demographic data of residents, store them
               in a centralized database, and issue a 12-digit unique identity number called Aadhaar to each resident.  It is
                                                                                                     88
               considered the world's largest national identification number project.

               Iris is becoming the preferred biometric capture method in DFS countries. This is set to increase with emergence
               of application programming interfaces (APIs) for Iris capture and phones with Iris scanners.










               83   Identity designs and platforms are covered in a separate ITU DFS FG study and hence will not be covered in great depth in this
                  study.
               84   See also, McGowan, K (2015) Know Your Customer is the Secret to MNO Negotiations, available at http:// technologysalon. org/
                  know- customer- secret- mno- negotiations/   and Gidvani, L (2015) The Promise of Biometric KYC and Remote Account Opening
                  for Branchless Banking in Pakistan, available at http:// www. gsma. com/ mobilefordevelopment/ programme/ mobile- money/ the-
                  promise- of- biometric- kyc- and- remote- account- opening- for- branchless- banking- in- pakistan
               85   See www. fatf- gafi. org
               86   See further GSMA (2016b) Mandatory ‘Real Name’ Registration By Prepaid Sim Card Users: Considerations For Policymakers,
                  available at http:// www. gsma. com/ newsroom/ blog/ mandatory- real- name- registration- prepaid- sim- card- users- considerations-
                  policymakers/
               87   See, for example, Pakistan, where the Pakistan Telecommunications Authority mandated verification of all active SIM cards using
                  biometric verification where every SIM owner was required to visit an operator outlet where their MSISDN and Computerized
                  National Identity Card were confirmed or updated in the existing ownership database and fingerprints were matched with the
                  National Database and Registration Authority. Gidvani (2015) ibid.
               88   See https:// uidai. gov. in



                108