Page 23 - FIGI: e-KYC use cases in digital financial services
P. 23

to the PC through USB. The PC hosts an appli-  b)  ANSI 378
                cation which captures finger impressions and   c)  ISO/IEC 19794-2
                communicates the information to the mobile     d)  Fingerprints are sent to NADRA as a Template or
                operator. This solution is mostly used at Custom-  Image (WSQ/JPG/BMP) as per any of the sup-
                er Service Centres (CSCs) and Franchisees which   ported standard used by a telco.
                usually have a fixed premise and a power backup.  e)  Fingerprints are available at NADRA's database.
            b)  Specialized Android based terminals and Android   One to one matching of CNIC # and correspond-
                tablets with finger scanners (Figure 2) have been   ing Fingerprint (image or template as per the
                deployed mostly at retail level.                  used standard) sent by CMO is made at NAD-
            c)  In some circumstances, the process is also car-   RA's end and response in the form of Success or
                ried out through a blue tooth enabled phone and   Failure are sent back to CMO concerned.
                finger scanner.                                f)  Complete Packet encryption (AES 256bits) is
                                                                  used for encryption of data sent to CMOs and
            The devices are connected to the databases via        NADRA.
            VPNs  over Internet  and the access is  arranged
            through Digital Subscriber Line (DSL) or Edge/GPRS   3.3.6   Biometric Verification for Branchless
            or Mobile Broadband (3G/4G) depending upon the     Banking
            type of device and service area.                   Without compromising the requirements of AML/
                                                               CFT, the State Bank of Pakistan (SBP) has opted a
            3.3.3   BVS Transactions                           risk-based approach to customers due diligence for
            Currently, following transactions are carried out   branchless banking accounts. As per State Bank of
            through BVS:                                       Pakistan's Branchless Banking Regulations issued
                                                               vide BPRD Circular No: 09 of 2016., Biometric Verifi-
            a)  Issuance of New SIM.                           cation requirement for over-the-counter branchless
            b)  Issuance of Duplicate SIM (SIM Replacement or   banking transactions was made mandatory from July
                Change of SIM).                                01,2017.
            c)  Change of  Ownership (Changing  Ownership        The  regulations  are  available  at  http:// www .sbp
                from one owner to another).                    .org .pk/ bprd/ 2016/ C9 .htm Further, in line with the
            d)  Mobile Number Portability (MNP).               objectives of National Financial Inclusion Strate-
            e)  Disowning  (disowning  a SIM registered  on  a   gy 2015, the above mentioned regulations allowed
                CNIC).                                         remote opening of Level 0 accounts, however, it was
            f)  Re-Verification (re-verification of existing active   required that account of a customer shall be opened
                SIM).                                          against verified SIM Card. [Note: Via its BPRD Circu-
                                                               lar No. 18 of 2018, SBP has required banks to carry
            3.3.4   Data Source & Image Format                 out biometric verification of the existing customers].
            Verification of biometric information is real-time
            which is done from NADRA (the national database
            of Pakistan having biometric information). A unique   4  E-KYC USING DECENTRALIZED IDENTIFI-
            transaction ID is assigned to each transaction for    ERS
            tracking and audit purposes. The biometric infor-
            mation for verification is required to be captured   The main problem facing remote account opening
            at at-least 500 dpi and the supported standards    is the task of performing online identity verification.
            for image acquisition are Pkmat, ANSI 378 and ISO   Methods that enable the bootstrapping of trusted
            19794.                                             online identity vetting are required.
                                                                 The concept of "self-sovereign" identity promises
            3.3.5   Technical Standards                        to mitigate or eliminate the problems of convention-
            NADRA is the custodian of Pakistani citizens' data.   al identity-related interactions by placing the user in
            For verification purposes, they have exposed a web   control of his or her own identity assets. A DID sys-
            API for telcos which supports following standards for   tem consists of a set of tools and services that imple-
            interacting with NADRA's AFIS:                     ment the self-sovereign identity concept.
                                                                 Many DID systems are deployed on distributed
            a)  Pkmat                                          ledgers. Ledgers provide various benefits, including:





                                                                          e-KYC use cases in digital financial services  21
   18   19   20   21   22   23   24   25   26   27   28