Page 23 - FIGI: e-KYC use cases in digital financial services
P. 23
to the PC through USB. The PC hosts an appli- b) ANSI 378
cation which captures finger impressions and c) ISO/IEC 19794-2
communicates the information to the mobile d) Fingerprints are sent to NADRA as a Template or
operator. This solution is mostly used at Custom- Image (WSQ/JPG/BMP) as per any of the sup-
er Service Centres (CSCs) and Franchisees which ported standard used by a telco.
usually have a fixed premise and a power backup. e) Fingerprints are available at NADRA's database.
b) Specialized Android based terminals and Android One to one matching of CNIC # and correspond-
tablets with finger scanners (Figure 2) have been ing Fingerprint (image or template as per the
deployed mostly at retail level. used standard) sent by CMO is made at NAD-
c) In some circumstances, the process is also car- RA's end and response in the form of Success or
ried out through a blue tooth enabled phone and Failure are sent back to CMO concerned.
finger scanner. f) Complete Packet encryption (AES 256bits) is
used for encryption of data sent to CMOs and
The devices are connected to the databases via NADRA.
VPNs over Internet and the access is arranged
through Digital Subscriber Line (DSL) or Edge/GPRS 3.3.6 Biometric Verification for Branchless
or Mobile Broadband (3G/4G) depending upon the Banking
type of device and service area. Without compromising the requirements of AML/
CFT, the State Bank of Pakistan (SBP) has opted a
3.3.3 BVS Transactions risk-based approach to customers due diligence for
Currently, following transactions are carried out branchless banking accounts. As per State Bank of
through BVS: Pakistan's Branchless Banking Regulations issued
vide BPRD Circular No: 09 of 2016., Biometric Verifi-
a) Issuance of New SIM. cation requirement for over-the-counter branchless
b) Issuance of Duplicate SIM (SIM Replacement or banking transactions was made mandatory from July
Change of SIM). 01,2017.
c) Change of Ownership (Changing Ownership The regulations are available at http:// www .sbp
from one owner to another). .org .pk/ bprd/ 2016/ C9 .htm Further, in line with the
d) Mobile Number Portability (MNP). objectives of National Financial Inclusion Strate-
e) Disowning (disowning a SIM registered on a gy 2015, the above mentioned regulations allowed
CNIC). remote opening of Level 0 accounts, however, it was
f) Re-Verification (re-verification of existing active required that account of a customer shall be opened
SIM). against verified SIM Card. [Note: Via its BPRD Circu-
lar No. 18 of 2018, SBP has required banks to carry
3.3.4 Data Source & Image Format out biometric verification of the existing customers].
Verification of biometric information is real-time
which is done from NADRA (the national database
of Pakistan having biometric information). A unique 4 E-KYC USING DECENTRALIZED IDENTIFI-
transaction ID is assigned to each transaction for ERS
tracking and audit purposes. The biometric infor-
mation for verification is required to be captured The main problem facing remote account opening
at at-least 500 dpi and the supported standards is the task of performing online identity verification.
for image acquisition are Pkmat, ANSI 378 and ISO Methods that enable the bootstrapping of trusted
19794. online identity vetting are required.
The concept of "self-sovereign" identity promises
3.3.5 Technical Standards to mitigate or eliminate the problems of convention-
NADRA is the custodian of Pakistani citizens' data. al identity-related interactions by placing the user in
For verification purposes, they have exposed a web control of his or her own identity assets. A DID sys-
API for telcos which supports following standards for tem consists of a set of tools and services that imple-
interacting with NADRA's AFIS: ment the self-sovereign identity concept.
Many DID systems are deployed on distributed
a) Pkmat ledgers. Ledgers provide various benefits, including:
e-KYC use cases in digital financial services 21