Studies have shown that OPay, a Nigerian financial technology business, has continued to implement sloppy registration procedures that leave its digital platform open to fraudulent activity despite growing worries about fraud.
OPay, which debuted in 2018, has grown to become one of Nigeria’s largest mobile money providers.
The company has launched a sophisticated marketing campaign to attract new users, especially those without bank accounts. The business partnered with other fintechs and commercial banks to streamline the registration process for new users in an effort to attract unbanked clients. This included reducing stringent identification verification criteria for the most basic bank account type, which has the fewest functionality.
But as worries about financial fraud in the nation have grown, these loose regulations have come under fire in recent months. TechCabal’s investigations now reveal that OPay keeps enabling new users to register on its site without conducting the necessary verification.
New users of the Chinese-owned fintech app can use a phone number, a National Identification Number (NIN), a bank account number, or a bank verification number (BVN) to confirm their identification after providing basic personal information. In order to verify their identity, users must submit real-time facial verification. After submitting a BVN or NIN, users of OPay’s tiered verification process, which runs from tier 1 to 4, can access a greater range of services.
Read also: OPay, Kuda among top fintech firms in 2023
Studies on Opay
Nevertheless, a number of studies reveal that OPay’s tier 1 basic account verification procedure is deficient, and the facial identity system is vulnerable, which can enable malicious users to sign up for the service and start making transactions in under 60 seconds. In one test, OPay lets users register for the service with just their name and birthday—basic personal data—about a celebrity. Although OPay requests that users provide a phone number or bank account for validation, the app did not check the information.
The OPay app just required a picture to accept the user, despite the company’s assertions that face recognition is necessary to finish the registration process—possibly to connect the record to the bank account. While a woman created the freshly established account, the facial recognition was finished by a guy. Even days after the account was created, OPay’s technology could not detect this abnormality.
Data Obtained
The inspections highlight the shortcomings of OPay’s account management procedures, which can provide a sanctuary for dishonest people trying to pose as innocent victims and scam them.
“Face verification is not solving for anything if it does not match the BVN details,” remarked a KYC specialist who wished to remain anonymous in order to express themselves freely. The expert recommended that the Fintech obtain a user’s BVN prior to facial verification.
Users can conduct transactions of up to N50,000 and deposit up to N300,000 into their mobile money wallets under OPay’s tier 1 basic account type. Even while these transaction restrictions are limited, the simplicity with which dozens of fake OPay accounts can be created raises questions about the company’s security procedures.
The Central Bank of Nigeria (CBN) issued a warning against such a flimsy verification procedure during the first week of December. All financial services were ordered by the banking authority to enforce more stringent know-your-customer (KYC) procedures and to deactivate any bank accounts or mobile money wallets that haven’t been validated with a BVN or NIN. It is anticipated that financial services will conform before the April 2024 deadline.