Nigerian fintech giant OPay is facing criticism for weak know-your-customer (KYC) protocols that allow potential bad actors to open accounts without proper identity verification. Despite growing concerns about fraud, OPay’s lenient registration standards persist, making its platform vulnerable, according to recent checks.
Launched in 2018, OPay quickly became one of Nigeria’s largest mobile money platforms, attracting unbanked customers through simplified registration processes with minimal verification requirements. This approach aimed to onboard unbanked Nigerians, allowing them to access a basic account type with limited features. However, this strategy has recently come under fire for its susceptibility to fraud, particularly with the platform’s tiered verification system.
OPay’s sign-up process allows users to verify their identity using a phone number, National Identification Number (NIN), bank account number, or Bank Verification Number (BVN). Additionally, it requires real-time facial verification. But recent tests reveal vulnerabilities, especially in OPay’s basic tier 1 account. The facial verification system can be bypassed, allowing users to register using basic personal details—even impersonating a celebrity. During one test, OPay approved a new account where a man’s photo was submitted under a female profile, a discrepancy that went unflagged.
KYC experts have criticized OPay’s system, suggesting that facial verification should be linked to the BVN details to confirm identity accurately. “Face verification is not solving for anything if it does not match the BVN details,” said one expert. The ease of setting up unverified accounts on OPay has raised concerns, as bad actors could easily create multiple accounts to defraud users despite transaction limits of N300,000 deposits and N50,000 per transaction on tier 1 accounts.
The Central Bank of Nigeria (CBN) recently issued a directive requiring all financial services platforms to enforce stricter KYC measures and disable accounts not verified with a BVN or NIN by April 2024. The CBN’s warning highlights the need for companies like OPay to strengthen their KYC practices to protect consumers and the financial ecosystem from rising fraud risks.
