BVN Verification Integration for Nigerian Applications

BVN Verification APIs

You have four primary options for BVN verification. Each has different data return fields and pricing.

Paystack offers simplest integration for fintech apps using their payments. Flutterwave supports international verification. YouVerify returns photos for facial matching. IdentityPass includes address data for lending apps.

Validation Process

A well-designed BVN flow balances accuracy with UX. Step 1: user enters 11-digit BVN with client-side format validation. Step 2: backend sends to API provider. Step 3: API returns verified data. Step 4: backend compares names using fuzzy matching (Levenshtein or Jaro-Winkler, 80% threshold). Step 5: if match passes, verification succeeds. If not, prompt user to visit bank to update BVN records. Exact string matching causes excessive false rejections with Nigerian names due to spelling variations.

NDPR Compliance for Biometric Data

The NDPR classifies BVN data as sensitive personal data. Consent: explicit, informed consent required before collection. Specify what data is collected, how used, who shared with, retention period, and right to withdraw. Security: AES-256 encryption at rest, TLS 1.2+ in transit, restricted access logged, never return full BVN in API responses. Retention: NDPR requires deletion when no longer needed, but CBN mandates 5-year retention. Implement automated flagging for deletion after retention period.

Error Handling

BVN verification failures must be handled gracefully. Invalid format: client-side validation, prompt for 11 digits. BVN not found in NIBSS: retry up to 3 times, then guide user. Name mismatch: log for manual review, direct user to bank. Network timeout: exponential backoff retry (1s, 2s, 4s, 8s, max 5). Rate limited: queue and delay, inform user. Monitor error rates by type and set alerts for threshold breaches.

Frequently Asked Questions