eKYC
2.0
A suite of endpoints that can be used during acquisition or servicing to perform enhanced KYC checks and validation.
Overview
Our eKYC API enables you to authenticate a customer's identity to meet your regulatory and other requirements. We offer two eKYC methods, Penny Drop and One-time Passcode (OTP). Both methods have configurability available.
Penny Drop
Penny Drop is an authentication method that allows you to confirm both identity and access to a bank account by validating that the bank details provided match the customer and requiring the input of a code provided in the transaction reference of the one penny deposit, proving access to the bank account.
What is the Penny Drop process?
- 1Customer enters bank details: The Initiate Penny Drop endpoint within the eKYC API is called and verifies:
- The bank account supplied is a valid UK bank account.
- The bank account matches to the customer. - 21p is sent to the bank account: If the bank account passes the checks above, then 1p is sent to the bank account with a code via a Faster Payments service.
- 3Customer retrieves the code: The customer logs into their bank account and retrieves the code.
- 4Customer inputs the code: The customer enters the code, and the Validate Penny Drop endpoint within the eKYC API is called to verify it against the code sent to the bank account.
- 5Outcome: If the code matches, the customer passes the Penny Drop process. If it does not match, the customer fails the Penny Drop attempt. They may be able to re-try code input depending on business logic and outcome of any previous attempts.
One-time Passcode (OTP)
OTP confirms the identity possession of a mobile, landline, or email address to authenticate a customer by sending a one-time passcode to the customer’s preferred phone or email address.
What is the OTP process?
- 1Customer journey requires OTP - code is triggered: The Initiate OTP endpoint within the eKYC API is called and triggers an OTP to the chosen phone type (mobile or landline) or email address or the respective phone number or email address held on the customer’s application or account (unless a phone number is provided in the request).
- 2Customer receives the code: The customer receives the code to the chosen phone number or email address – via SMS to mobile, an automated call to landline, or an email to email address.
- 3Customer inputs the code: The customer enters the code, and the Validate OTP endpoint within the eKYC API is called to verify the code sent to the phone number or email address.
- 4Outcome: If the code matches, the customer passes the OTP process. If it does not match, the customer fails the OTP attempt. They may be able to re-try code input or trigger a new OTP depending on business logic and outcome of any previous attempts.
How do the eKYC API's work?
Penny Drop and OTP are initiated and validated in the same way but have different methods to send out the respective code. Below is what a successful eKYC initiation and validation flow looks like.
- 1You initiate your chosen eKYC method to send the required code to the customer.
- 2A successful initiation will:
- Update thestatustoinitiated.
- Return anauthId,remainingPasscodesandjourneyId.
- Send the required code to the customer. - 3The customer retrieves and enters the code, which is passed through the relevant validation endpoint with the
authIdandid. - 4If the validation succeeds the customer's
statuswill be updated toauthenticated.
Customise eKYC
eKYC restrictions are configured based on your requirements. The customisable restrictions and descriptions are listed below.
| Configuration | Description |
|---|---|
maximumNumberOfInitiatesPerDuration | The maximum number of codes generated in each time period. |
passcodeExpiryInMilliseconds | How long a code is active from the point of it being created. |
initiatesDurationInMilliseconds | The period of allowing x number of codes. |
maximumNumberOfInvalidValidates | The maximum number of invalid attempts. |
maximumNumberOfInvalidValidatesPerSession | The maximum number of invalid attempts per session. |
maximumNumberOfExpiredValidates | The number of expired code attempts you allow. |
otpCodeLength | The length of the OTP code that is generated within the NDT platform. |
tempLockEnabledOnInitiateApplication | Lock the session when maximum number of initiated codes is met. |
tempLockDurationOnInitiateApplicationInSeconds | How long the temporary lock is for. |
eKYC Statuses
The customer will have one of the following eKYC statuses depending on the eKYC method used and whether the eKYC method is being initiated or validated.
| Status | Description | eKYC Method | Initiate/Validate |
|---|---|---|---|
initiated | The eKYC process has been initiated. | OTP & Penny Drop | Initiate |
noMoreCodes | The customer has requested their limited number of codes. | OTP & Penny Drop | Initiate |
authenticated | The customer has been authenticated. | OTP & Penny Drop | Both |
failed | The customer has failed the eKYC verification process and cannot try again. | OTP & Penny Drop | Both |
notFound | The authId does not match an active session. | OTP & Penny Drop | Both |
invalidBankDetails | The bankAccount and/or sortCode is invalid because the account provided is not a valid UK bank account or it does not match to the customer. | Penny Drop | Initiate |
addressDetailsMissing | The application is missing the required address details. | Penny Drop | Initiate |
duplicate | The code is a duplicate. | OTP | Initiate |
invalid | The code entered is incorrect. The customer can try again. | OTP | Initiate |
expired | The code has expired. | OTP | Both |
invalidRequest | One or more validation errors occurred. | OTP | Validate |
sessionIdNotFound | The authId could not be found against the supplied applicationId. | OTP | Validate |
applicationIdNotFound | The applicationId cannot be found. | OTP | Validate |
accountIdNotFound | The accountId cannot be found. | OTP | Validate |
You may also like:
Was this page helpful?