Enhanced Know Your Customer

Learn how our enhanced Know Your Customer (eKYC) API works.

Overview

Our eKYC API enables you to authenticate a customer's identity to meet your regulatory and other requirements. We offer two eKYC methods, Penny Drop and One-time Passcode (OTP). Both methods have configurability available.

Penny Drop

Penny Drop is an authentication method that allows you to confirm both identity and access to a bank account by validating that the bank details provided match the customer and requiring the input of a code provided in the transaction reference of the one penny deposit, proving access to the bank account.

What is the Penny Drop process?

  1. 1
    Customer enters bank details: The Initiate Penny Drop endpoint within the eKYC API is called and verifies:

    - The bank account supplied is a valid UK bank account.

    - The bank account matches to the customer.
  2. 2
    1p is sent to the bank account: If the bank account passes the checks above, then 1p is sent to the bank account with a code via a Faster Payments service.
  3. 3
    Customer retrieves the code: The customer logs into their bank account and retrieves the code.
  4. 4
    Customer inputs the code: The customer enters the code, and the Validate Penny Drop endpoint within the eKYC API is called to verify it against the code sent to the bank account.
  5. 5
    Outcome: If the code matches, the customer passes the Penny Drop process. If it does not match, the customer fails the Penny Drop attempt. They may be able to re-try code input depending on business logic and outcome of any previous attempts.

One-time Passcode (OTP)

OTP confirms the identity possession of a mobile, landline, or email address to authenticate a customer by sending a one-time passcode to the customer’s preferred phone or email address.

What is the OTP process?

  1. 1
    Customer journey requires OTP - code is triggered: The Initiate OTP endpoint within the eKYC API is called and triggers an OTP to the chosen phone type (mobile or landline) or email address or the respective phone number or email address held on the customer’s application or account (unless a phone number is provided in the request).
  2. 2
    Customer receives the code: The customer receives the code to the chosen phone number or email address – via SMS to mobile, an automated call to landline, or an email to email address.
  3. 3
    Customer inputs the code: The customer enters the code, and the Validate OTP endpoint within the eKYC API is called to verify the code sent to the phone number or email address.
  4. 4
    Outcome: If the code matches, the customer passes the OTP process. If it does not match, the customer fails the OTP attempt. They may be able to re-try code input or trigger a new OTP depending on business logic and outcome of any previous attempts.

How do the eKYC API's work?

Penny Drop and OTP are initiated and validated in the same way but have different methods to send out the respective code. Below is what a successful eKYC initiation and validation flow looks like.

  1. 1
    You initiate your chosen eKYC method to send the required code to the customer.
  2. 2
    A successful initiation will:

    - Update the status to initiated.

    - Return an authId, remainingPasscodes and journeyId.

    - Send the required code to the customer.
  3. 3
    The customer retrieves and enters the code, which is passed through the relevant validation endpoint with the authId and id.
  4. 4
    If the validation succeeds the customer's status will be updated to authenticated.

Customise eKYC

eKYC restrictions are configured based on your requirements. The customisable restrictions and descriptions are listed below.

ConfigurationDescription
maximumNumberOfInitiatesPerDurationThe maximum number of codes generated in each time period.
passcodeExpiryInMillisecondsHow long a code is active from the point of it being created.
initiatesDurationInMillisecondsThe period of allowing x number of codes.
maximumNumberOfInvalidValidatesThe maximum number of invalid attempts.
maximumNumberOfInvalidValidatesPerSessionThe maximum number of invalid attempts per session.
maximumNumberOfExpiredValidatesThe number of expired code attempts you allow.
otpCodeLengthThe length of the OTP code that is generated within the NDT platform.
tempLockEnabledOnInitiateApplicationLock the session when maximum number of initiated codes is met.
tempLockDurationOnInitiateApplicationInSecondsHow long the temporary lock is for.

eKYC Statuses

The customer will have one of the following eKYC statuses depending on the eKYC method used and whether the eKYC method is being initiated or validated.

StatusDescriptioneKYC MethodInitiate/Validate
initiatedThe eKYC process has been initiated.OTP & Penny DropInitiate
noMoreCodesThe customer has requested their limited number of codes.OTP & Penny DropInitiate
authenticatedThe customer has been authenticated.OTP & Penny DropBoth
failedThe customer has failed the eKYC verification process and cannot try again.OTP & Penny DropBoth
notFoundThe authId does not match an active session.OTP & Penny DropBoth
invalidBankDetailsThe bankAccount and/or sortCode is invalid because the account provided is not a valid UK bank account or it does not match to the customer.Penny DropInitiate
addressDetailsMissingThe application is missing the required address details.Penny DropInitiate
duplicateThe code is a duplicate.OTPInitiate
invalidThe code entered is incorrect. The customer can try again.OTPInitiate
expiredThe code has expired.OTPBoth
invalidRequestOne or more validation errors occurred.OTPValidate
sessionIdNotFoundThe authId could not be found against the supplied applicationId.OTPValidate
applicationIdNotFoundThe applicationId cannot be found.OTPValidate
accountIdNotFoundThe accountId cannot be found.OTPValidate

Getting Started with NewDay

Quick start guides for how you can start working with NewDay as a partner and learn about the end to end processes of integrating with APIs.

Engagement with Commercial team

This section guides potential businesses on how to become a NewDay credit partner and explains the end-to-end on-boarding process.

Find out more

Integration Guide for Developers

This section provides guidance on how to start building with NewDay i.e. how to integrate with NewDay's various deployment environments, getting access to APIs etc.

Still have questions

Can’t find the answer to your question? Our friendly team are more than happy to help

Was this page helpful?


© NewDay 2022. All rights reserved.

Cookie PolicyPrivacy PolicyTerms of UseSupport