One of the most essential considerations when building a successful fintech application in Nigeria is proof of customer identity. As a developer, small business or large enterprise, integrating this feature is crucial to ensuring the legitimacy of your users. It is often referred to as a Know Your Customer (KYC) process and requires some financial data, like Bank account details and Card Bank Identification Number (BIN).
This guide will walk you through integrating KYC into your application to verify your users’ financial data using Flutterwave verification service.
Requirements for Verification Process
Having a KYC process in place is a key driver behind the growth of any digital financial service in Nigeria. This process is essential to expanding access to financial services and allowing fintech companies to safely onboard more users without going through the in-person banking system.
To begin a KYC process, your users must submit certain financial information, such as their card BIN for card transactions, bank account details for bank transactions, or BVN number for customer validation.
Before making any requests to verify your customers’ financial data, you must first sign up for an account on Flutterwave. You will then need to generate a public and secret key from the API section under your Settings menu.
It’s important to secure this information during this development process, using environment variables and hashing to prevent the exposure of important customer data and secure their trust.
Once you have a secure means of handling your users’ data, you can begin verifying users with Flutterwave services, the next section will explain how to do so for different financial data.
Types of Fintech Verification
Using the Flutterwave verification service helps ensure your users are who they claim to be, which in turn helps you prevent fraudulent individuals and comply with regulatory requirements.
With Flutterwave’s API services, you can verify a user’s financial data by making requests directly to their server or using available backend SDKs. Below are key validation types to consider:
- Card BIN verification
- Bank verification
- BVN verification
Card BIN Verification: This information should be validated before a user makes a card transaction. After your user signs up for the application, you can request that they submit their card BIN as part of the KYC process for allowing them to access card transactions on your app. Validating a user’s BIN helps you identify the bank name, location, and card type.
Bank Account: This process will require sending a user's account number and bank code using the resolve account detail endpoint or any available Backend SDKs.
You can make this check every time a user enters a bank detail to
make a transfer. It doesn't have to be a standalone component since you can tether the request to every transaction process.
BVN Verification: This part of the process would require you to send a request, including parsing in a BVN, in which you’ll be sending in a request, along with their firstname, lastname, and redirect_url. This can be done after a user signs up on your application.
Making this check the foremost information to validate before allowing your users to begin making transactions on your app. To learn more about this process, you can check the BVN verification guide.
How to Verify Customers
Once you have your API keys from your Flutterwave dashboard, you can request to verify your user data either by making an HTTPS request or using the Flutterwave backend SDK.
BIN Verification
To verify a user’s card BIN, you must send a get request with the URL https://api.flutterwave.com/v3/card-bins/:bin, putting in the customer’s BIN. Here is an example javascript snippet:
// Install and import axios
const axios = require('axios');
// Define the user's card number
const cardNumber = '<BIN-number>';
const cardBin = cardNumber.substring(0, 6); // Extract the first 6 digits (BIN)
// Flutterwave API URL
const url = `https://api.flutterwave.com/v3/card-bins/${cardBin}`;
// Make the HTTP GET request to verify the card BIN
axios.get(url, {
headers: {
Authorization: `Bearer ${process.env.FLW_SECRET_KEY}` // Replace with your Flutterwave secret key
}
})
.then(response => {
console.log('Card BIN details:', response.data);
})
.catch(error => {
console.error('Error verifying card BIN:', error);
});
In curl:
curl --request GET 'https://api.flutterwave.com/v3/card-bins/553188' \
--header 'Authorization: Bearer YOUR SECRET_KEY'
Here is an example snippet you’ll need to verify a BIN using the Javascript SDK:
// Import the Flutterwave SDK
const Flutterwave = require('flutterwave-node-v3');
// Export your API variables
const flw = new Flutterwave(process.env.FLW_PUBLIC_KEY, process.env.FLW_SECRET_KEY);
// Define the card number
const cardNumber = '<users-card-number>';
const cardBin = cardNumber.substring(0, 6);
// Resolve card BIN
const resolveCardBin = async (cardBin) => {
try {
const response = await flw.Misc.cardBin({ bin: cardBin });
console.log(response);
} catch (error) {
console.error(error);
}
};
// Call the function
resolveCardBin(cardBin);
You will get a response similar to the one below:
# Valid BIN
{
"status": "success",
"message": "completed",
"data": {
"issuing_country": "NIGERIA NG",
"bin": "553188",
"card_type": "MASTERCARD",
"issuer_info": " CREDIT"
}
}
# Invalid BIN
{
"status": "error",
"message": "completed",
"data": {
"nigerian_card": false,
"response_code": "RR",
"response_message": "BIN not Found",
"transaction_reference": "FLW1590500367800"
}
}
Bank Account Verification
To verify a user’s bank account, you’ll need to send the account number and bank code as a payload to the request: https://api.flutterwave.com/v3/accounts/resolve. You will also need your public key and secret key, which are stored and exported from your .env file. Here is an example of what a Javascript request would look like:
// Javascript
// Install and import axios
const axios = require('axios');
// Define the account details
const details = {
account_number: "0690000032",
account_bank: "044"
};
// Flutterwave API URL for account resolution
const url = 'https://api.flutterwave.com/v3/accounts/resolve';
// Make the HTTP POST request to resolve the account
axios.post(url, details, {
headers: {
Authorization: `Bearer ${process.env.FLW_SECRET_KEY}`, // Replace with your Flutterwave secret key
'Content-Type': 'application/json'
}
})
.then(response => {
console.log('Account resolution response:', response.data);
})
.catch(error => {
console.error('Error resolving account:', error);
});
In curl:
curl --request POST 'https://api.flutterwave.com/v3/accounts/resolve' \
--header 'Authorization: Bearer YOUR_SECRET_KEY'\
--header 'Content-Type: application/json'\
--data-raw '{
"account_number": "0690000032",
"account_bank": "044"
}'
If you prefer to use Flutterwave’s backend SDK, you will need your public_key and your secret_key. Here is an example using the Node.js SDK:
// Install with: npm i flutterwave-node-v3
const Flutterwave = require('flutterwave-node-v3');
const flw = new Flutterwave(process.env.FLW_PUBLIC_KEY, process.env.FLW_SECRET_KEY);
const details = {
account_number: "0690000032",
account_bank: "044"
};
flw.Misc.verify_Account(details)
.then(response => console.log(response));
You will get a response similar to the ones below:
# Valid account
{
"status": "success",
"message": "Account details fetched",
"data": {
"account_number": "0690000032",
"account_name": "Pastor Bright"
}
}
# Invalid account
{
"status": "error",
"message": "Sorry, that account number is invalid, please check and try again",
"data": null
}
Handling Sensitive Data
Certain considerations, like how and when to make these requests, must be taken into account as a precaution and to have an extra layer of security.
- When building your application, the verification algorithm for any information should be written on the server side, it must be done on the backend.
- You must ensure the use of the environment variables to store your public, secret, and encryption keys.
- Enable proper error handlers to catch and log error messages when they occur. It keep your verification process audited, it helps alert your users on caution to take and next steps.
- Ensure your generated keys are not hardcoded on your server-side application.
- For transaction verifications, you can implement your algorithm to fire up every time a user makes a transfer transaction.
- For Card BIN verification, a customer’s card must be verified before approving the first card transaction.
- For Bank account verification, you should also run this check before a customer makes the first bank transaction.
By carefully implementing these precautions, you can enhance the security of your application and ensure that sensitive data is handled with the utmost care, protecting your users while dealing with their financial data.
Wrapping Up
Flutterwave offers a wide range of fintech services, with user verification being an important component of secure user experiences. We discussed these verification services, and with them, developers can effectively validate users' financial data, such as bank accounts, card BINs, and transaction details.
Contact Flutterwave support to get started on your setup. Join the developer community to interact with other developers who are building secure financial services.
For a more in-depth read on this subject, check out the developer documentation:
Top comments (0)