Switch to dark theme

Switch to light theme

Shortfall KYC - RBL

A user who has verified his mobile number but has not updated OVD in the system is identified as a shortfall KYC user. An applicant may sign up with multiple Fintechs under the same issuer. Zeta system maintains a single identity of an Account Holder per issuer. This is in line with the compliance requirements of the bank and the regulator. This means that if a user signs up with multiple fintech’s working with Fusion on the same issuer, there would only be one Account Holder entity. The same Account Holder would be associated with these Fintechs when they on-board the applicant using the /newIndividual API.

In case a user signs up with a fintech and is in shortfallKYC status, any other fintech that onboards this user would have to upgrade the KYC status of the user to minimum KYC first. The steps to do this would be:

  • Fintech to first invoke /newIndividual API
  • /newIndividual API will provide the Account Holder ID in the response.
  • Fintech can now check the Account Holder’s profile using the API — /api/v1/ifi/{ifiID}/accountHolders/{accountHolderID}.
  • If the Account Holder’s KYC status in the response is SHORT_FALL or SHORTFALL_MIN_CORP, then the fintech can call the update endpoint to update the Account Holder’s KYC to minimum KYC
    • This creates an update Account Holder application internally in Zeta system
    • This application goes through the defined approval workflow as per the issuer.
  • Account Holder is updated successfully and Fintech can now issue products to the Account Holder.

Create Application

This API is used to update the KYC status to MINIMAL if a user’s existing KYC Status is SHORT_FALL or SHORTFALL_MIN_CORP.

POSThttps://fusion.preprod.zeta.in//api/v2/ifi/{{ifiID}}/accountHolders/{{account_holder_id}}/createApplication

Input Params

Parameters Description
X-Zeta-AuthToken It should be same as the VBO token
ifiID It represents a unique identifier assigned to the IFI (Example: 140793)
Auth_Token Respective Auth Token
requestId Request ID has to be unique per request
accountHolderId The Account Holder for which the KYC has to be updated
operationType KYC_SHORTFALL_TO_MIN

(This value will remain constant for Shortfall to Minimum KYC update)

kycStatus MINIMAL

(The value has to be "MINIMAL" only in the request body)

kycStatusPostExpiry MINIMAL

(The value has to be "MINIMAL" only in the request body)

authType The authentication type on which the user is onboarded
authdata Details of the "authType"

cURL Sample
Switch Theme
Expand More
Copy
curl --location --request POST 'https://fusion.preprod.zeta.in//api/v2/ifi/{{ifiID}}/accountHolders/{{account_holder_id}}/createApplication' \
--header 'X-Zeta-AuthToken: {{a}}' \
--header 'Content-Type: application/json' \
--header 'Cookie: AWSALB=dh7EbNqWqkugWqKeUbVQB0/o72Vf8zsTC3VQC/R8YrqKAqzzi1cySVnmZ2ytG5bG4j5SoKpzzjHWjQ1VLTD5mshAr25h+df0dSTeFi+dASJ1ngehHhRC8XNs1wdv; AWSALBCORS=dh7EbNqWqkugWqKeUbVQB0/o72Vf8zsTC3VQC/R8YrqKAqzzi1cySVnmZ2ytG5bG4j5SoKpzzjHWjQ1VLTD5mshAr25h+df0dSTeFi+dASJ1ngehHhRC8XNs1wdv' \
--data-raw '{
 "requestId": "request_kyc_19110102",
 "operationType": "KYC_SHORTFALL_TO_MIN" ,
 "reqPayload": {
   "kycStatus": "MINIMAL",
   "kycStatusPostExpiry": "MINIMAL",
   "authType": "PAN",
   "authdata": {
     "pan": "FYUBH9654N"
   }
 }
}'
Code Copied
JSON Sample
Switch Theme
Expand More
Copy
{
    "applicationId": "f0146a03-7cd2-4997-a305-398b5f0a09d6",
    "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
    "ifiId": 140793,
    "status": "ENRICHMENT_INITIATED",
    "sections": {
        "KycDetails": {
            "sectionId": "79ba3104-d103-451f-9e53-8b354fe5be93",
            "ifiId": 140793,
            "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
            "applicationId": "f0146a03-7cd2-4997-a305-398b5f0a09d6",
            "name": "KycDetails",
            "type": "KYC",
            "details": {
                "kycPayload": {
                    "ifiId": "140793",
                    "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
                    "authType": "PAN",
                    "authdata": {
                        "pan": "FFGPK9954E"
                    },
                    "kycStatus": "MINIMAL",
                    "accountHolderId": "eed858de-e7c9-4db4-a48d-58ecd8aea65a",
                    "kycStatusPostExpiry": "MINIMAL"
                }
            },
            "createdAt": "2020-11-18T23:01:26.914+05:30",
            "updatedAt": "2020-11-18T23:01:26.914+05:30"
        }
    },
    "vectors": [],
    "stages": [
        {
            "stageId": "43f85181-be16-498c-a1cf-ebbb90c7babc",
            "ifiId": 140793,
            "applicationId": "f0146a03-7cd2-4997-a305-398b5f0a09d6",
            "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
            "name": "DATA_CAPTURE",
            "status": "COMPLETED",
            "details": {},
            "result": {
                "validationPassed": {
                    "validation": "successful"
                }
            },
            "createdAt": "2020-11-18T23:01:27.479+05:30",
            "updatedAt": "2020-11-18T23:01:36.830+05:30"
        },
        {
            "stageId": "f55678da-7312-41d1-add9-209a985a4445",
            "ifiId": 140793,
            "applicationId": "f0146a03-7cd2-4997-a305-398b5f0a09d6",
            "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
            "name": "ASSESSMENT",
            "status": "NOT_INITIATED",
            "details": {},
            "result": {},
            "createdAt": "2020-11-18T23:01:27.851+05:30",
            "updatedAt": "2020-11-18T23:01:27.851+05:30"
        },
        {
            "stageId": "7d25b3c6-b4b4-4269-99a6-c6e6984c5d93",
            "ifiId": 140793,
            "applicationId": "f0146a03-7cd2-4997-a305-398b5f0a09d6",
            "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
            "name": "PROVISIONING",
            "status": "NOT_INITIATED",
            "details": {},
            "result": {},
            "createdAt": "2020-11-18T23:01:27.851+05:30",
            "updatedAt": "2020-11-18T23:01:27.851+05:30"
        },
        {
            "stageId": "30d1110c-668f-44f5-9b81-046f3bb85bb0",
            "ifiId": 140793,
            "applicationId": "f0146a03-7cd2-4997-a305-398b5f0a09d6",
            "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
            "name": "REVIEW",
            "status": "NOT_INITIATED",
            "details": {},
            "result": {},
            "createdAt": "2020-11-18T23:01:27.855+05:30",
            "updatedAt": "2020-11-18T23:01:27.855+05:30"
        },
        {
            "stageId": "21e6d195-a7d0-4473-9379-60aa87a4916a",
            "ifiId": 140793,
            "applicationId": "f0146a03-7cd2-4997-a305-398b5f0a09d6",
            "spoolId": "78ce2941-34b9-4233-95f6-17b0acd07443",
            "name": "ENRICHMENT",
            "status": "INITIATED",
            "details": {},
            "result": {
                "validationPassed": {
                    "validation": "successful"
                }
            },
            "createdAt": "2020-11-18T23:01:27.871+05:30",
            "updatedAt": "2020-11-18T23:01:38.883+05:30"
        }
    ],
    "tags": [
        {
            "type": "spool-id",
            "value": "78ce2941-34b9-4233-95f6-17b0acd07443",
            "attributes": {}
        }
    ],
    "createdAt": "2020-11-18T23:01:25.555+05:30",
    "updatedAt": "2020-11-18T23:01:37.418+05:30"
}
Code Copied

Aadhaar XML KYC - RBL

Unique Identification Authority of India (UIDAI) offers Aadhaar offline e-KYC services. It is a secure shareable document which can be used by any Aadhaar number holder for offline verification of Identification. A resident who wants to use this facility shall generate his/her digitally signed Aadhaar details by accessing the UIDAI resident portal and providing the same to the IFI. XML based KYC is a fully digital Full KYC process without any agent intervention.

XML KYC Service

Fintech needs to integrate with Fusion’s Aadhaar XML KYC service to enable XML based full KYC for their users (applicants). The steps to complete XML KYC process are outlined below:

  • Applicant clicks on the call-to-action provided by the fintech on their application to initiate the KYC process.
  • Once the applicant requests to initiate XML KYC process, Fintech creates a new KYC service session using the CreateSession endpoint — /xmlkyc/ifi/{ifiID}/createSessionToken/{phoneNumber}.
    • This endpoint requires Fintech to pass phone number of the applicant as a request parameter.
    • The endpoint returns SessionID in the response.
  • With the SessionID returned, the Fintech redirects the user to Zeta’s XML KYC webview. Fintech passes user’s phone number and callback URL along with the SessionID while redirecting the user to the webview.
    • This callback URL is where Zeta will redirect the user once XML KYC is completed and session is terminated.
    • Zeta URL for the Fintech to redirect the user: Redirecting URL For Preprod.
    • The entire flow from this step is orchestrated by Zeta and the user is redirected to Fintech’s URL once the flow is completed.
  • On Zeta’s eKYC webview, user will input the following details as per their Aadhaar records:
    • Name
    • Date of Birth
    • Phone number passed by the Fintech is pre-filled on this webview and is not editable by the user.
  • Zeta runs an internal dedupe check based on this phone number to check if the Account Holder already exists for the IFI.
    • If the Account Holder exists in Full KYC state, the session is terminated and user is redirected to Fintech’s app as KYC is not required to be done again.
    • If the Account Holder exists in minKYC state, a new application for Account Holder KYC update is created.
    • If the Account Holder profile does not exist, a new application for Account Holder provisioning is created.
  • In the next step, user’s consent for using Aadhaar XML for KYC is captured.
  • If the user agrees to provide the consent, the user’s aadhaar number is captured on the webview (in a secured environment) along with a captcha code.
  • UIDAI verifies the user’s phone number associated with the aadhaar used.
  • A 4-digit sharecode is also taken as an input from the user. This sharecode is used to password protect the aadhaar information of the user.
  • If the phone number is verified and the application details are matched successfully with the Aadhaar details, the user is onboarded for RBL PPI offering in the next step.
  • For user onboarding, users demographic information as available with Aadhaar records are used. Additional information pertaining to the customer’s profile is captured on the webview UI. These details include:
    • Customer’s email address
    • Mother’s maiden name (Optional)
    • Occupation
    • Nationality
    • Local Address
    • Customer Income source, etc.
  • In addition to this, customer’s PEP status and FATCA declaration are captured in this step.
    • A Politically Exposed Person (PEP) is an individual with a prominent public post or a public function. One could also qualify as a PEP if they are a family member or a close relative of such an individual.
    • FATCA declaration is captured to check if the applicant is a tax resident of India or not.
  • For the PPI account provisioning, the applicant must not be a PEP and must be a tax resident of India.
  • Once all these details are captured, RBL records applicant’s consent to T&C of PPI account onboarding by verifying OTP sent to applicant phone number.
  • After the OTP verification is done, XML KYC for the applicant is completed and the user is redirected to Fintech’s URL.

XML KYC Set Up

Step 1: Create Session Token

Create a session token for the applicant’s phone vector. This API is called using Fintech’s authToken from Fintech’s backend. The session token has a validity of 30 minutes and needs to be passed while opening Zeta’s webview.

cURL sample
Switch Theme
Expand More
Copy
  curl --location --request POST<base_url>/xmlkyc/ifi/<ifiID>/createSessionToken/<phoneNumber>' \
--header 'X-Zeta-AuthToken:<vbo_sandbox_token>' \
--data-raw ''
Code Copied
  • base_url: It is the base URL for XML KYC service. The values of base_url for different environment is given below:
  • ifiID: ID of the IFI under which XML KYC needs to be done. The value of IFI in different environments is given below:
    • Preprod environment: 140793
    • Production environment: 156699
  • phoneNumber: User’s phone number with country code (+91)

Note: Please ensure that the sandbox token you are using is configured for object = “anonSession” and action = “anonSession.create”,

Step 2: Open the web view

Preprod: Here is the web view for Preprod environment.

Production: Here is the web view for Production enviroment.

  • phone_vector: Phone number vector with the +91 country code
  • session_token: Session token generated in Step 1: Create Session Token.
  • failure_url: Url of your application that you want to redirect the Xml KYC webview in case of failure in completion of the Xml KYC application
  • success_url: Url of your application that you want to redirect the Xml KYC webview in case of success in completion of the Xml KYC application

Step 3: Webhook

Fintechs have to provide a webhook URL to listen for the published event data. Fintechs can listen to the topic tenant_{{ifiID}}_Application-V1 for the event APPLICATION-V1_UPDATED. This event ensures that all the processing for the application is done and the Account Holder provisioning or Account Holder KYC update is done successfully.

Error Messages

Application Status Sent in Response Error Messages
AUTH_TOKEN_MISSING (Exception) Please provide a valid token to authorise the request
INVALID_AUTH_TOKEN (Exception) Please provide a valid token to authorise the request
APPLICATION_REJECTED (Exception) Please verify the applicant details entered and try again. After 3 attempts are used: KYC data verification failed.
INITIATE_OKYC_DATA_VALIDATION_FAILED (Exception) KYC verification failed. Please try again.
VALIDATE_OKYC_DATA_VALIDATION_FAILED (Exception) KYC data verification failed. Please verify the applicant details entered.
OKYC_TRANSACTION_FAILED (Exception) KYC data verification failed. Please try again.
OKYC_TRANSACTION_CANCELLED (Exception) KYC data verification failed. Please try again.
MATCHING_SCORES_NOT_RECEIVED (Exception) KYC data verification failed. Please try again.

Aadhaar Biometric KYC - RBL

Aadhaar biometric is an assisted process where either a third-party agent or an agent from Zeta will visit the applicant to collect biometric (fingerprint or IRIS scan) information. Fusion provides the APK to be used by agents to complete the Aadhaar biometric KYC. In this process, authentication is completed using biometric input and the application data is then validated against Aadhaar details. Aadhaar based biometric authentication can be used to update user status to Full KYC.

Since Aadhaar biometric is an agent assisted process, firstly the fintech needs to do a channel partner registration with the bank to get empaneled as a Banking Correspondent (BC). BCs are individuals/entities engaged by a bank for providing some of the services on behalf of the bank and are provided channel partner/agent credentials to onboard users on their behalf. These credentials need to be shared with Zeta and will be required in the Biometric KYC flow.

Once RBL approves the channel partner registration, the fintech can start onboarding the agents who would assist the biometric KYC process by visiting the applicants and collecting biometric impressions. RBL bank approves every agent onboarding request by fintech.

  • Details required for Channel Partner registration: Company details, channel partner user details and POI/ POA of the channel partner user.

  • Details required for Agent registration: Name, gender, DOB, PAN, Aadhaar Number and POI/POA of the agent.

Biometric KYC Service

The agent needs to install Zeta’s Atom application for completing biometric KYC of the applicants. Atom application APK is shared by the Zeta team with the fintechs. The steps to complete biometric KYC process are outlined below:

  • Agent downloads the Zeta Atom application in his/her mobile or tablet.
  • Agent signs in to the Atom application using his/her phone number and OTP sent by Zeta.
  • After successful login, the agent can start the applicant KYC process. The process starts with collecting application details from the applicant. Agent needs to input the following information on behalf of the applicant:
    • Mobile number
    • Name
    • DoB
    • Email ID
  • In the next step, the applicant needs to provide the following information for Aadhaar verification. These details are collected on the Atom application the agent has
    • Aadhaar number (these details are captured in secure bank environment)
    • Date of birth
    • Gender
    • Consent to Aadhaar verification “Terms and conditions”
  • If the details provided by the applicant match the details stored against his Aadhaar details in UIDAI, the applicant will get a success message.
  • Once the Aadhaar validation is successful, the biometric device with the agent gets activated to capture the biometric of the customer.
  • Agent collects the biometric impression of the customer.
  • If the biometric authentication, the user is onboarded for RBL PPI offering in the next step.
  • For user onboarding, users demographic information as available with Aadhaar records are used. Additional information pertaining to the customer’s profile is captured on the webview UI. These details include:
    • Customer’s email address
    • Mother’s maiden name (Optional)
    • Occupation
    • Nationality
    • Local Address
    • Customer Income source
  • In addition to this, customer’s PEP status and FATCA declaration are captured in this step.
    • A Politically Exposed Person (PEP) is an individual with a prominent public post or a public function. One could also qualify as a PEP if they are a family member or a close relative of such an individual.
    • FATCA declaration is captured to check if the applicant is a tax resident of India or not.
  • For the PPI account provisioning, the applicant must not be a PEP and must be a tax resident of India.
  • Once all these details are captured, RBL records applicant’s consent to “Terms and conditions” of PPI account onboarding by verifying OTP sent to applicant phone number.
  • After the OTP verification is done, Biometric KYC for the applicant is completed and the user is redirected back to the Fintech’s URL.