Data Protection: How Okra Protects Your Customers' Financial Data

Identity fraud scams cost companies and their customers a lot of money! Here's a primer on how we prevent such scams for African companies.

Data Protection: How Okra Protects Your Customers' Financial Data

Data protection has been a major point of discussion since the rise of open finance, particularly in Africa. The worries about data protection are not unfounded, given the cases of identity fraud scams and some operators cutting corners to play in the open finance space.

So, despite the advantage of onboarding customers faster and performing credit analyses in seconds, it is important to understand how the data that powers such processes are kept safe. In this guide, you'll learn about:

  1. How data encryption works
  2. Data protection regulation
  3. Identity APIs
Open finance makes it possible for any business to onboard customers for financial services in seconds.

How Data Encryption Works

In 2020, $43 billion was lost to identity fraud scams.

When you connect with your customer's data through Okra, we follow all encryption best practices. However, what does encryption mean? A customers' data has sensitive fields written in plain text. With encryption, those fields are converted into unreadable text, which can only be decoded by the authorized receiver using a secret key.

That way, their data is kept secure end-to-end. And in the case of an unlikely breach, the content cannot be accessed by anyone because the secret key is only available to the authorized receiver. Additionally, we ensure that you operate within the confines of data protection regulations.

Data Protection Regulation

The foundation of open finance is the right to data portability. Basically, this means that people have the right to obtain their financial data from one service provider and make it available to another service provider. Working with this data, businesses can offer new financial services to their customers. For example, a fashion store can offer credit services to its customers based on their financial data.

However, regulators work to ensure that open finance facilitators and third parties do not abuse this right. Based on this, there are strict global and local guidelines. In choosing your open finance partner, it's important to know their compliance level.

At Okra, we comply with the General Data Protection Regulation and the local requirements for our operational countries. For instance, in Nigeria, we comply with the Nigerian Data Protection Regulation. Hence, Okra ensures you avoid breaking any data protection laws.

Further, your customers are in full control of their data. Using the myOkra portal, customers get a full view of businesses that have access to their financial data and can control that access anytime. Finally, when customers agree to grant access, we ensure they consent fully as international and local regulations require.

What are Identity APIs?

The journey of open finance starts with a customer granting you access to their financial account. This can be a bank account, mobile wallet, and so on. However, to prove that they own this account, it is important to verify their identity in real-time.

One of such modes of identification is the Bank Verification Number (BVN) in Nigeria. Before open finance, verifying and matching these modes of identification was tedious, with some businesses handling most of the process manually. Thankfully, with Identity APIs from Okra, this is possible within seconds, keeping your customers happy and your business away from fraudsters.

In 2014, the BVN was introduced by the Central Bank of Nigeria (CBN). BVN stands for Bank Verification Number, which is a biometric identification system. The CBN implemented it to curb illegal banking transactions in Nigeria and tie transactions to specific individuals. Further, this security measure aligns with CBN's Act of 1958, which empowers it to curtail fraud in the banking system.

Okra Identity APIs

Although BVN is known for verifying a user's identity, Okra has other alternatives to BVN that companies can use to verify the identity of a user, such as the company's tax identification and the validity of the company registration.

The alternatives include:

National Identification Number (NIN) API

Okra's NIN API works quite similar to the BVN API; it validates the identity of users in Nigeria. The responses returned from the NIN API are similar to BVN's. Check here to see samples of the response.

Registered Company (RC) no. and Tax Identification Number (TIN) API

The RC & TIN API allows you to verify any company in Nigeria using their RC Number or RC Number and TIN. To test how the RC & TIN API works, check this guide.

Bank Account Number API

Bank account numbers are generally referred to as NUBAN in Nigeria. The NUBAN API makes it possible for you to verify the identity of a user using their Nuban. It's also quite similar to the BVN or NIN API. You can check this guide to see the responses.


Data protection is a cost-saving move, as ignoring it comes with high and unnecessary costs for business owners. This is why your choice to work with Okra is a brilliant move for your business. Additionally, using Okra's Identity APIs make it possible to cut down drop-offs for financial verification by 65%! Looking forward to the exciting things you have built or will build with Okra's Identity APIs! Check out our robust identity setup here.

A good place to check other cool stuff is our docs, and if you are passionate about open finance, you definitely should visit our website to see other services that might be appealing to you.

Contact sales or send an email to to get started!