NIMC to commence NIN Tokenization implementation on January 1 2022

By Ogaga Ariemu

The National Identity Management Commission (NIMC), has said it will commence the implementation of tokenization of National Identity Number (NIN) by January 1, 2022, with the aim of protecting enrollees’ identities during verification, ensure data privacy and help tackle insecurity.

The Director-General/CEO of NIMC, Engr Aliyu Aziz while speaking at a One-day Stakeholders’ Workshop on National Identification Number (NIN) Tokenization Solution, said the NIN Tokenization ensures inclusiveness.

“The Federal Government has adopted the solution to ensure the privacy of personally identifiable information of individuals during verification transactions and to reduce incidences of illegal retrieval, usage, transfer, and storage of NIN. Full implementation commences 1st January 2022, he said.”

He explained that, “the NIN Tokenization solution is a feature of the NIN Verification Service (NVS) which is aimed at providing enhanced data protection for the personal information of persons registered into the National Identity Database (NIDB) and issued a NIN.

“The resources for the protection of this sensitive data includes the Improved NIN Slip, USerID, MobileID, NIN hashing and the issuance of a unique virtual NIN by the ID holder to anyone who wishes to verify their identity.

“The purpose of the NIN Tokenization is to provide a coded representation (“pseudonymization”) of the actual NIN for which another party verifying the identity of the registered person cannot retain and use in a way that puts the individual’s data privacy at risk.

“Depending on the use cases, this may be via the hash contained in the Improved NIN Slip, the 2 varying hashes contained in the MobileID application, the UserID (which is available instantly to anyone issued a NIN, irrespective of whether they have a device or not), and of course, the one-time use Virtual NIN token,” he explained.

According to NIMC, These tokens are State-of-the-art technology, processes and procedures and follow international best practices in their administration and issuance.

To get the Token, the person must have a National Identity Number issued by NIMC, a mobile number registered in Nigeria and linked to your NIN, smartphone or feature phone with the SIM (or eSIM) with the mobile number.

NIMC said the objective of Tokenization is to provide a means for persons issued a NIN and who is entitled to the National e-ID card to have a visual, high-security representation of the National e-ID on IOS and Android smartphones.

It will also provide a secure means of presenting NIN in a format that can protect the NIN from seeding, cloning and duplication.

Tokenization will present a foundation for the harmonisation of tokens. As the ecosystem evolves, other tokens such as BVN, Voters ID, and even Driver’s licence is possible, subject to the approval of and collaboration with the relevant functional agency (such as NIBSS, INEC, FRSC).

Engr Aziz further said that the Tokenized version of the person’s NIN (which may be referred to as “virtual NIN” or “vNIN”) is then used by registered persons (Users) for verifying their identity with a verifying MDA, agents or enterprise who needs to confirm User’s identity before offering service to such User.

He said “In adherence to global best practises and in a bid to forestall flagrant abuse, harvesting of personal data without the requisite user consent, storage in an unencrypted and insecure database, misuse and, or negligent processing of the NIN by data processors and third parties, NIMC deployed the use of the Tokenization feature to be integrated across multiple verification channels and platforms of the Commission.

“The Tokenization solution is customised to provide data privacy and protection of personal identifiable information and to protect the sanctity and sensitivity of the NIN issued by NIMC to registered individuals.