NIN tokenization helps to protect an individual’s data privacy via the use of an encrypted, coded representation (“disguised”) version of the NIN rather than actual NIN itself in day-to-day transactions.
User IDs, QR codes and even verification log details on the MWS Mobile ID app are all types of NIN tokenization in that they all hide the NIN of the user.
The Virtual NIN
NIMC’s MWS Mobile ID app comes with a feature which provides the user with a Virtual NIN.
This Virtual NIN is also a tokenized version of the person’s actual NIN which another party verifying the number cannot retain and use in a way that puts the individual’s data privacy at risk.
It consists of a 16-digit set of alphanumeric characters.
The Virtual NIN itself (not the NIN record it represents) expires 72 hours after being generated.
You can use the Virtual NIN when digitally verifying your identity with a verifying agent or enterprise who needs to confirm your identity before offering you a service (banks, airports, shopping delivery and so on).
How It Works via USSD
- To generate a Virtual NIN via USSD, dial *346*3*Your NIN*AgentCode#
- An SMS message will be sent back to you containing the Virtual NIN generated for you.
How It Works on the MWS Mobile App
- Launch the MWS Mobile ID app installed on your device (Android or iOS). Make sure you have the current version of the app installed or updated on your mobile device.
- Enter your PIN on the lock screen to continue.
- Select the “GET VIRTUAL NIN” button on the “Home” screen.
- Read through the “Enhanced Data Privacy” text.
- Then click on the button with the “+” sign on the bottom right corner of the screen to start the process of generating a Virtual NIN for the verifying Enterprise you are dealing with.
- Tap on any of the available options to either scan the Enterprise’s QR code or type in the Enterprise’s ID.
- A Virtual NIN is generated for you to use specifically with that verifying Enterprise alone.
- Present the Virtual NIN to the Enterprise for verification.
- Receive a notification once verification is completed by the Enterprise.
- Data privacy protection – access to an individual’s NIN by others is further restricted.
- Generated token is encrypted and totally opaque with no correlation to the NIN.
- The NIN holder is the only exclusive issuer.
- Generated tokens expire after a set period of time.
- Virtual NIN tokens generated are merchant-specific, a token generated for company A cannot be used or verified by company B.
All payment requests for Tokenization credit units by authorised verifying agents or enterprises should be made via their Enterprise portal accounts and not using NIMC’s general REMITA account.