Onboarding Customer - Mobile app

eKYC Products:

>IQA Image quality assessment - uploading of ID, IQA opens, guides client to make sure that image is ok, take photo, pass to ID OCR. This checks whether the image provided has sufficient image quality requirements. Intended to be used by the App SDK when scanning the customer’s ID before being sent to the backend for OCR & assessment. The scanned image is sent to the AAI, and can later be accessed by returned IDVID reference. https://doc.advance.ai/sg/global_image_quality_check.html

> ID forgery - physical, face value - checks whether the ID on the provided image is forged or not: https://doc.advance.ai/sg/global_id_forgery.html#global-id-forgery

Forgery type:
Black and white photocopied
Color photocopied
Cut off corner
Retake
Screenshot
Wrong face zone

> ID OCR - extract details on the ID - intended to be used during the onboarding to pre-fill the customer data with extracted fields from the ID card. Different ID = different pre-populated details. Refer to https://doc.advance.ai/ph/#ocr-lite

Acceptable IDs as of Sept 20, 2022. To be listed in the app as is:

UMID Old/New Version
Driver’s License
PH National ID
Passport
PRC ID

Under “SHOW MORE”:

6. Premium Postal ID - 1st version may not have a very good accuracy due to limited no. of samples. Continuously collecting samples to improve the accuracy.

7. PAGIBIG ID

8. Voters ID

9. SSS ID

10. TIN

> Liveness Detection - open camera, instruct to blink eyes etc, selfie image taken, with score liveness %: https://doc.advance.ai/ph/#liveness-detection

If the user’s liveness score is more than 50, that is regarded as normal behavior, and the suggestion is pass.
If the user’s liveness score is less than 50, that is regarded as abnormal behavior, and the suggestion is manual check.

> Face comparison - match two different set of images (use cases: Onboarding and Step up verification - eg higher transaction, go for another selfie/vKYC): https://doc.advance.ai/ph/#face-comparison

If the faces similarity is more than 70, the suggestion is pass.
If the faces similarity is from 55 to 70, the suggestion is manual check.
If the faces similarity is less than 55, the suggestion is rejection or using other methods to verify the user’s identity.

> Face Search - feed images to Face search, database, input face image code - insert face (image, reference id, id number) then search, FS return is Hit or no hit, if hit, details of face image reference ID and id number: https://doc.advance.ai/ph/#face-search

2. Device Fingerprint: FS: Device Fingerprint

with Private API in OSP
get DF ID and store for DFP Scoring in the OSP Workflow (https://safibank.atlassian.net/wiki/spaces/ITArch/pages/129630780 )
same device, 2 numbers - reject

3. Application Form: FS: Customer Application Form

Based on FIGMA:

Email

Phone number

ID (details in ID) - name, ID number, birthday, address, etc

Gender

Date of birth - for loans 21 years old to 59+ (should not exceed 60 at loan maturity)

Place of birth

Nationality - Filipino citizen only

Location - vs device GPS, should not be within the Negative locations set by the bank

Complete address - vs location in GPS

Account purpose -

savings/investment,
salary,
business,
other

Source of income - if not salaried - no initial loan available

salary/pension,
investment,
inheritance,
remittance,
other

Occupation - high risk / low risk, if unemployed - no initial loan available

Private company employee,
Part-time employee,
Government employee,
Business owner,
Student,
Freelancer,
Retired,
Unemployed

Industry - high risk / low risk

Wholesale and Retail,
Agriculture,
Construction,
Production and Manufacturing,
Transportation and Warehousing,
Military or Police,
Self-employed,
Finance, Telco, Communication, IT,
BPO (Call Center),
Real Estate & Renting,
Electricity, Gas and Water Distribution
Education
Health and Social Work
Hospitality / Hotels & Restaurants
Media
Government
Others

Monthly income - set threshold

Employment duration - less than 6 months - no initial loan available

Less than 6 months
More than 6 months, less than 1 year
1-3 years
4-5 years
More than 5 years

Onboarding Workflow - OSP decision engine

Onboarding - One Stop Platform

Below are the several available APIs in the OSP. Not yet listed in chronological order.

Identity Check (CIBI) API - FS: CIBI Identity Check ; API doc https://doc.advance.ai/ph/identity_check.html#identity-check

INPUT:

Parameters Name	Description
idNumber	string Must be a number, without letters, spaces,’-’ and other symbols
idType	string Currently only supports TIN, SSS and GSIS three types
firstName	string name
middleName	string optional middle name
lastName	string surname
dob	string Birthday, must be in yyyy-mm-dd format

RESPONSE:

Parameters Name	Description
`code`	Response Status Code
`message`	Message returned from server
`data`	`string` `gender` Male or Female
	`string` `dob` Date of birthday
	`string` `maritalStatus` Please check List of maritalStatus
	`string` `firstName`
	`string` `middleName`
	`string` `lastName`
	`string` `suffix`
	`string` `namePercent` The similarity between the input name and the returned name, ranging from 0 to 1
`extra`	-
`transactionId`	the request id, the max length is 64
`pricingStrategy`	whether the request will be charged, enum type: `FREE`, `PAY`

DECISIONS

Pass

Not Pass = request for other IDs, Identity Check only recognizes TIN, SSS, and GSIS (all three IDs are prone to fraud)

2. AML Screening API - FS: Anti-Money Laundering (AML) ; API doc https://doc.advance.ai/aml_watchlist_search.html#aml-watchlist-search , https://doc.advance.ai/aml_watchlist_profile.html

INPUT:

Parameters Name	Description
name	string Name of the person or the entity
regionList	array array optional List of country or region names to be searched. Please click here for supported values (see Annex 1)
type	array array optional Person or Entity
dob	string optional Date of birth, yyyy-MM-dd, not available for type Entity
score	string optional The similarity between the name input with the name corresponding to the record, ranging from 0 to 1 (0-100%)
contentList	array array optional The array format can be any combination of SAN, SIP, PEP, OOL, or OEL
gender	string optional Male or Female
referenceId	string optional An external unique identifier value
idNumber	string optional Identify card number
nationality	string optional User’ nationality belonged to. Example: United States,Indonesia.

RESPONSE:

Parameter	Description
`code`	AML Watchlist Search Status Code
`transactionId`	the request id, the max length is 64
`pricingStrategy`	whether the request will be charged, enum type: `FREE`, `PAY`
`message`	Message returned from server
`data`	`data` `JSONObject` It contains multiple objects of each including id,type and attributes. Please refer to the example of response body for the complete information
	`meta` `JSONArray` count, total_count: the number of profiles in the data object; screening context: Search context, in line with the parameters input
`extra`	Extra response info such as exception message

DECISIONS:

AML Screening Result is EMPTY

AML Screening Result is NOT EMPTY

3. AML Screening and Monitoring API - API docs https://doc.advance.ai/aml_watchlist_search.html#aml-watchlist-search , https://doc.advance.ai/aml_watchlist_profile.html , https://doc.advance.ai/aml_watchlist_monitoring.html#create-a-new-item

INPUT:

Parameters Name	Description
name	string Name of the person or the entity
regionList	array array optional List of country or region names to be searched. Please click here for supported values (see Annex 1)
type	array array optional Person or Entity
dob	string optional Date of birth, yyyy-MM-dd, not available for type Entity
score	string optional The similarity between the name input with the name corresponding to the record, ranging from 0 to 1 (0-100%)
contentList	array array optional The array format can be any combination of SAN, SIP, PEP, OOL, or OEL
mode	int Single check or Monitoring. 1 Single check only ；2 Single check first and do monitoring
gender	string optional Male or Female
referenceId	string optional An external unique identifier value
idNumber	string optional Identify card number
intervalTime	int optional The days interval that the customer be monitored
nationality	string optional User’ nationality belonged to. Example: United States,Indonesia.

RESPONSE:

Parameter	Description
`code`	AML Watchlist Search Status Code
`transactionId`	the request id, the max length is 64
`pricingStrategy`	whether the request will be charged, enum type: `FREE`, `PAY`
`message`	Message returned from server
`data`	`data` `JSONObject` It contains multiple objects of each including id,type and attributes. Please refer to the example of response body for the complete information
	`meta` `JSONArray` count, total_count: the number of profiles in the data object; screening context: Search context, in line with the parameters input
`extra`	Extra response info such as exception message

DECISIONS:

AML Screening Result is EMPTY

AML Screening Result is NOT EMPTY

4. Email Detection API - The service gets the most comprehensive social media lookup available with data from 20+ social media sites, including user avatar, bio and profile info. It also confirms that the address is valid, gets detailed domain whose info and data breach lookup.

FS: Seon (Email Detection) ; API doc https://doc.advance.ai/ph/email_detection.html#email-detection

INPUT:

Parameter	Description
email	string general email format with @ and . eg. example@example.com

RESPONSE:

eter	Description
code	Email Detection Status Code
message	Status Code Explanation
data	`string` email : email address
	`number` score : a score of 0-100 indicating the likelihood that the user’s email address is fraudulent
	`boolean` deliverable
	`object` domain_details: please refer to the example of success response for details
	`object` account_details: please refer to the example of success response for details
	`object` breach_details: please refer to the example of success response for details
transactionId	the request id, the max length is 64
pricingStrategy	whether the request will be charged, enum type: `FREE`, `PAY`
extra	Extra response info

DECISIONS:

Email status is equal to VALID

Email status is equal to INVALID

5. PH Tele-Status Check - The service verifies current status of the mobile number in real-time, which helps prevent fake applications. It can be used for risk management of pre-loan and post-loan, and improves the efficiency of collection.

FS: Tele Status Check ; API doc https://doc.advance.ai/ph/tele_status_check.html

INPUT:

Parameter	Description
number	`string` mobile phone number, eg 9182093024.
countryCode	`string` Country Code: “+63”

RESPONSE:

Parameter	Description
code	Tele Status Check Code REACHABLE: The phone number can be dialed UNREACHABLE: Temporarily unable to connect DISCONNECT: The phone number is out of service or does not exist INVALID NUMBER: The operator could not find the phone number
message	Status Code Explanation
data	status the telephone status, please refer to Telephone Status
transactionId	the request id, the max length is 64
pricingStrategy	whether the request will be charged, enum type: FREE, PAY
extra	Extra response info

DECISIONS:

Reachable

Unreachable

Disconnect

Invalid Number

6. Social Media Check API - The service verifies whether the mobile number is registered with WhatsApp/Facebook/Instagram/e-commerce. It can help identify if the mobile number is actively used and if the applicant shops online regularly, which will help institutions identify potential fraud risk.

FS: Seon (Social Media Check) ; API doc: https://doc.advance.ai/ph/social_media_detection.html

INPUT:

Parameters Name	Description
`phoneNumber`	`string` starting with “+63”, and followed by 10 digits number)
`socialMediaList`	`string[]` `optional` supported values: facebook, instagram, telegram, whatsapp, viber; if empty for this field, facebook, instagram, telegram, whatsapp, viber will be detected all

RESPONSE:

Parameter	Description
`code`	Social Media Detection Status Code
`transactionId`	the response id, the max length is 64
`pricingStrategy`	whether the request will be charged, enum type: `FREE`, `PAY`
`message`	Message returned from server
`data`	`account_details` `object` please see accountDetails for the details of this JSON object
`extra`	Extra response info such as exception message

accountDetails:

Field Name	Description
whatsapp	`registered` true,false or null
facebook	`registered` true,false or null
telegram	`registered` true,false or null
instagram	`registered` true,false or null
viber	`registered` true,false or null

Notes: - If a service fails, registered return null。

DECISIONS:

Facebook, WhatsApp, Telegram, Viber, Instagram

Blocked, Not registered, Registered = ??

7. Blacklist API - The blacklist continues to accumulate data obtained from actual loans and loan behavior tracking through the industry's joint prevention and control and big data laboratory mechanism, mainly covering the overdue data of microfinance 15d+, and returns whether it is a hit.

The service will check the ID number, DOB, name and mobile number of the applicant against Advance AI’s (Atome) blacklist database which has millions of records. Based on the result, financial institutions can know the applicant better, improve their awareness of fraudulent and malicious behaviour, and make better credit decision.

clients with 15 dpd+, no buckets classification, no updating/removal of name in the list if paid, HIT or no HIT only (ID Number, Phone Number, Name and DOB), no access with the list

https://doc.advance.ai/ph/blacklist.html

INPUT:

Parameters Name	Description
`name`	`string` Customer name, should be the full name of the person
`idType`	`string` Customer ID number type
`idNumber`	`string` Customer ID number , no negative is allowed, no float number allowed
`phoneNumber`	`optional` `string` Customer cellphone number start with “+63”, followed by 10 digits
`md5PhoneNumber`	`optional` `string` Customer MD5 phone number start with “+63”
`birthDay`	`optional` `string` yyyy-MM-dd

Note : md5PhoneNumber or phoneNumber, at least one of which cannot be null

NOTE

Currently, only the idType of SSS, GSIS, PHILHEALTH_ID, PRC, UMID, TIN, DRIVER_LICENSE, VOTERS_ID, PASSPORT, POSTAL_ID_PREMIUM, STUDENT are supported, if your idType is not in this supported list, please set the idtype as OTHERS
SSS：It has to be a number.
GSIS：It has to be a number.
PHILHEALTH_ID：It has to be a number.
PRC：It has to be a number.
UMID：Must be a 12 digit number, fill 0 in front of digits if not enough
TIN：Must be a 12 digit number, fill 0 after digits if not enough
DRIVER_LICENSE：The first letter is uppercase and the rest are pure numbers
VOTERS_ID：No VIN, only letters and numbers, keep letters uppercase
PASSPORT：Only letters and numbers, keep letters uppercase
POSTAL_ID_PREMIUM：There is no “PRN” in the first place, the last digit is not english, only letters and numbers, keep letters uppercase
STUDENT ：Only letters and numbers, keep letters uppercase
OTHERS：Only letters and numbers, keep letters uppercase

RESPONSE:

Parameter	Description
`code`	Blacklist Check Status Code
`transactionId`	the request id, the max length is 64
`pricingStrategy`	whether the request will be charged, enum type: `FREE`, `PAY` ;If the current service is charged based on the query amount, the returned code is accurate. If charged based on the hit amount, the field is inaccurate. For the accurate billing strategy, please refer to the bill.
`message`	Message returned from server
`data`	`hitIdNumber` hit returns true, no hit returns false
	`hitPhoneNumber` hit returns true, no hit returns false
	`hitNameAndBirthday` hit returns true, no hit returns false
`extra`	Extra response info such as exception message

DECISION:

hitIdNumber true OR hitPhoneNumber true OR hitNameAndBirthday true

Else

** Final HIT response should not constitute outright reject

8. Telco-Behavior Score - This telco scores are statistical models built on various Mobile Network Operator(MNO) data sources – Data and Voice usage, Top-up Patterns, Location and Device Data and many more. Derived by the most advanced machine learning algorithms, the scores have significant predictive power and can be used as either standalone models or in combination with existing internal Social-Demographic and/or Credit Bureau models.

FS: Telco Behaviour Score (FinScore) ; API doc https://doc.advance.ai/ph/telco_behavior_score.html#telco-behavior-score

INPUT:

Parameter	Description
phoneNumber	string 12 digits starting with +63, and currently only Smart and Globe are supported
city	array array optional Please see the Code Sample for this input, and please make sure the city name input is supported in the city list, or ‘null’ will be returned, and at most 10 cities are supported (see Annex 2)
cphoneNumber	array array optional Phone number of the contacts, please see the Code Sample for this input, and at most 10 phone numbers are supported，only digits are supported, please don’t add “+” in front of the numbers

RESPONSE:

Parameter	Description
code	Telco Behavior Score Status Code
transactionId	the request id, the max length is 64
pricingStrategy	whether the request will be charged, enum type: `FREE`, `PAY`
message	Status Code Explanation
data	`score` : Please click here for the description of the possible values of “score”
	`risklevel` : Please click here for the description of the possible values of “risklevel”
	`city` `object` : The result indicates whether the city is the most often stayed for the phone number in 3 different time periods(day,night and weekend)
	`cphoneNumber` `object` : Please click here for the description of the possible values of fields in “cphoneNumber”
	`telcoBehaviors` `object` : Please click here for the description of the possible values of fields in telcoBehaviors
extra	Extra response info (Exception Message)

Notes: Values of city,cphoneNumber and telcoBehaviors will always be null if phoneOperator is Globe

DECISION:

User Phone Number Risklevel = is equal to / Higher than / Higher than or equal to / Lower than or equal to / Lower than = Highest / High / Medium / Low / Lowest / Inactive
Customer Loyalty = is equal to / is not equal to = New SIM(1-365 days) / Young SIM( 1-2 years) / Matured (2-3 years) / Established (3-5 years) / Loyal (5+ years)
Subscription Type = is equal to / is not equal to = Smart Prepaid / Smart Postpaid / Sun Cellular Prepaid / Sun Cellular Postpaid / Talk'n'Text / Broadband Device
SMS Usage = is equal to / is not equal to = Lowest(<20% users) / Low( 20% < users< 40%) / Mid( 40% < users< 60%) / High( users> 60%) / Highest( Top 20% users) / Newly Registered/Fake Number
Top Up = is equal to / is not equal to = Lowest(<20% users) / Low( 20% < users< 40%) / Mid( 40% < users< 60%) / High( users> 60%) / Highest( Top 20% users) / Newly Registered/Fake Number
Mobile Data Usage = is equal to / is not equal to = Lowest(<20% users) / Low( 20% < users< 40%) / Mid( 40% < users< 60%) / High( users> 60%) / Highest( Top 20% users) / Newly Registered/Fake Number
Avg Daily Activities = is equal to / is not equal to = Lowest(<20% users) / Low( 20% < users< 40%) / Mid( 40% < users< 60%) / High( users> 60%) / Highest( Top 20% users) / Newly Registered/Fake Number
Contacts Messaging Frequency Rank = is equal to = In Top10 / Not in Top10 / No Rank

Contacts Calling Frequency Rank = is equal to = In Top10 / Not in Top10 / No Rank
Contacts Airtime Amount Rank = is equal to = In Top10 / Not in Top10 / No Rank
City Stayed Period = is equal to / is not equal to = Most City in All Time / Most City in Night and Weekend / Most City in Day and Weekend / Most City in Day and Night / Most City in Weekend / Most City in Night / Most City in Day

** Scoring threshold

8. High-Level Risk Check

9. Customer Deduplication Deduplicate customers (Onboarding step 2)

microservice - with Private API in OSP - to prevent fraud or the creation of multiple customer instances for the same person

DECISION:

FULL_NAME duplicates = NOT EMPTY / IS EMPTY
FULL_NAME error = NOT EMPTY / IS EMPTY
BIRTHDAY duplicates = NOT EMPTY / IS EMPTY
BIRTHDAY error = NOT EMPTY / IS EMPTY
ID_CARD duplicates = NOT EMPTY / IS EMPTY
ID_CARD error = NOT EMPTY / IS EMPTY
DEVICE_FINGERPRINT duplicates = NOT EMPTY / IS EMPTY
DEVICE_FINGERPRINT error = NOT EMPTY / IS EMPTY
FACE_SEARCH duplicates = NOT EMPTY / IS EMPTY
FACE_SEARCH error = NOT EMPTY / IS EMPTY
NETWORK duplicates = NOT EMPTY / IS EMPTY
NETWORK error = NOT EMPTY / IS EMPTY
EMAIL duplicates = NOT EMPTY / IS EMPTY
EMAIL error = NOT EMPTY / IS EMPTY
PHONE_NUMBER duplicates = NOT EMPTY / IS EMPTY
PHONE_NUMBER error = NOT EMPTY / IS EMPTY
status = is equal to / is not equal to / is contained in / is not contained in = UNIQUE / POSSIBLE_DUPLICATE / DUPLICATE

Scoring Services

The features here are tied to the various scoring services (e.g. scorecards), that will be used to provide a score and other parameters to be used in other services (e.g. loans product recommendation). In short, for the various scores generated , if it should be used as a feature, then it will be stored in its respective entity_type_id in the score_fs featurestore

1. Scorecard for Device FP - https://safibank.atlassian.net/wiki/spaces/ITArch/pages/129630780

2. Scorecard for SEON - Scorecard to asses new customer based on the SEON features. https://safibank.atlassian.net/wiki/spaces/ITArch/pages/130843063

________________________________________________________________________________________

** Action items:

Make a table based on the ff suggestions from Anti-Fraud User e75ec :

** Can accept ID nos. 6-11 - allow opening an account without overdraft, but client will need to submit other valid ID via vKYC (top 1-5) if he/she will avail of overdraft/loan product.

** IDs w/o address (Passport/PRC/PAGIBIG) - allow opening an account with overdraft, but client will need to submit POB/other ID w/ address prior availment of PL

** To be discussed further.

New Driver’s license included in the OCR accuracy testing
IQA/OCR trial allowed limit/threshold, result if IDs are invalid/blurred

Other comments/suggestions/action items from User e75ec :

Existing number log in/sign up - generic prompt error message
~~Atome’s blacklist database - get from Ronel~~

Others:

Blacklist/Watchlist of SAFI https://safibank.atlassian.net/wiki/spaces/ITArch/pages/77070551
Risk rating from Compliance c/o Atty. Ruth
Credit risk guidelines for Overdraft and PL. Income documents requirement?
As per Pavel: High level strategy for Overdraft: generally if we have not much of idea or even the risk score (finscore, other sources) not looking good they will get 200php - minimum, the very good clients will get the higher end, and the rest something between

SaFi Bank Space : Summary of Existing onboarding checks/scoring

accountDetails:

Scoring Services

Attachments: