The National Identity Management Commission (NIMC) announced on Saturday that it will implement rigorous security vetting for all licensed verification agents, front-end partners, and diaspora partners to enhance the protection of citizens’ data and prevent identity fraud.
Engr. Abisoye Coker-Odusote, NIMC Director-General, emphasized that the vetting process is crucial for ensuring compliance with regulatory requirements, mitigating insider threats, and preventing unauthorized access to the National Identity Database.
The commission’s statement indicated that any partners found breaching the new security protocols would face strict sanctions as per the established regulations and national laws.
The agency also disclosed that law enforcement authorities have been authorized to take stringent actions against individuals involved in online phishing schemes targeting citizens’ data.
“This proactive measure is aimed at safeguarding personal information and maintaining the integrity of the national identity system.
“As part of these new security protocols, all Licensed Verification Agents, Front End Partners, and Diaspora FEPs will undergo rigorous security vetting to ensure adherence to global best practices in identity management.
“Any FEPs in violation will face sanctions under established regulations and the nation’s laws,” the statement read.
The announcement follows several reports of fraudulent online platforms soliciting Nigerians to submit their personal information for National Identification Number (NIN) modification or enrollment services.
To address the concerns and prevent further misuse, the commission has temporarily suspended the bypass enrollment process.
In a related development, a significant data breach was uncovered in March when the website XpressVerify.com was found to have unrestricted access to the NIMC database.
The site was selling digital identity numbers (NINs), full names, phone numbers, addresses, and photographs for 200 naira (US$0.13) per record.
The breach prompted investigations by regulatory authorities, including the Nigeria Data Protection Commission, which subsequently suspended the website’s domain and initiated a thorough investigation.
In response to growing concerns about data security, Nigeria enacted a comprehensive data protection law in 2023, marking a significant step towards safeguarding personal information.
The legislative milestone aims to enhance the security framework and protect citizens’ data from exploitation and misuse.
Engr. Coker-Odusote recently met with the Senate Committee to discuss challenges hindering more Nigerians from enrolling in the national digital ID program.
The discussion aimed to identify obstacles and formulate strategies to enhance the progress of the digital identity initiative.