Staff Reporter :
The regular digital operations of nearly 400 financial institutions in Bangladesh, including banks, insurance companies, stock markets, garment businesses, online platforms, and transport sectors, have come to a near halt due to the cancellation of the real-time citizen information verification service. This has resulted in significant financial losses for many businesses across these sectors.
The impasse arose after the government cancelled its contract with the software company ‘Porichoy’, which provides One-Time Password (OTP) services through mobile devices, and has yet to sign a new agreement with another company.
Businesses, ranging from banks to courier services and fintech companies, have expressed difficulties in onboarding new customers after the Election Commission (EC) recently revoked the Bangladesh Computer Council’s (BCC) access to the national identification card database.
Previously, businesses accessed verification services through private firm Digicon Global Services, which had a data access agreement with the BCC. However, the BCC now lacks this access due to a data-sharing agreement with a third-party company, Digicon.
The government had initially entered into an agreement with ‘Porichoy’ to verify citizens’ real-time data in collaboration with the Bangladesh National Digital Architecture (BDNA). Through this partnership, a total of 413 institutions, including 183 private entities, benefitted from citizen information verification services via indirect agreements.
The platform had been extensively used by financial institutions to confirm the identities of new customers due to its effectiveness in providing accurate and reliable identity verification. As demand for services grew, these institutions increased their use of the platform to meet the rising demand for opening new accounts through e-KYC and digital onboarding systems.
Businesses claim that the government decided to cancel the agreement with ‘Porichoy’ due to corruption within the previous institution, but now the government has yet to finalise a new agreement, leaving businesses in limbo.
It has been nearly a month since the cancellation, and concerned departments have remained silent on the matter. As a result, hundreds of public and private organisations are forced to operate manually, wasting valuable time and significant financial resources.
On December 20, 2024, the EC disconnected the API provided to the BCC. Companies claim that their requests for direct access to NID verification services were intentionally redirected towards Porichoy by EC officials.
The recent decision by the EC to restrict BCC’s access to its database has exacerbated the situation. “NID verification is necessary to register new beneficiaries in our ‘Dream Project’,” said Hossain Ishraq, IT Assistant for Apps Development at the UNDP’s ‘Dream Project’. “But we can’t register anyone new since the ‘Porichoy’ service was halted, making it impossible to identify the true beneficiaries. This issue needs to be resolved immediately.”
Anayet Rashid, co-founder and CEO of Truck Lagbe, also expressed concerns over the disruption caused by the cessation of Porichoy’s services, calling it a significant service interruption.
Similarly, Fahim Ahmed, CEO of Pathao, a service user, suggested that while restricting third-party access to sensitive data was a necessary move, it should have been coordinated better to avoid business disruptions.
Nagad, a digital financial service provider, has similarly been affected by challenges in onboarding new customers. Anisur Rahman from NCC Bank also highlighted that the halt of the service has closed their e-KYC activities, leading to the loss of some services.
In response to the ongoing issues, A.S.M. Humayun Kabir, Director-General (Additional Secretary) of the National Identity Registration Division, commented: “The contract with ‘Porichoy’ was cancelled due to a breach of conditions. We currently only have a contract with one company, but the remaining 182 institutions have not yet signed a new agreement.
We are actively taking steps to find an alternative solution, and several affected organisations have already applied. We hope to resolve this soon.”
Kabir, who recently assumed his position, admitted that awareness was not raised earlier, but efforts are now underway to address the problem.
The issue also draws attention to the alleged involvement of Wahidur Rahman Sharif, Managing Director of Digicon, who reportedly had close ties to the former Awami League government.
Sharif is said to have leveraged his political connections to secure a deal with the BCC in 2022, which allowed the Porichoy service to access EC data. Despite the legal breach of sharing EC data with a third party, the Cabinet Committee on Government Purchase approved a tariff-sharing plan for Porichoy’s services in 2022.
According to the approved revenue model, of the fees paid by government, semi-government, and autonomous agencies for verification using Porichoy, the BCC received 20%, the data owner (EC) also received 20%, and Digicon received the remaining 60%.
Private entities paid different service fees, with the BCC and EC each receiving 20% from basic verification or NID services, while Digicon took 60%. For biometric verification, Digicon received 90% of the fees.
As of October 2024, over 450 companies had used Porichoy’s services, generating a total revenue of Tk 112 crore. However, government entities received only Tk 17.88 crore, while Digicon has not paid over Tk 7 crore to the relevant government agencies as required under the revenue-sharing model.
