Daniel Otera
Nigeria’s digital identity programme, once positioned as a tool for inclusion and reform, is being compromised by a growing underground trade in personal data.
Investigations have revealed that National Identification Numbers (NINs), Bank Verification Numbers (BVNs), and other biometric details are being sold to digital lenders for as little as ₦1,500.
The Economic and Financial Crimes Commission (EFCC) has confirmed that over 2,000 Nigerians have already fallen victim to this scheme. The black market is largely powered by networks of young Nigerians who collect personal information from low-income individuals and resell it in bulk to fintech companies looking to bypass proper verification processes.
“This fraud scheme is largely driven by an army of young Nigerians offering a paltry payment of between ₦1,500 and ₦2,000 to their victims, and then selling the same information to some fintech institutions for about ₦5,000,” the EFCC stated in a public advisory.
The syndicates often operate in informal settlements and peri-urban communities, preying on citizens who are unaware of the risks. The EFCC disclosed that more than 12,000 individuals are now involved in what it described as “account supply” harvesting identity documents for digital platforms.
The National Identity Management Commission (NIMC) has distanced itself from the widespread abuse of the NIN, stating that it will not be liable for any consequences arising from voluntary data sharing.
“The NIMC wishes to state clearly that it will not be held responsible for any personal information shared by an individual directly or by proxy for the purpose of financial gain or inducement,” said Dr Kayode Adegoke, the agency’s Head of Corporate Communications.
Describing the development as a “serious security concern”, Adegoke urged Nigerians to treat their NINs with the same confidentiality as their ATM PINs or online banking passwords.
Since 2021, digital identity has become mandatory for a range of essential services, including SIM registration, bank account linkage, international passports, and access to government programmes. According to NIMC figures, over 117.3 million Nigerians had been enrolled in the national database as of February 2025.
But the scale of the system has exposed significant loopholes in enforcement and data protection. The EFCC confirmed that many fintech operators now rely on outsourced agents, some of whom turn to illegal means to obtain identity details for quick Know Your Customer (KYC) onboarding.
A 2024 survey by Enhancing Financial Innovation & Access (EFInA) estimated that more than 26 million Nigerians use mobile credit platforms. To speed up user verification, many digital lenders bypass official channels, relying instead on data brokers and unauthorised identity vendors.
Although Nigeria’s Data Protection Act was passed in 2023, compliance remains low. Data from the Nigeria Data Protection Commission (NDPC) shows that out of 147 reported breach cases in 2024, only three led to enforcement actions. Most involved unauthorized access by fintech firms or third-party agents.
A 2024 report by Paradigm Initiative found that 68 percent of Nigerians had shared their NIN with a service provider without fully understanding the implications. Only 17 percent reported using digital safety tools such as the NINAuth App, which allows users to monitor access to their identity records.
Digital rights experts argue that weak enforcement and limited public awareness are fuelling the crisis.
“The integrity of a national digital system relies not just on infrastructure, but on trust and literacy,” said Dr Amina Lawal, a cybersecurity specialist based in Abuja. “People must understand that identity data, once compromised, can be weaponised in ways that are difficult to trace or reverse.”
Nigeria’s fintech sector has expanded rapidly, but regulation has failed to keep pace. Without a unified identity verification protocol, many firms operate with minimal accountability. This has triggered widespread complaints of data abuse, harassment, and extortion, particularly by loan apps.
The Nigerian Communications Commission and the Federal Competition and Consumer Protection Commission have received numerous reports of misconduct. Victims say their contacts and photos were accessed without consent, often after unknowingly sharing their identity slips during registration.
Despite the Central Bank of Nigeria’s Consumer Protection Department, oversight is fragmented. Analysts say many fintechs operate outside formal supervision, especially in the digital micro-lending space.
A 2024 study published in the International Journal of Research and Innovation in Social Science found a statistically significant link between trust in digital platforms and confidence in data protection. The study reported a chi-square value of 192.3 with a p-value below 0.001, underscoring how security lapses directly affect user satisfaction.
In rural communities, the risks are even greater. Citizens frequently hand over their identity slips in exchange for quick cash, unaware that these can be used to take out loans or commit fraud in their name. The EFCC noted that many victims only discover the damage when their accounts are blocked, or they are blacklisted by digital lenders.
Experts warn that if this trend continues, Nigerians may begin to avoid official digital systems altogether.
“It’s not just about fraud,” said Dr Lawal. “This is about trust in the state. If citizens believe their data will be abused or traded, they will opt out of the system. That would be a major setback for Nigeria’s digital development.”
As the government expands digital initiatives like the eNaira, e-tax filing, and social welfare payments, the credibility of the identity infrastructure will be critical. While agencies have advised citizens to use tools like the NINAuth App, uptake remains low.
“If we fail to act now, we are not just risking individuals,” said Lawal. “We are risking the future of Nigeria’s digital economy.”