By Chibueze Onyekpere
Nigeria has a system for National Identity Number, Bank Verification Number, Voter’s Card, and a Tax Identitybut none of them talk to each other in ways that make corruption and fraud harder. Every serious anti-corruption architecture paid with tax payers money eventually comes back to the question of value for money and its utility. The BVN was supposed to answer this poser in banking. The NIN for civil identification and the Permanent Voters Card for electoral integrity. The Tax Identification Number for revenue compliance. Nigeria built all of them, and then failed to integrate them in ways that would make each one stronger and supportive of each other. The result is not a unified identity ecosystem. It is a collection of parallel databases that bad actors can exploit precisely because of the gaps between them.
What BVN and NIN Were Supposed to Accomplish
The Bank Verification Number, introduced by the Central Bank of Nigeria in 2014, was a genuine breakthrough. By linking biometric data to bank accounts, it made it structurally harder for a single person to maintain dozens of accounts in different false names and identities. Ghost workers salary-receiving accounts under different names came under severe attack. Former Minister of Finance, Kemi Adeosun confirmed that BVN integration into the federal payroll uncovered approximately 45,000 ghost workers. The government’s broader claim, attributed to IPPIS integration, was that 70,000 ghost workers were eliminated and N220 billion saved.
The NIN, managed by the National Identity Management Commission, was designed to go further: a single identifier that would eventually anchor all government-to-person transactions. The World Bank invested substantially in making it happen. The World Bank made enacting a Data Protection Law a condition of its $430 million funding to NIMC for NIN issuance, and as of mid-2024, registrations had reached just over 107 million Nigerians against a target of 148 Million.
The Market for Your Data
Then came the data leak. In 2024, Paradigm Initiative documented that a website was selling Nigerians’ NINs, BVNs, driving licences, international passport data, voter cards, and Tax Identification Numbers for N100 per query. The site received 567,990 visits in February 2024 alone. Paradigm Initiative’s Executive Director, Gbenga Sesan, stated publicly that the data being sold was sourced directly from government databases.
Media investigation revealed that NIMC’s NIN Verification Service, which had been shut down due to security vulnerabilities, was reopened in February 2024 on the instruction of a NIMC director following a “hardware upgrade” that did not address underlying security flaws. Industry sources indicated that NIMC staff had built backdoors into the verification system, and that there was no visibility into activities beyond what those staff chose to disclose.
Other News
What happened next illustrated how the Nigerian state handles evidence of its own systemic failure. After the Foundation for Investigative Journalism published multiple reports on websites illegally selling NIN and BVN data, FIJ’s website suffered coordinated cyberattacks traceable to IP addresses at NIMC headquarters in Abuja. NIMC denied any breach. The websites selling the data continued operating for months after the initial reporting.
The Arbitrage Opportunity
The fragmentation of Nigeria’s identity ecosystem creates opportunities for fraud that a unified system would eliminate. Consider the practical mechanics: a civil servant who appears on the IPPIS payroll under their BVN-linked account can still establish a separate tax identity, a different NIN record under a variant spelling of their name, and multiple voter registration entries. These databases do not cross-reference each other in real time. Paradigm Initiative alleged that up to 43 million Nigerians’ NIN records were exposed online, including names, addresses, phone numbers, and passport photographs. A database that leaks at that scale does not function as a fraud prevention tool. It functions as a fraud enablement tool, because it hands bad actors the raw material — verified identity data — with which to construct synthetic identities.
Compare Nigeria’s situation to Estonia, where the X-Road data exchange layer allows every government system to query every other in real time, with full audit logging of who accessed what. In Georgia, the unified civil registry eliminated the gap between identity, property, and business registration that had sustained petty corruption for a generation. Both countriesbuilt integration before they built individual platforms. Nigeria built individual platforms and assumed integration would follow. It has not.
The Multi-Agency Problem
The fundamental governance problem is that no single agency in Nigeria is responsible for identity infrastructure as an integrated whole. NIMC manages NIN. The CBN governs BVN. INEC runs the voter register. FIRS issues Tax Identification Numbers. Immigration manages passport data. Each agency has its own vendor contracts, its own technology stack, its own political patrons, and its own incentive not to surrender data sovereignty to a central integrator. The 2023 Nigeria Data Protection Act created a formal Data Protection Commission but placed it under ministerial control — a structure that, as data-privacy lawyer Habeeb Eyinade noted, means a regulator that needs ministerial clearance before acting is hardly independent.
Until there is a political decision — backed by statute, not executive circular — to build a genuine integrated identity architecture with real-time cross-referencing, independent audit access, and enforceable breach consequences, Nigeria’s identity ecosystem will continue to produce what it currently produces: a revenue stream for data thieves, a loophole factory for payroll fraudsters, and a false sense of security for every minister who cites NIN enrollment figures at a press conference.

Follow Us on Google