BRD - KYC and Profile Management
Document Control
| Version | Date | Author | Description |
|---|---|---|---|
| 1.0 | 2025-07-29 | BA Team | Initial Draft |
Table of Contents
- Executive Summary
- Project Overview
- Stakeholders
- Business Objectives
- Functional Requirements
- Non-Functional Requirements
- Business Rules
- Business Process Flows
- Integration Requirements
- Error Handling and User Messaging
- Compliance and Security Requirements
- Risk Assessment and Mitigation
- Testing Requirements
- Implementation Timeline
- Success Criteria and KPIs
- Appendices
1. Executive Summary
This document outlines the business requirements for implementing a comprehensive KYC (Know Your Customer) verification system within a mobile application. The system will enable users to complete their identity verification through multiple document types and personal information collection, with automated API verification.
1.1 Purpose
To ensure a secure, compliant, and user-friendly KYC process that verifies user identity using Aadhaar, PAN and Driving License and collects personal information as per regulatory requirements. Reduce manual verification time from days to minutes.
1.2 In Scope
The Scope of BRD includes:
- Implement a KYC verification module with a banner and menu-driven interface.
- Support verification of Aadhaar (required), PAN (conditionally required) and Driving License (conditionally required) using APIs.
- Contact information management and verification
- Manage user contacts, personal details, addresses, and profile photos.
- KYC status and level tracking
- Image quality validation and retry mechanisms
2. Project Overview
2.1 Technology Stack
- Frontend: Tanstack Router, Tanstack Form, Apollo Client
- Backend: NestJS, GraphQL, Prisma ORM
- Database: PostgreSQL
- SMS Gateway: Third-party SMS service (MSG91)
- API Integration: Cashfree API for PAN and Driving License verification
2.2 Key Features
- Multi-step Aadhaar verification (OTP and OCR methods)
- Profile picture verification
- Contact information management
- Address verification
- Other document verification (PAN, Driving License)
- KYC status tracking and progress monitoring
3. Stakeholders
| Role | Name / Department |
|---|---|
| Project Sponsor | Product Manager |
| Business Analyst | BA Team |
| Development Team | Mobile & Backend Devs |
| QA Team | QA Team |
| UX/UI Designer | Design Team |
4. Business Objectives
4.1 Primary Goals
- Enable regulatory compliance for financial and agricultural services
- Provide secure identity verification for farming community
- Ensure data accuracy through automated verification processes
- Maintain user engagement through progressive KYC completion
- Support multiple document types for flexible verification options
4.2 Success Metrics
- KYC completion rate > 85%
- Verification processing time < 48 hours
- User drop-off rate during KYC < 15%
- Document verification accuracy > 95%
5. Functional Requirements
5.1 KYC Status Management
FR-001: KYC Completion Banner
- Display a banner with text: "Aadhaar verification is mandatory to access all farming services and benefits" and a "Start Aadhaar Verification" button if KYC is not completed.
- Clicking "Start Aadhaar Verification" navigates to the Aadhaar verification page
FR-002: Progress Visualization
- Show a progress bar indicating KYC completion percentage based on completed sections (Mobile Verification, Aadhaar Verification, Profile Picture).
- Individual verification status for each document type
FR-003: Verification Hierarchy
- Mobile Verification: Pre-verified using login mobile number (foundational)
- Aadhaar Verification: Marked as "Required" with a "Verify" button, navigates to the Aadhaar verification page.
- Profile Picture: Marked as "Required" with a "Verify" button, navigates to the Profile Picture upload section.
- PAN Card Verification: Marked as "Optional" with a "Verify" button, navigates to the PAN verification page
- Driving License Verification: Marked as "Optional" with a "Verify" button, navigates to the Driving License verification page.
5.2 Aadhaar Verification
The Aadhaar verification system will support two primary verification methods:
- OTP + Selfie Method: Primary verification using mobile OTP and Face Match with selfie picture
- OCR + Selfie Method: Alternative verification using document upload and optical character recognition and Face match with selfie picture
5.2.1 OTP-Based Verification
The OTP-based verification process includes three steps
Step 1: Aadhaar Number Input
FR-004: Aadhaar Number Input and API Verification
- Provide a screen to input a 12-digit Aadhaar number
- Include a checkbox for user consent to verify Aadhaar details
- Offer an alternate option: "Upload Document" to switch to OCR verification
- Secure OTP generation and validation via designated API
- On successful OTP request, store the Aadhaar number in the database and update KYC status to "In Progress."
Step 2: OTP Verification
FR-005: OTP Verification Process
- Provide a screen to enter the OTP received via SMS
- Implement 10-minute timeout for OTP validity
- Verify OTP using designated API
- Offer an alternate option: "Upload Document" to switch to OCR verification.
- If OTP verification fails three times, provide options to: "Try OTP Again," "Upload Document," "Complete This Later," and "Contact Support" (links to support team contact)
- If timeout occurs, redirect to Aadhaar number screen with pre-filled number
Step 3: Selfie Capture
FR-006: Selfie Capture
- Provide a screen to capture a selfie using the device camera
- Perform image quality checks (e.g., brightness, clarity) and prompt retry if quality is insufficient
- Provide retry option with clear instructions if image quality is poor
- Integrate with designated API to verify the selfie image with Aadhaar image
- On successful face match, complete Aadhaar verification and display "Verified Successfully" message.
5.2.2 OCR-Based Verification
The OCR-based verification process includes four steps and is triggered if the user selects "Upload Document" or after three failed OTP attempts
Step 1: Document Upload
FR-007: Document Upload
- Provide a screen to upload front and back images of the Aadhaar card
- Include a checkbox for user consent to verify Aadhaar details
- Use designated OCR API to extract details (e.g., Aadhaar number, name, address)
- Store the Aadhaar number in the database and update KYC status to "In Progress"
- Provide option to Go Back to OTP Method
Step 2: Display OCR Details
FR-008: Display OCR Details
- Display extracted details from OCR for user view.
- Include buttons to proceed with selfie verification
Step 3: Selfie Capture
FR-009: Selfie Capture
- Provide a screen to capture a selfie using the device camera
- Perform image quality checks (e.g., brightness, clarity) and prompt retry if quality is insufficient
- Provide retry option with clear instructions if image quality is poor
- Integrate with designated API to verify the selfie image with Aadhaar image
- On successful face match, complete Aadhaar verification and display "Verified Successfully" message.
5.2.3 Post Verification Display
FR-010: Verification Completion
- Update KYC status to "Approved" and KYC level to "Verified" in the database
- Display verification details in the Aadhaar menu, including user details, verification time line, selfie picture, verification method, verified date, status, KYC level and masked Aadhaar image
- Provide a "Re-verify Aadhaar" button to allow future updates
- Provide option to view historical Aadhaar verification records
- On API rejection, update KYC status to "Rejected" and return an error message (e.g., "Invalid Aadhaar details, please retry")
Compliance:
- Mask the first 8 digits of the Aadhaar number in storage/display.
- Obtain user consent before verification.
5.2.4 Aadhaar Version History
FR-011: Aadhaar Version details
Access Point:
- Include a dropdown field, display the current version of the Aadhaar verification details
- Allow users to view and select from the list of previous version histories as needed.
Display Information:
- List of all previous Aadhaar verification attempts/completions
- Verification date and time for each version
- Verification method used (OTP/OCR)
- Status of each verification
- Verification details snapshot for each version
- Document images (if OCR method was used)
- Selfie images from each verification attempt
5.3 Profile Picture
FR-012: Initial Setup
- Auto-populate with Aadhaar verification selfie
- Automatic status update to "Verified"
- KYC level update to "Complete"
FR-013: Update Functionality
- Provide option to upload new profile picture
- Image quality validation
- Provide option to Replace existing picture capability
5.4 Profile Management
FR-014: Automated Data Population
- Auto-Population: Name, father's name, care of, date of birth, gender from Aadhaar
- Data Integrity: Prevent manual editing of Aadhaar-verified fields
- Exception Handling: Allow input for Nickname. Allow father's name and Care of input if not available from Aadhaar
FR-015: Profile Photo Management
- Auto-populate with Aadhaar verification selfie
- Allow users to retake or replace profile picture
- Automated quality checks with retry mechanism
- Display current profile picture in user profile
- Compress images before storage to optimize space
- Maintain image version history for audit purposes
5.5 Contact Information Management
FR-016: Primary Mobile Number
- Auto-populate primary mobile number with user's login mobile number
- Display verification status as "Verified" for login mobile number
- Restrict modification or deletion of primary mobile if it's the login number
FR-017: Alternative Mobile Number
- Provide option to add alternative mobile number
- Send an OTP via SMS or WhatsApp (user selects method) for verification.
- Allow setting alternative mobile as primary only after verification
- Update primary mobile number in the database
- Provide option to delete alternative mobile number
- Maintain audit trail of mobile number changes
FR-018: Email Management
- Provide field to input email address
- Validate email format before saving
- Send a verification email with a confirmation link (expires in 24 hours).
- Mark email as verified only after link confirmation
- Provide option to add or Delete Email ID
FR-019: WhatsApp Number
- Provide field to input WhatsApp number
- Send OTP to WhatsApp number for verification
- Allow same number for mobile and WhatsApp if applicable
- Store verification status separately for WhatsApp number
- Provide option to add or delete WhatsApp Number with verification
FR-020: Landline Number
- Provide an input field for landline number (e.g., +91XXXXXXXX).
- No verification required; store as unverified.
FR-021: Communication Preferences
- Allow users to select preferences: Notifications (system alerts), Marketing (promotions & news), Transactional (order updates).
- Include "Cancel" and "Add Contact" buttons.
- Maintain an audit trail for all contact changes (add, update, delete) with timestamps and old/new values.
5.6 Address Management
FR-022: Default Address from Aadhaar
- Auto-populate address from verified Aadhaar data
- Display address in structured format (House No, Street, City, State, PIN)
- Set Aadhaar address as default permanent address
- Display address as read-only after Aadhaar verification
FR-023: Additional Address Management
- Provide option to add additional home address if different from Aadhaar
- Provide option to add work/office address
- Validate PIN codes and map to correct city/state
- Support multiple address types (Permanent, Current, Work etc.,)
- Allow setting one address as primary communication address
- Maintain address version history and audit trail
5.7 Document Verification
5.7.1 PAN Card Verification
Optionality: PAN verification is optional, but will become mandatory if the user is enrolled with an organization within the app.
FR-024: PAN Number Input
- Provide screen to input 10-digit PAN number and Name
- Validate PAN number format (AAAAA9999A)
- Integrate with designated API for verification
- Store PAN number and PAN status to "In Progress" in database
FR-025: API Verification
- Use designated API to verify PAN against NSDL/UTIITSL databases
- If successful, update PAN status to "Verified"
- On success, display details (Name, DOB, Gender) with view and re-verify options
- On API rejection, return error message (e.g., "Invalid PAN details") and update PAN status as "Rejected".
- If API fails (e.g. downtime), Display user-friendly error message: "Service temporarily unavailable. Please try again later."
Compliance:
- Mask the first 8 digits of the PAN in storage/display.
5.7.2 Driving License Verification
Optionality: Driving License verification is optional, but will become mandatory when the user's role is set as a "machinery operator".
FR-026: License Number Input
- Provide screen to input Driving License number
- Provide field to input Date of Birth
- Validate license number format based on state regulations
- Store DL details in database and set DL status to "In Progress."
FR-027: API Verification
- Integrate with designated API for Driving License verification using license number and DOB
- If successful, update DL status to "Verified."
- On success, display details (Name, DOB, Gender) with view and re-verify options
- On API rejection, return error message (e.g., "Invalid DL details") and update DL status as "Rejected".
- If API fails (e.g. downtime), Display user-friendly error message: "Service temporarily unavailable. Please try again later."
5.8 KYC Level Management
FR-028: KYC Status Definitions
Define KYC Status:
- Not Started: User hasn't begun KYC process
- In Progress: User has started but not completed mandatory requirements
- Approved: Aadhaar successfully verified via API
- Rejected: Invalid/mismatch during verification
FR-029: KYC Level Updates
- Update KYC level automatically based on completion status
- Basic: User registered and mobile number verified
- Verified: Aadhaar successfully verified
- Completed: Mandatory components for "Completed" level:
- Mobile Number verified
- Aadhaar verified (OTP or OCR)
- Profile picture uploaded and quality validated
- PAN and Driving License are conditionally required (based on user role) for "Completed" status
- Send notifications to user on KYC level changes
6. Non-Functional Requirements
NFR-001: Performance Requirements
- API response time should not exceed 5 seconds
- Image upload should complete within 30 seconds
- OCR processing should complete within 15 seconds
- Image quality checks should complete within 5 seconds
- System should handle 1000 concurrent KYC verifications
NFR-002: Security Requirements
- Encrypt all sensitive data at rest and in transit
- Implement secure file upload with virus scanning
- Log all KYC activities for audit trail
- Implement rate limiting for API calls
- Secure storage of document images
- Implement image tampering detection
NFR-003: Availability Requirements
- System should maintain 99.5% uptime
- Implement graceful degradation during API failures
- Provide offline capability for document upload
- Queue failed verifications for retry mechanism
- Implement automatic failover for critical services
NFR-004: Usability Requirements
- Interface should be mobile-responsive and user-friendly
- Provide clear error messages and guidance for image quality issues
- Implement progress indicators for multi-step processes
- Provide real-time quality feedback during image capture
NFR-005: Image Quality Requirements
- Minimum image resolution: 640x480 pixels
- Maximum file size: 5MB per image
- Supported formats: JPEG, PNG
- Blur detection accuracy: 90%
- Face detection accuracy: 95%
- OCR accuracy: 85% for clear documents
7. Business Rules
- Aadhaar is a mandatory document for all users and must be verified first.
- Aadhaar number must be 12 digits and pass checksum validation.
- OTP is valid only for a specific period (e.g., 10 minutes).
- KYC status transitions: Not Started → In Progress → Under Review → Approved or Rejected.
- Verified users should see a "Verified" badge on their profile.
- KYC is considered "Completed" only after Aadhaar and Profile Picture are successfully verified.
8. Business Process Flows
8.1 Standard KYC Journey
- User accesses KYC Status page
- Views progress and required verifications
- Completes mandatory mobile verification
- Proceeds with Aadhaar verification
- Optionally adds PAN and Driving License
- Completes profile and contact information
- Achieves "Completed" KYC status
8.2 Verification Failure Handling
- API verification attempt
- Document upload and quality checks
- OCR processing and data extraction
- Status update and user notification
9. Integration Requirements
9.1 Cashfree API Integration
- Cashfree Aadhaar OTP generation API
- Cashfree Aadhaar OTP verification API
- Cashfree PAN verification API
- Cashfree Driving License verification API
- Cashfree Face Match verification API
- Handle API rate limits and quotas
- Implement retry mechanism for failed API calls
9.2 Third-Party Service Integration
- SMS gateway for OTP delivery
- Email service for verification emails
- OCR service for document text extraction
- Image quality assessment service
- Face detection service for profile pictures
9.3 Internal System Integration
- User authentication system
- Notification service for status updates
- Audit logging system
- File storage service for document images
- Image compression and optimization service
10. Error Handling and User Messaging
10.1 Error Categories
- Network connectivity and API timeout errors
- Document image quality issues
- OCR extraction failures
- Invalid data format errors
- Verification failure errors
- File upload and storage errors
10.2 User Communication Strategy
- Clear success messages for completed verification steps
- Detailed error messages with specific improvement guidance
- Real-time progress updates during verification process
- Proactive quality check feedback during image capture
- Email/SMS notifications for significant status changes
- Comprehensive help documentation with visual guides
- In-app tutorials for document capture best practices
11. Compliance and Security Requirements
11.1 Data Protection Compliance
- End-to-end encryption for sensitive documents
- Implement data minimization principles
- Secure data sharing with Cashfree and other APIs
- Role-based access for admin verification
- Comprehensive logging of all verification activities
11.2 KYC Regulatory Compliance
- Maintain document authenticity verification standards
- Implement suspicious activity detection and reporting
- Audit trail maintenance for regulatory inspections
11.3 API Security Compliance
- Secure API key management and rotation
- Encrypted data transmission to third-party services
- API usage monitoring and anomaly detection
- Compliance with Cashfree security requirements
- Regular security assessment of integrated services
12. Risk Assessment and Mitigation
12.1 Technical Risks
- Cashfree API reliability and service availability
- Image quality validation accuracy and false positives
- OCR accuracy for varied document conditions
- Mobile device compatibility and camera quality variations
- Database performance under high concurrent load
12.2 Business Risks
- User adoption challenges due to complex verification process
- Regulatory changes affecting KYC requirements
- Data security breaches and privacy concerns
- Third-party service dependencies and vendor lock-in
12.3 Mitigation Strategies
- Develop robust image quality training datasets and algorithms
- Regular performance monitoring and auto-scaling capabilities
- Extensive device testing and compatibility validation
- Redundant verification paths and manual override capabilities
- Continuous regulatory monitoring and adaptive compliance
13. Testing Requirements
13.1 Unit Tests
- Validate format of Aadhaar, PAN, DL numbers.
- Ensure correct KYC status transitions.
13.2 Integration Tests
- API connectivity to Cashfree endpoints.
- OTP flow integration and timeout handling.
- SMS gateway integration.
13.3 UI Tests
- Display and update of banner message.
- Aadhaar screen OTP retry and fallback flow.
- Upload and image quality check flow.
13.4 Manual Tests
- Admin KYC review actions (approve/reject).
- Document OCR extraction and validation.
13.5 Security Tests
- Data encryption in transit and at rest.
- Masking of Aadhaar data.
- Role-based access control for admin actions.
14. Implementation Timeline
Phase 1: Foundation (Weeks 1-4)
- KYC banner and navigation implementation
- Contact information management
- Database schema and API structure setup
- Cashfree API integration setup
Phase 2: Core KYC (Weeks 5-8)
- Aadhaar verification (OTP and OCR)
- Image quality validation framework
- OCR integration and data extraction
- Personal details and address management
Phase 3: Extended Documents (Weeks 9-12)
- PAN verification implementation
- Driving License verification
- Profile picture upload with quality checks
- KYC level management and status updates
Phase 4: Deployment and Monitoring (Weeks 13-16)
- Production deployment and monitoring
- User training and support documentation
- Performance optimization and bug fixes
- Go-live and post-launch support
15. Success Criteria and KPIs
15.1 Business Success Metrics
- 95% successful KYC completion rate for mandatory components
- Average KYC completion time under 15 minutes
- Less than 10% manual verification rate for Aadhaar
- 90% user satisfaction score for KYC process
- 85% first-attempt success rate for document uploads
15.2 Technical Performance Metrics
- 99.5% API availability and response time SLA
- Less than 3% document processing errors
- Average image quality check completion under 5 seconds
- 90% OCR accuracy rate for clear documents
- Zero security incidents related to KYC data
15.3 Quality Metrics
- 95% image quality acceptance rate on first attempt
- Less than 5% admin verification reversal rate
- 90% consistency score across admin verifications
- Average manual verification time under 2 minutes
- 98% data accuracy in extracted information
16. Appendices
NA