If you’re choosing a KYC vendor for an African fintech in 2026, the decision matters more than it used to. The NDPA’s General Application Instructions and Directives (GAID) took effect in September 2025, replacing the older NDPR framework. Cross-border data transfers now require explicit safeguards. Identity-fraud rates on African mobile money are up about 40% year-over-year. And the three vendors most Nigerian fintechs end up comparing — Smile ID, Youverify, and Dojah — have meaningfully diverged in their offerings since 2024.
This guide walks the decision the way an operator would. We cover pricing per verification, country coverage that actually matches your roadmap, API quality your engineering team will not curse, NDPA / DPA / POPIA compliance handling, and the support reality versus what sales decks promise.
For each vendor we cover: pricing, country coverage, the Non-Doc / liveness / KYB feature set, SDK quality, NDPA settlement, and one honest weakness operators hit. The decision framework that follows is the same 5-question checklist we run with our fintech clients — it resolves about 80% of “which vendor” decisions in under 30 minutes.
If your priority is pan-African coverage, skip to Section 2. If you’re Nigeria-only, jump to Section 3.
The quick verdict
If you operate in multiple African countries and need consistent identity coverage — Smile ID. Broadest pan-African coverage (54 countries), most published accuracy data, and the only one with first-party government-database integrations across 10+ African ID systems.
If you operate in Nigeria + want broader compliance tooling (KYB, AML transaction monitoring, no-code workflow automation) — Youverify. The yvOS platform is the most complete compliance suite of the three.
If you’re a Nigeria-first fintech that prioritizes the cleanest developer experience and fast NIN/BVN/CAC verifications — Dojah. Smallest of the three but arguably the best-designed REST API and clearest docs.
If you operate in emerging markets globally and need the lowest-friction (no-document) verification experience — Sumsub. Their Non-Doc Verification reached Africa in late 2023 and now achieves a 96.5% pass rate in 4.5 seconds.
Comparison table
| Factor | Smile ID | Youverify | Dojah | Sumsub |
|---|---|---|---|---|
| HQ / primary market | Pan-African | Nigeria | Nigeria | Global |
| Country coverage | 54 African + global IDs | African + global compliance | NG first; ECOWAS + KE/ZA expanding | 220+ countries |
| Document verification | Yes | Yes | Yes | Yes |
| Non-Doc / phone-number ID | Yes (PNI) | Yes | Limited | Yes (Dec 2023) |
| Liveness detection | Yes | Yes | Yes | Yes |
| KYB (business + UBO) | Yes | Yes (strongest) | Yes (CAC for NG) | Yes |
| AML monitoring | Add-on | Built into yvOS | Limited | Yes |
| NDPA data localization | Native (AWS af-south-1) | Native (NG-based) | Native (NG-based) | Configurable |
| No-code workflow builder | Limited | Yes (strongest) | Limited | Yes |
| Indicative price / verification | $0.10–$0.40 | $0.15–$0.40 | $0.10–$0.30 | $0.50–$1.50+ |
| Developer experience | Good | Good | Excellent | Good |
| Time to first integration | 1–2 weeks | 1–2 weeks | <1 week | 2–4 weeks |
| Funding raised (public) | ~$31M | Series A (~$5M) | ~$3M seed | Significant global |
| Best for | Pan-African ops | NG + compliance-heavy | NG-first, dev-led | Global ops entering Africa |
The 5-question decision framework
1. In how many countries will you onboard users in the next 12 months?
- 1 country → any of the three works
- 2 to 5 countries → Smile ID or Youverify (lean Smile ID for breadth)
- 6+ countries → Smile ID
2. Does your engineering team prefer REST API with great docs, or no-code workflow builder?
- REST + docs → Dojah (cleanest API) or Smile ID (most stable)
- No-code → Youverify (yvOS is the strongest)
3. Are you regulated as a financial institution under CBN / CBK / SARB, or as a non-FI?
- Regulated FI → all four work; verify the vendor has CBN/CBK approval as a third-party provider
- Non-FI → Youverify has the most complete AML monitoring you will need
4. Do you need to handle KYB (business verification, not just individuals)?
- Yes → Youverify (best KYB workflows) or Smile ID
- No → Dojah is the simplest choice
5. Are your users smartphone-first, or do you need to support feature-phone / low-quality capture?
- Smartphone-first → all four work
- Mixed device quality → Smile ID (best documented low-light accuracy) or Sumsub (PNI for non-document)
Smile ID — API architecture and integration
Smile ID’s product is built around a Smart Selfie + ID document core. The flow:
- Front-end captures user selfie (Smile ID mobile SDK with built-in liveness).
- Front-end captures ID document (NIN, BVN, passport, driver’s license, etc.).
- Back-end calls Smile ID API with job_id, selfie, ID image, country and document type.
- Smile ID performs OCR, face match, liveness verification, and for some IDs a check against the country’s official ID database.
- You receive verification result with confidence scores, extracted data, and a recommendation (approve / reject / manual review).
Representative API request:
POST https://api.smileidentity.com/v2/id_verification
Authorization: Bearer <jwt>
Content-Type: application/json
{
"country": "NG",
"id_type": "NIN_V2",
"id_number": "12345678901",
"first_name": "Chinwe",
"last_name": "Okonkwo",
"callback_url": "https://your-domain.com/smile-callback",
"partner_params": { "user_id": "uid", "job_id": "jid" }
}The callback fires when verification completes (typically <5s for ID-database checks; longer for selfie + document combos).
Smile ID has first-party integrations with NIN (Nigeria), BVN (Nigeria), NIDA (Tanzania), GHA Card (Ghana), SAID (South Africa), and others. A Smile ID NIN check queries the actual NIMC database, not a cached or scraped dataset.
Pricing: volume-tiered. List around $0.40/verification, but operators at 50,000+ monthly verifications typically negotiate to $0.10–$0.15.
NDPA compliance: primary data residency in AWS af-south-1 (Cape Town) with published DPA addendum and sub-processor list. For Nigeria-only operators concerned about NDPA cross-border restrictions, get the NITDA-compliant data residency configuration in writing during procurement.
Honest weakness: configuration depth can intimidate small teams. The integration is solid but you will spend more setup time than with Dojah.
Youverify — yvOS and the no-code edge
Youverify positions itself not as a verification API but as a compliance operating system (yvOS). yvOS includes:
- KYC verification (identity, document, biometric, NIN/BVN/CAC)
- KYB (business verification, ultimate beneficial owner discovery)
- AML transaction monitoring (rule-based + ML-enhanced)
- Workflow automation (no-code rule builder)
- Address verification (physical agent or geolocation)
- Sanctions and PEP screening (OFAC, UN, EU, and African sanctions)
The differentiator is the no-code workflow builder. A compliance officer can define rules like “if NIN verification fails AND amount > 50,000 NGN, escalate to manual review” without engineering touching the code. For ops-heavy fintechs (microfinance, BNPL), this dramatically reduces engineering load.
API is similar REST/JWT pattern; the workflow engine sits behind a graphical UI. Engineering integrates once; compliance iterates ongoing.
Scale: Youverify processes around 4 million monthly applications across 3,500+ businesses, with about 800 active enterprise clients.
NDPA: Nigerian-incorporated, structured around NDPA from inception. Their published DPIA template is one of the better resources for African fintechs writing their own.
Honest weakness: physical address verification (agent dispatch) is excellent in major Nigerian cities, weaker outside them. If you have rural / smaller-town user concentration, validate coverage in your specific service area.
Dojah — the developer-first option
Dojah is the smallest of the three but earns its place on API quality. Docs are the cleanest. Sandbox is the easiest to test. Time-to-first-verification in a new integration is typically under a day.
Coverage: Nigeria-first with growing ECOWAS support. Product mix:
- NIN, BVN, CAC verifications
- Phone number lookup
- Document OCR + face matching
- Liveness detection
- Address verification (limited)
- Card BIN lookup
- Bank account verification
For a Nigeria-first fintech that wants the cleanest developer experience and is comfortable adding additional vendors as it expands, Dojah is often the right Year 1 choice.
Honest weakness: as of 2026, Dojah has narrower compliance tooling than Youverify. If your AML / transaction monitoring needs are complex, expect to add a separate vendor (or build in-house).
Sumsub — when global is the priority
Sumsub is a global identity verification platform with strong African presence. Non-Doc Verification (launched late 2023 for African markets) verifies users without document upload by querying carrier databases. Pass rate ~96.5% in 4.5 seconds — faster than document-based flows with materially lower onboarding drop-off.
Pricing is higher than the African options ($0.50–$1.50+/verification at standard pricing). But for operators with complex global compliance needs (remittance startups serving African diaspora corridors, fintechs operating across NG/UK/US), the cost is often justified.
NDPA compliance requires procurement work — data localization is supported but not the default. Get configuration confirmed in writing.
Three things to build in-house, not buy
Regardless of which vendor you pick:
1. A vendor abstraction layer. Wrap each vendor’s API behind your own IdentityVerificationService interface. From day one. Means you can swap or A/B test vendors without refactoring application code. Becomes critical when you expand to a second country.
2. A verification audit log. Every attempt — successful, failed, manual-review — logged in your database (not just in the vendor’s logs). Include user_id, vendor, document_type, confidence, decision, timestamp. Required for NDPA Article 27 (data subject access requests) and regulatory examinations.
3. A re-verification scheduler. KYC is not one-time. Sanctions lists update. PEP status changes. Run re-verifications minimum every 12 months rolling, plus on risk events (large transactions outside pattern, address changes, prolonged inactivity then reactivation).
NDPA — what each vendor still leaves to you
Choosing an NDPA-compliant vendor is a starting point, not a finish. The GAID (effective September 2025) puts the following on YOU as data controller:
- Appoint a Data Protection Officer (DPO) if you process 1,000+ user records or are a financial institution
- Complete a Data Protection Impact Assessment (DPIA) before launching high-risk processing (KYC qualifies)
- Maintain a Record of Processing Activities (ROPA)
- Notify the NDPC of breaches within 72 hours
- Respond to data subject access requests within 30 days
The vendor’s role: data processor (you remain data controller). The DPA addendum should commit them to processing only on your documented instructions, notifying you of breaches within 24 hours (so you make the 72-hour NDPC deadline), allowing audits, returning or deleting data at contract end.
If a vendor pushes back on any of these, that is a meaningful red flag.
Edge cases the marketing decks skip
Name normalization. NIN says “OKONKWO” all caps. Bank statement says “Chinwe Adaeze Okonkwo.” BVN matches the bank. Verify how each vendor handles fuzzy match — defaults are typically too strict (excessive manual review) or too loose (fraud risk). Tune during onboarding.
Diacritics and special characters. Names like “Olúwáṣẹun” or “Faïsa” can break OCR. Smile ID and Sumsub handle Unicode well; Dojah’s OCR has had issues in past versions — test it.
Low-quality cameras / poor lighting. Field-agent-captured documents from rural areas often fail document-quality checks. Smile ID has the most published data on low-light performance. Request specific test data from each vendor before committing.
PNI / unregistered phone numbers. Phone Number Identity queries telco databases. In some African markets telco data is incomplete (older SIMs, pre-NIN-linkage). Confirm coverage for your target market specifically — pan-African averages do not tell you what works in Tanzania or Uganda.
When to use multiple vendors
Most fintechs eventually use 2–3 KYC vendors in production:
- Primary + cheaper fallback. Smile ID for high-stakes onboarding; Dojah for simpler re-verifications.
- Country specialists. Smile ID pan-African; a local Nigerian vendor for NIN edge cases.
- Verification level tiering. Phone-only (PNI) for low-stakes accounts up to X amount; full document + liveness above.
The vendor abstraction layer (build, don’t buy) makes this practical without engineering rebuild.
FAQ
Is Smile ID, Youverify, or Dojah the cheapest?
Dojah typically has the lowest list pricing for Nigerian verifications. Smile ID is most volume-flexible — operators at 50,000+ monthly verifications often negotiate below Dojah’s list. Youverify varies based on workflow complexity. For a typical Nigerian fintech doing 10k–50k monthly verifications, expect $0.10–$0.30 across all three.
Which KYC vendor is NDPA-compliant?
All three African-headquartered vendors handle NDPA-compliant processing. The vendor’s compliance is necessary but not sufficient — you remain data controller. You must appoint a DPO, conduct a DPIA, maintain a ROPA, and meet breach-notification obligations.
Can I integrate Smile ID and Youverify together?
Yes. Build a vendor abstraction layer (your own IdentityVerificationService interface). Lets you route by cost, country, account tier. Also lets you A/B test pass rates between vendors on the same user base — the most reliable way to know which works best for YOUR mix.
How long does it take to integrate Smile ID or Youverify?
For a backend engineer with REST experience: 1–2 weeks of integration work (including mobile SDK, callback handling, error states, audit logging). Dojah is typically under a week because the API is simplest. Add 1–2 weeks for QA, security review, and DPIA documentation before production.
Do I need both KYC and KYB if I only onboard individuals?
KYC only. For B2B operators (payment processors with merchants, B2B lenders), you need KYB to verify entity CAC registration plus identity verification for the ultimate beneficial owners.
What happens if a verification fails?
Configure three outcomes: APPROVE (passed, proceed), MANUAL REVIEW (low confidence, route to compliance), REJECT (high confidence of fraud or invalid document). Don’t auto-reject on first failure — give 2–3 retry attempts with improved guidance (“ensure good lighting,” “hold the document flat”). If more than 15% of users fail KYC, you have a UX problem, not a vendor problem.
How often should I re-verify users?
Minimum: 12 months rolling. Plus on risk-triggering events (transactions outside historical pattern, address change, dormant reactivation, sanctions list update). Most vendors offer ongoing monitoring as an add-on for ~$0.02–$0.05/user/month.
Get a free KYC stack audit
We review your current vendor, integration, and NDPA documentation, and give you a written 15-minute brief on what’s working and what’s leaking money. Book via WhatsApp: wa.me/[number].
Subscribe to The African Operator’s Stack — weekly newsletter on the AI / digital / IT tools African fintech, healthtech, agritech, edtech, and ecommerce operators are actually buying.