Verify once, use everywhere: the case for portable trust

The average Nigerian professional uploads their national ID card somewhere between 18 and 40 times a year. A bank opens an account. A landlord runs a tenant check. A fintech requires KYC Tier 2 to raise a limit. An embassy wants a visa support letter. Each time: the same passport, the same utility bill, the same face-on-camera selfie. Collected, stored, verified, then sitting in a silo.

The waste is obvious when you describe it. The user does the same work forty times. Forty different companies spend money verifying the same document. Forty copies of the same sensitive data sit in forty different vendors' datastores, forty attack surfaces for a breach. And despite all this, the data quality is worse than it would be if it were verified once, well, and re-used.

This is the problem Universal Verification Numbers are designed to solve.

What a UVN actually is

A UVN is a permanent, unique identifier assigned to a verified document or claim. It is a digital fingerprint, not a pointer to the document itself, but a proof that a specific document with specific contents was authenticated on a specific date against a specific compliance profile.

Concretely, when CredFlare verifies a passport for KYC Tier 2, the output is:

• A UVN like CF-KYC-9847-AO
• The verification profile that was applied (what checks ran, what standards they met)
• Timestamps and expiry
• A cryptographic commitment that binds the UVN to the underlying document's hash

The document itself remains with the verifying institution or, at the user's choice, in a CredFlare vault with end-to-end encryption. The UVN is what gets shared.

How re-use works without weakening AML

The common objection to portable KYC is regulatory: "my compliance officer will not accept somebody else's verification as a substitute for ours." That is a fair concern, and it is why UVN is designed around transparency of the original verification rather than replacement of it.

When a second institution wants to re-use a UVN, they do not blindly trust it. They query the UVN registry and receive the full verification profile: which checks ran, against what references, at what confidence level, when. Their own compliance officer reviews whether that profile satisfies their internal policy. If it does, they accept the UVN. If it doesn't, they can request additional checks without starting from zero.

The model is closer to receipts than to certificates. A UVN is a verifiable receipt of what was done. Institutions retain the right to require more.

Where it matters most

Cross-border identity

An Ethiopian professional opening a bank account in Kenya today re-submits documents the Ethiopian bank already verified last year. With UVN, the Kenyan bank sees the Ethiopian verification profile, recognises it meets FATF Recommendation 10, and accepts it. The user skips a week of document collection.

Multi-tier progression within a single provider

A mobile money wallet user at Tier 1 wants to raise their limit to Tier 2. Under the old model, they re-upload. Under UVN, the Tier 1 verification, if conducted against a profile that includes Tier 2 requirements, simply gets re-evaluated against the new profile. No second upload.

Recovery and re-authentication

A user who lost access to their account no longer has to send a photo of their ID to a support agent. Their UVN is the account's identity anchor; recovery is a challenge against it.

Every time a user re-verifies, three things happen: they are annoyed, the institution spends money, and the attack surface grows by one more copy of their sensitive data. All three of those are avoidable.

What we are not claiming

UVN is not a credential you can weaponise against a user. It expires. It can be revoked. It is not the kind of universal identifier that a government issues from above; it is an artefact of a verification event, and every use is consensual and audit-logged.

It is also not a replacement for the discretion of a human compliance officer. In high-risk cases (politically exposed persons, adverse media hits, sanctions proximity) the answer is still to do the extra work. UVN removes duplicated low-risk work so human attention can concentrate on the cases that merit it.

The outcome compliance teams want, users want, and institutions want is the same: verify thoroughly, once, and re-use the result wherever it is appropriate. That is what UVN is. Everything else is an implementation detail.