Skip to content
by Rakesh Waghela

5.16 V-CIP implementation detail

V-CIP (Video Customer Identification Process) is the RBI-compliant way to do KYC remotely. The specifications are tight; even minor non-compliance is an audit finding. This page is the engineering reference.

Authoritative source: RBI’s KYC Master Direction (DBR.AML.BC.No.81/14.01.001/2015-16) as amended, particularly the V-CIP section introduced in 2020 and updated periodically.

RBI V-CIP requirements

Section titled “RBI V-CIP requirements”

The platform’s V-CIP implementation (or its vendor’s) must satisfy:

1. Live, real-time, audio-visual interaction

Section titled “1. Live, real-time, audio-visual interaction”
  • The session must be live between the customer and the official; no pre-recorded video.
  • Audio + video mandatory.
  • End-to-end encrypted transport.

2. Trained official

Section titled “2. Trained official”
  • The official conducting V-CIP must be an employee of the RE or its outsourcing arrangement.
  • Trained specifically on V-CIP per RE’s policy + RBI requirements.
  • Identity documented at session start.

3. OVD verification

Section titled “3. OVD verification”
  • Customer shows Officially Valid Documents (OVDs) on camera.
  • Official verifies the OVD against customer’s face (live).
  • For Aadhaar: only offline Aadhaar XML (not OTP-based) is permitted as OVD in V-CIP for full KYC.

4. Customer photograph

Section titled “4. Customer photograph”
  • Captured during the session.
  • Quality sufficient for facial-recognition match against OVD.

5. Live photograph + OVD match

Section titled “5. Live photograph + OVD match”
  • Match score computed by automated face-match.
  • Below threshold → session fails; re-try or alternate path.

6. Geo-tagging

Section titled “6. Geo-tagging”
  • Customer’s geo-coordinates captured during session.
  • Must be within India (per RBI requirement that KYC is in India).
  • Geographic anomalies (customer in IndiaJun but session geo-tagged abroad) → fail.

7. Recording

Section titled “7. Recording”
  • Entire session recorded (audio + video).
  • Securely stored with access controls.
  • Retained per record-retention norms (typically 10 years post-account-closure for AML-relevant records).

8. Random visual cues

Section titled “8. Random visual cues”
  • Official may ask customer to show random items / perform actions during the session to ensure liveness (e.g., “show your watch”, “blink twice”).
  • Prevents pre-recorded video spoofing.

9. Sequence and consistency check

Section titled “9. Sequence and consistency check”
  • Official verifies that the customer’s photograph (live capture) matches the OVD photograph.
  • Verifies that the OVD’s details (name, DoB) match the customer’s stated details.

10. Audit trail

Section titled “10. Audit trail”
  • Every session logged with:
    • Date / time start / end.
    • Customer identifier.
    • Official identifier.
    • Vendor (if outsourced).
    • Recording URI.
    • Geo-coordinates.
    • Match scores.
    • Outcome (success / fail / retry / abandoned).

Vendor landscape (V-CIP-specific)

Section titled “Vendor landscape (V-CIP-specific)”
VendorURL
IDfyidfy.com
Signzysignzy.com
Hypervergehyperverge.co
Karza / Perfioskarza.in / perfios.com
Bureaubureau.id
AuthBridgeauthbridge.com

Each offers V-CIP-as-a-service: their app handles session, recording, face-match, geo-tag; the lender’s app integrates via SDK / API.

Integration shape

Section titled “Integration shape”
Borrower app / web
        
        
[Lending platform's KYC service initiates V-CIP]
        
        
[V-CIP vendor SDK / hosted page]
        
        ├── Borrower opens session
        ├── Vendor's trained operator joins (or AI-assisted)
        ├── Operator verifies OVD (offline Aadhaar XML upload + verification)
        ├── Operator captures borrower's live photo
        ├── Face match scored
        ├── Geo-tag captured
        ├── Random visual cues asked
        ├── Session recorded throughout
        
        
[Vendor returns session outcome to lending platform]
        
        
Lending platform stores:
- Session ID
- Recording URI (vendor-hosted or downloaded to lender's S3)
- Outcome + match score + geo-coordinates
- Audit log entry

V-CIP session API (illustrative — varies by vendor)

Section titled “V-CIP session API (illustrative — varies by vendor)”

Initiate session

Section titled “Initiate session”
POST /v1/kyc/vcip/schedule
Content-Type: application/json
Authorization: Bearer <token>


{
  "kyc_record_id": 71001,
  "borrower_mobile": "tok_mob_xxx",
  "borrower_email": "tok_email_xxx",
  "preferred_language": "en",
  "scheduling": {
    "type": "instant"   // or "scheduled" with specific datetime
  },
  "callback_url": "https://platform.in/webhook/vcip"
}

Response:

{
  "session_id": "vcip_xyz123",
  "vendor": "idfy",
  "session_url": "https://vcip.vendor.com/session/xyz123",
  "expires_at": "2026-04-12T13:00:00Z"
}

Borrower opens session_url

Section titled “Borrower opens session_url”

Vendor’s app handles the session entirely: video call, OVD upload, face match, geo-tag, recording.

Webhook on completion

Section titled “Webhook on completion”
POST https://platform.in/webhook/vcip
Content-Type: application/json
X-Vendor-Signature: <HMAC>


{
  "session_id": "vcip_xyz123",
  "status": "success",
  "completed_at": "2026-04-12T11:05:11Z",
  "duration_seconds": 547,
  "outcome": {
    "ovd_type": "aadhaar_offline",
    "ovd_verified": true,
    "face_match_score": 0.94,
    "liveness_passed": true,
    "geo": {
      "latitude": 12.97160,
      "longitude": 77.59456,
      "country": "IN",
      "address_reverse_geo": "Bengaluru, Karnataka"
    },
    "operator_id": "OP-IDfy-001",
    "operator_name": "Vendor Operator Name"
  },
  "recording": {
    "uri": "https://vendor-cdn.com/recording/vcip_xyz123.mp4",
    "duration": 547,
    "format": "mp4",
    "encryption": "AES-256"
  },
  "audit": {
    "audit_log_uri": "https://vendor.com/audit/vcip_xyz123.json"
  }
}

Lender stores

Section titled “Lender stores”
INSERT INTO vcip_session (
    kyc_record_id, vendor, started_at, completed_at,
    outcome, recording_uri, geo_tag_lat, geo_tag_lon,
    operator_id, face_match_score, audit_log_uri
) VALUES (...);

Recording archival

Section titled “Recording archival”

Two options:

  • Vendor-hosted: Recording stays with vendor; lender retains URI + accesses for audit on demand. Cheaper but vendor-dependent for long-term retention.
  • Lender-downloaded: Lender downloads recording to own S3 with Object Lock + KMS encryption. Audit-grade; full control.

For RE’s primary records retention, lender-downloaded with own S3 is the safer pattern. Periodic download job; deletion from vendor after confirmed local storage.

Failure modes and remediation

Section titled “Failure modes and remediation”
FailureCauseLender action
Face match score below thresholdOVD photo old / different angleRe-try; manual review of borderline matches
Liveness failedBorrower used static photo / video spoofRe-try; suspect fraud if persistent
Geo-tag outside IndiaBorrower abroadDecline V-CIP; require in-India session
Operator no-showVendor capacity issueRe-schedule; vendor SLA escalation
Network drop during sessionBorrower connectivityRe-try; allow partial-session continuation
OVD verification failedInvalid OVD / signature mismatchRe-try with different OVD
Borrower abandons mid-sessionVariousRe-engage; rescue workflow
Audio / video quality poorEquipment / networkRe-try with guidance

V-CIP for entity borrowers

Section titled “V-CIP for entity borrowers”

For entity borrowers, V-CIP is conducted per natural person (each director, each promoter, each BO above threshold). For a Pvt Ltd with 2 directors:

  • Director 1: V-CIP session 1.
  • Director 2: V-CIP session 2.
  • Each session independent; each records audit trail.

The platform’s KYB orchestration tracks completion per promoter and surfaces aggregate readiness for sanction.

V-CIP cost

Section titled “V-CIP cost”

Per session:

  • Operator-led: ₹40 – ₹150 (vendor depends + operator availability).
  • AI-assisted with operator on standby: ₹20 – ₹60.
  • Pure AI (no operator): cheaper but not RBI-compliant for full V-CIP; only for specific simplified scenarios.

For a 100 disbursements / week volume, V-CIP cost is ~₹0.4 – ₹1.5 lakh / week. Within standard KYC budget.

Operator quality + training

Section titled “Operator quality + training”

For lender-employed operators (if doing in-house V-CIP):

  • DRA-equivalent certification preferred.
  • Training on V-CIP specifically — RBI rules, vendor SDK, edge-case handling.
  • Periodic QA — sample sessions reviewed by senior operator / compliance.
  • Performance metrics — completion rate, escalation rate, complaint rate.

For outsourced V-CIP, vendor’s operator training is RE’s diligence concern; verify periodically.

Periodic re-V-CIP

Section titled “Periodic re-V-CIP”

For high-risk customers, periodic V-CIP refresh (every 2 years per KYC MD) may be required. Same flow, lower friction (borrower’s existing data on file).

Compliance audit perspective

Section titled “Compliance audit perspective”

Internal / external audit on V-CIP looks for:

  • Vendor due diligence file.
  • Recording for any audited sample loan present + playable.
  • Geo-tag inside India.
  • Operator identification.
  • Match scores reasonable.
  • Audit trail complete (timestamps, operator ID, etc.).
  • Recording retention compliant.

A missed recording or a geo-tag outside India is a critical audit finding.

What the platform must build

Section titled “What the platform must build”
  • V-CIP orchestration service — vendor-pluggable.
  • Vendor adapter per vendor (IDfy, Signzy, Hyperverge — at least primary + secondary).
  • Webhook handler for session completion.
  • Recording storage in own S3 with Object Lock + retention policy.
  • Borrower-facing UI that smoothly transitions into vendor session.
  • Operator dashboard if in-house operators.
  • Audit reporting per session.
Section titled “Related”