How NIN Format Validation Works
Understand how format validation catches invalid NINs before you call expensive NIMC APIs. This is the technical process behind our format validation tool.
Format Validation vs Identity Verification
We do format validation - checking if a NIN has the correct structure (11 digits, valid checksum). This catches typos, malformed input, and obviously fake numbers.
NIMC does identity verification - confirming the NIN was officially issued and matches a real person's biometric data. That requires their official verification services.
Format Validation Process
First, we validate the basic structure requirements:
- Exactly 11 digits (not 10, not 12)
- Only numeric characters (0-9)
- No spaces, dashes, or special characters
The Verhoeff algorithm validates the internal structure:
- Each digit has a mathematical relationship to others
- Detects single-digit errors with 100% accuracy
- Catches most transposed digit errors
Based on the format check result:
Structure is correct. Continue with your process.
NIN has errors. Ask user to check and re-enter.
Why Use Format Validation?
Catch errors before they enter your system:
- • Filter out typos and mistakes
- • Reject malformed or fake-looking numbers
- • Ensure data consistency
- • Reduce manual data cleanup
Instant format feedback gives users:
- • Immediate typo detection
- • No waiting for server round-trips
- • Clear error messages before submission
- • Reduced form abandonment
Critical Limitations
A NIN can pass format validation but still be:
- • Not officially issued - The number was never assigned by NIMC
- • Belonging to someone else - The person using it is not the registered owner
- • Inactive or revoked - The NIN has been deactivated
- • Mismatched - Does not match the provided name, photo, or date of birth
For customer onboarding and identity verification, you MUST use NIMC's official verification services.
Security & Privacy
What We Protect
- Your NIN numbers never leave your device
- No data storage on our servers
- No tracking of validation attempts
How We Protect
- HTTPS encryption for all connections
- Client-side only processing
- No external service calls