EKYC 3.0 — Gap Analysis: New Backend vs Old Code

Stage 4 (PAN Confirmation) & Stage 5 (DigiLocker/Aadhaar) • Comparing D:\MO_Project\ekyc\backend vs D:\MO_Project\ekyc\existing_code
Scope: Stage 4 (PAN Confirmation) + Stage 5 (Aadhaar/DigiLocker) New Backend: .NET 8 + PostgreSQL + In-Memory OTP Old Backend: .NET + SQL Server + SOAP

Table of Contents

  1. Executive Summary
  2. Stage 4 — PAN Confirmation (Checks 1–20)
  3. Stage 5 — Aadhaar / DigiLocker (Checks 21–36)
  4. Missing Checks — Priority Action Items
  5. Old Tables NOT to Reuse
  6. Reference Tables MUST Sync
  7. Action Items

1. Executive Summary

29
PRESENT
4
PARTIAL
1
MISSING
2
N/A
36
TOTAL CHECKS
Reading guide PRESENT = logic exists in new backend and matches BRD requirement. PARTIAL = logic exists but is incomplete or has caveats. MISSING = logic is absent in new backend — action required. N/A = not needed per Product team decision — no action required.

2. Stage 4 — PAN Confirmation (Checks 1–20)

# Check / Requirement Status Evidence / Notes
1 KRA RESTRICTED entry check PRESENT PanVerificationService checks kra.KraStatusPanStage == "RESTRICTED"
2 KRA INVALID_PAN handling PRESENT Discards prefill, blank PAN presented to user
3 PAN format validation (10 chars, 4th=P) PRESENT IsValidPanFormat, IsIndividualPan
4 Employee PAN check PRESENT employee_pan_master query with active/resigned logic
5 Franchise PAN whitelist PRESENT franchise_pan_whitelist query, tag but don’t block
6 PAN post-eSign duplicate check PRESENT Joins PanVerifications with Leads where stage ≥ 13
7 PAN client_master duplicate check PRESENT ClientMaster query by panHash
8 Hyperverge name + DOB fetch PRESENT HypervergePanProvider.FetchPanDetailsAsync
9 NSDL PAN validation PRESENT NsdlPanProvider with UTI fallback
10 UTI fallback when NSDL down PRESENT Tries UTI, CS Journey if both fail
11 Age < 18 detection PRESENT Calculates age, sets MINOR_GUARDIAN_REQUIRED path
12 Age > 100 detection PRESENT Drops lead with DROP_AGE_OVER_100
13 Max 3 PAN attempts PRESENT PanAttemptsUsed tracking, drops on 3rd fail
14 KRA name vs PAN name match PRESENT NameMatchService.CalculateScore, threshold 70
15 ekyc_name determination PRESENT KRA name if score ≥ 70, else PAN name
16 Journey path determination (DIGILOCKER_SKIP / REQUIRED) PRESENT DetermineJourneyPath checks KRA address usability
17 Downstream events (CleverTap, Zoho, CDP, Datalake) PRESENT 4 targets fired
18 Franchisee/Employee CONTACT restriction (mobile/email in employee master + PAN is client) PARTIAL Current code checks employee PAN only. Does NOT check if the MOBILE or EMAIL used belongs to employee/franchise while PAN belongs to a different client.
19 OCR PAN 'O'/'Q' correction NOT NEEDED per Product team N/A Old USP_CHECKPANDEATILSMATCH had special logic to convert OCR ‘O’ to ‘Q’ in PAN. New code has no OCR correction. Product team confirmed NOT NEEDED.
20 PAN change tracking / old-new PAN reconciliation MISSING Old USP_CHECK_OLD_NEW_PAN_SJET tracked PAN changes. New code doesn’t track if customer changes PAN between attempts.

3. Stage 5 — Aadhaar / DigiLocker (Checks 21–36)

# Check / Requirement Status Evidence / Notes
21 DigiLocker consent storage with version PRESENT Consent entity with DIGILOCKER type, version from config
22 AiNXT DigiLocker redirect URL generation PRESENT AinxtDigilockerProvider.GenerateLinkAsync
23 Fallback to direct DigiLocker OAuth URL PRESENT Constructs URL if AiNXT fails
24 Max 3 DigiLocker attempts PRESENT Counts AadhaarVerifications, returns error on 3rd
25 Aadhaar XML extraction (name, DOB, address, gender, photo, father) PRESENT ExtractNameFromDigilockerResponse, etc.
26 Aadhaar number masking (first 4 + last 4 only) PRESENT GenerateMaskedAadhaar
27 Name match against ekyc_name PRESENT NameMatchService.CalculateScore
28 STP flag: 70–100=STP, 1–69=NON_STP, 0=DROP PRESENT stpAadhaarFlag logic
29 Aadhaar upload fallback (JPG/PNG/PDF, 5MB) PRESENT ProcessAadhaarUploadAsync with file validation
30 XML 24-hour deletion scheduling PRESENT AadhaarXmlDeletionScheduledAt = UtcNow.AddHours(24)
31 Photo deletion after Stage 7 PRESENT AadhaarPhotoDeletedAt tracked, deleted in LivenessService
32 Journey path skip logic PRESENT Checks lead.JourneyPath == "DIGILOCKER_SKIP"
33 Downstream events PRESENT 4 targets fired
34 Address language conversion (regional to English) PARTIAL BRD requires AiNXT only (Google Services removed per Product team) for Hindi/Telugu/Tamil conversion. New code sets AddressLanguageConverted=true for DigiLocker but no actual conversion provider call.
35 PAN cross-verification from DigiLocker XML NOT NEEDED per Product team N/A Old USP_CHECKPANNO_DIGILOCKER_SJET compared DigiLocker PAN with OAO PAN. New code doesn’t cross-verify PAN from DigiLocker against Stage 4 PAN. Product team confirmed NOT NEEDED.
36 OCR extraction for Aadhaar upload is SIMULATED PARTIAL ProcessAadhaarUploadAsync has placeholder "SIMULATED AADHAAR NAME". Real AiNXT OCR provider not wired.

4. Missing Checks — Priority Action Items

Priority Check # Issue Required Action
P1 #18 Employee/Franchise CONTACT restriction Check if lead’s mobile/email exists in employee_pan_master or franchise_pan_whitelist. If yes AND the PAN entered is NOT an employee/franchise PAN → block with DROP_EMPLOYEE_CONTACT_USED.
N/A #19 OCR PAN 'O'/'Q' correction NOT NEEDED per Product team Add character normalization before PAN comparison. NOT NEEDED
P2 #20 PAN change tracking Add previous PAN hash to PanVerification for audit.
P1 #34 Address language conversion Wire AiNXT only (Google Services removed per Product team) for regional address text.
N/A #35 PAN cross-verification from DigiLocker NOT NEEDED per Product team Compare PAN in Aadhaar XML with Stage 4 PAN hash. NOT NEEDED
P1 #36 Real OCR provider for Aadhaar upload Replace simulated extraction with AiNXT OCR provider.

5. Old Tables NOT to Reuse

These old tables are replaced by new entities. Do NOT create equivalents — data maps to the new schema as shown.
Old Table Replaced By (New Entity)
TBL_OAO_DETAILS leads + pan_verifications
TBL_CLIENT_PERSONALDETAILS leads (EkycName) + personal_details
TBL_CLIENT_AADHAARDTAILS aadhaar_verifications
TBL_CLIENT_PROOFULOAD document_uploads
TBL_OCR_PAN_RESPONSE pan_verifications + api_audit_logs
TBL_AINXT_DIGILOCKER_REQ_DETAILS api_audit_logs
TBL_AINXT_DIGILOCKER_RESPONSE_DETAILS api_audit_logs
TBL_CLIENT_DIGILOCKER_AADHAARPAN_DETAILS aadhaar_verifications
TBL_DIGILOCKER_PAN_MATCH_LOG api_audit_logs

6. Reference Tables MUST Sync

All reference tables needed for Stage 4 and Stage 5 are already captured in the Sync Tables Master List.
Table Source Used In Sync Status
employee_pan_master MOSL_SDLC_EMPLOYEEDETAILS Stage 4 (Employee PAN check) Already in sync list
franchise_pan_whitelist Franchise ops (manual upload) Stage 4 (Franchise PAN whitelist) Already in sync list
client_master MOSL_FEED_CLIENT_DETAILS Stage 4 (PAN duplicate check) Already synced

7. Action Items (8 items)

# Priority Action
1 P1 Add Employee/Franchise CONTACT restriction check in PanVerificationService
2 P1 Wire AiNXT only (Google Services removed per Product team) for regional Aadhaar address text
3 P1 Add PAN cross-verification from DigiLocker XML vs Stage 4 PAN NOT NEEDED per Product team
4 P1 Replace simulated OCR with real AiNXT OCR provider call
5 P2 Add OCR PAN 'O'/'Q' character normalization NOT NEEDED per Product team
6 P2 Add PAN change tracking (previous PAN hash on PanVerification)
7 P2 Scheduled background job for UIDAI file deletion (no S3 — uses configured drive via document_path_info table)
8 P2 Consider adding Aadhaar XML signature verification