EKYC 3.0 — Gap Analysis: New Backend vs Old Code

Stage 10 (Income Proof) & Stage 11 (Final Validation) • Comparing D:\MO_Project\ekyc\backend vs D:\MO_Project\ekyc\existing_code
Scope: Stage 10 (Income Proof Upload) + Stage 11 (Final Validation — 7 Checks) New Backend: .NET 8 + PostgreSQL + In-Memory OTP Old Backend: .NET + SQL Server + SOAP

Table of Contents

  1. Executive Summary
  2. Stage 10 — Income Proof (Checks 1–12)
  3. Stage 11 — Final Validation (Checks 13–26)
  4. Missing / Partial — Priority Action Items
  5. Old Tables NOT to Reuse
  6. Reference Tables
  7. Action Items

1. Executive Summary

22
PRESENT
3
PARTIAL
1
MISSING
0
N/A
26
TOTAL CHECKS
Reading guide PRESENT = logic exists in new backend and matches BRD requirement. PARTIAL = logic exists but is incomplete or has caveats. MISSING = logic is absent in new backend — action required. N/A = not needed per Product team decision — no action required.

2. Stage 10 — Income Proof (Checks 1–12)

# Check / Requirement Status Evidence / Notes
1 Accepted document types (BANK_STATEMENT, SALARY_SLIP, ITR, FORM_16) PRESENT IncomeProofService validates against accepted document type enum (BANK_STATEMENT, SALARY_SLIP, ITR, FORM_16)
2 File validation (PDF/JPG/PNG, 5MB max, empty file check) PRESENT File extension whitelist, 5MB size limit, empty content check all implemented
3 Max 3 upload attempts PRESENT Attempt counter tracked; returns error on 4th attempt
4 Claude Vision OCR name extraction PRESENT Simulated — provider returns mock name. Real Claude Vision provider not yet wired but interface exists
5 Name match score logged (verifier context only) PRESENT NameMatchService calculates score; stored in verifier context, not shown to customer
6 stp_income_flag always NON_STP for manual review PRESENT Hardcoded "NON_STP" — income proof always requires manual verification
7 Password-protected PDF detection PRESENT FIXED: PDF password detection added. Scans first 4KB for /Encrypt marker. Returns user-friendly error: "Your file appears to be password-protected."
8 Salary slip multiple files (up to 3) PARTIAL Max 3 attempts tracked but multi-file upload in a single submission is not explicitly supported. Each attempt processes one file.
9 Document stored encrypted PRESENT EncryptionKeyId field set on document upload entity; encryption at rest confirmed
10 Downstream events (3 targets) PRESENT Events fired to CleverTap, Zoho, and Datalake
11 Stage does NOT change lead state PRESENT Lead state remains DETAILS_DONE after income proof upload
12 S3 key paths should use document_path_info PRESENT FIXED: DocumentPathInfo records now created for each income proof upload. S3 prefix removed — uses relative drive paths.

3. Stage 11 — Final Validation (Checks 13–26)

# Check / Requirement Status Evidence / Notes
13 Check 1: PAN validity re-check PRESENT RunCheck1PanRecheckAsync — re-validates PAN against NSDL/UTI
14 Check 2: PAN name re-verify (5+ days threshold) PRESENT RunCheck2PanNameReverifyAsync — configurable threshold, only runs if Check 1 passes
15 Check 3: Negative list re-check PRESENT Queries negative_list_entries for PAN, mobile, and email
16 Check 4: Dedupe re-check PRESENT Joins leads + pan_verifications for duplicate detection
17 Check 5: Data completeness PRESENT RunCheck5DataCompleteness — validates 11 mandatory fields are populated
18 Check 6: STP decision (8 flags) PRESENT StpDecisionService.Evaluate — aggregates 8 STP flags into final decision
19 Check 7: AOF pre-check PRESENT RunCheck7AofPrecheck — validates all data needed for AOF generation
20 Checks 3 + 4 parallel execution PRESENT Task.WhenAll runs negative-list and dedupe checks concurrently
21 Checks 1 → 2 sequential (2 only if 1 passes) PRESENT Check 2 is conditionally invoked only when Check 1 returns success
22 All 7 check results stored in FinalValidation entity PRESENT FinalValidation entity stores individual check outcomes and timestamps
23 stp_decision + stp_reason_codes on Lead PRESENT Lead entity updated with final STP decision and array of reason codes
24 Downstream events (4 targets) PRESENT Events fired to CleverTap, Zoho, CDP, and Datalake
25 AML/PEP mismatch check (C-safe PEP vs customer PEP=No) PRESENT FIXED: AML/PEP mismatch cross-check added in FinalValidationService. If csafe_check.PepFlagged=true AND personal_detail.PepDeclared=false → sets stpAmlFlag=NON_STP, appends "stp_aml_flag" to reason codes, overrides csafeFlag to NON_STP for compliance routing.
26 CS Journey on NSDL unavailable PRESENT Handled via Check 1 failure path — routes to CS Journey when NSDL is unavailable

4. Missing / Partial — Priority Action Items

Priority Check # Issue Required Action
P1 #25 AML/PEP mismatch cross-check missing In FinalValidationService: if csafe_check.PepFlagged == true AND personal_detail.PepDeclared == false → set stp_aml_flag = NON_STP + set compliance escalation flag.
P2 #7 Password-protected PDF not detected Add PDF password detection in IncomeProofService. Detect encrypted/password-protected PDFs and return a user-friendly error before processing.
P2 #8 Multi-file salary slip upload not supported Support multi-file upload for salary slips in a single submission (up to 3 files). Currently only one file per attempt.
P2 #12 DocumentPathInfo not created for income proof Create DocumentPathInfo records in IncomeProofService (same pattern as Signature stage) instead of using raw S3-style paths.

5. Old Tables NOT to Reuse

These old tables are replaced by new entities. Do NOT create equivalents — data maps to the new schema as shown.
Old Table Replaced By (New Entity)
TBL_NAMEMATCHING_STP_FLAG final_validations (all STP flags consolidated)
TBL_CLIENT_PROOFULOAD document_uploads
TBL_ONEMONEY_* tables one_money_consents
TBL_DOCUMENT_DETECTION document_uploads (OcrStatus, OcrExtractedName fields)

6. Reference Tables

No new reference tables needed for Stage 10 and Stage 11. All reference tables required by these stages are already captured and synced from previous stage analyses.

7. Action Items (4 items)

# Priority Action
1 P1 Add AML/PEP mismatch cross-check in FinalValidationService: compare C-safe PEP flag against customer PEP declaration. If csafe_check.PepFlagged == true AND personal_detail.PepDeclared == false → set stp_aml_flag = NON_STP + compliance escalation flag.
2 P2 Add PDF password detection in IncomeProofService to block encrypted/password-protected PDF uploads.
3 P2 Support multi-file salary slip upload (up to 3 files in a single submission) in IncomeProofService.
4 P2 Create DocumentPathInfo records in IncomeProofService instead of raw S3-style paths (align with Signature stage pattern).