Generated: 2026-04-01 | Old: BankRepository.cs, NRIBankRepository.cs, BankAPI.cs, FundTransferAPI.cs, LivePhotoAPI.cs + SPs | New: BankVerificationService.cs, LivenessService.cs, ExternalProviders/Bank/*, ExternalProviders/Liveness/*, ExternalProviders/Face/*
Stage 6 (Bank): Core flow (IFSC lookup with cache + DB + fallback, penny drop via Karza provider, reverse penny drop initiate/complete, name match with STP/NON_STP/DROPPED scoring, attempt limits, penny drop rate limit, bank data cleanup on retry, provider config resolution) is PRESENT in new code. Key gaps: YesBank IMPS penny drop, YPP SDK flow, NRI bank flow, bank proof OCR, closed account handling, multi-provider name match, IndusInd no-penny update, MICR-by-branch lookup.
Stage 7 (Liveness): Core flow (geolocation, vendor selection, liveness callback, face match, STP scoring, S3 selfie storage, Aadhaar photo deletion, max attempts + CS hold) is PRESENT. Key gaps: HyperVerge liveness provider, AiNXT short-link, IPV status check, branch IPV fallback, NRI bypass, live photo/geolocation config flags.
| # | Old Function / Logic | Old File | New Equivalent | Status | Gap Details |
|---|---|---|---|---|---|
| 1 | IFSC lookup via SP (USP_GETBANKLIST_BY_IFSC_SJET) returns BANKLISTDETAILS + BANKLISTFLAG | BankRepository.cs:54-141 | BankVerificationService.LookupIfscAsync → DB bank_ifsc_master + in-memory BankCodeMap fallback + Redis cache | PRESENT | New uses EF query on BankIfscMaster table instead of SP. Falls back to static map of 20 major banks. BANKLISTFLAG second table not replicated. |
| 2 | MICR code lookup by IFSC (USP_GET_MICR_BASED_ON_IFSC_SJET) | BankRepository.cs:313-458 | BankVerificationService.LookupIfscAsync returns MicrCode from BankIfscMaster or GenerateMicr() | PRESENT | MICR returned as part of IFSC lookup. Synthetic MICR generation from hash is placeholder; old SP returned real RBI MICR. |
| 3 | MICR lookup by bank name + branch (USP_GET_MICR_BASED_ON_BANKBRANCH_SJET) | BankRepository.cs:460-508 | N/A | MISSING | Old allowed branch-based MICR lookup when IFSC unknown. New only supports IFSC-based lookup. |
| 4 | Bank list dropdown (USP_GETBANKLIST_SJET) | BankRepository.cs:511-547 | N/A (IFSC-first UX) | N/A | Old returned full bank list for dropdown. New uses IFSC-first approach; bank list not needed. |
| 5 | Config-driven penny drop toggle: GetSettingValuePennydrop("PENNYDROP_API") returns YESBANK or KARZA | BankAPI.cs:137-141 | BankVerificationService.ResolveProviderFromConfigAsync reads provider_configurations table | PARTIAL | New resolves from provider_configurations by priority. But old toggle switched between YesBank IMPS vs Karza as distinct code paths; new only has Karza + Setu + YesBank providers without the if/else toggle pattern. |
| 6 | YesBank IMPS penny drop (SOAP XML, X509 cert auth, separate hosting) | BankAPI.cs:437-838 | YesBankImpsProvider.cs (stub) | PARTIAL | Provider file exists but SOAP XML, X509 cert, IBM headers, COMPLETED/SOCKETTIMEOUT parsing not implemented. |
| 7 | Karza penny drop API (REST, x-karza-key header, statusCode 101 parse, bankTxnStatus) | BankAPI.cs:939-1040 | KarzaBankProvider.VerifyBankAccountAsync | PRESENT | KarzaBankProvider exists with proper REST integration. Maps to IBankVerificationProvider interface. |
| 8 | Karza dedup check (USP_KARZA_DEDUP_CHECK_SJET) before re-calling Karza | BankAPI.cs:847-857 | BankVerificationService checks pennyDropAttemptsForAccount count | PARTIAL | Old did SP-level dedup by accno+ifsc to avoid re-calling Karza. New checks attempt count but not exact Karza-specific dedup. |
| 9 | Penny drop rate limit (USP_ALLOW_PENNYDROP_SJET + USP_ALLOW_KARZA_PENNYDROP_SJET) | BankAPI.cs:139,178 | BankVerificationService: pennyDropAttemptsForAccount >= 10 | PRESENT | New checks max 10 attempts per account hash. Old had separate SPs for YesBank vs Karza limits. |
| 10 | Bank name match: multi-provider (SP=1, AMAZONAWS=2, PYTHONLOGIC=3, AINXT=5) | BankAPI.cs:236-303 BankRepository.cs:1340-1397 | NameMatchService.CalculateScore (single algorithm) | PARTIAL | Old had 4 switchable name match providers. New uses single service. AiNXT %-based scoring, AMAZONAWS, PYTHONLOGIC not available. |
| 11 | STP flag insert with percentage (InsertUpdateSTPFlagPER) for AiNXT name match | BankRepository.cs:1385-1388 | BankVerificationService stores NameMatchScore + StpBankFlag on BankAccount entity | PARTIAL | New stores score+flag on entity. Old SP had separate percentage-based threshold logic in DB. The threshold evaluation is now in EvaluateNameMatchResult (code-side). |
| 12 | Bank name empty handling: delete bank data + return error (USP_DELETE_BANK_DATA_NAMENOTFOUND_SJET) | BankRepository.cs:1312-1333 | BankVerificationService: if bankResult.AccountHolderName is null/empty, returns error | PARTIAL | New returns error but does not delete the bank data record. Old called USP_DELETE_BANK_DATA_NAMENOTFOUND_SJET to clean up. |
| 13 | Delete bank data on name mismatch (USP_DELETE_BANK_DATA_NAMEMISMATCH_SJET) | USP_DELETE_BANK_DATA_NAMEMISMATCH_SJET | BankVerificationService.CleanupPreviousBankDataAsync resets StpBankFlag on old records | PARTIAL | New resets STP flag but does not delete. Old physically deleted bank data rows on name mismatch. |
| 14 | Closed/rejected bank account handling (KC07 status → USP_DELETE_CLOSED_BANK_DATA_SJET) | BankRepository.cs:1275-1293 | N/A | MISSING | Old detected Karza KC07 (closed account) and deleted bank data + returned specific error. New does not handle closed account status codes from provider. |
| 15 | Invalid account exists check (USP_INVALID_ACCOUNT_EXISTS_SJET) on YesBank penny drop failure | BankRepository.cs:1196-1257 | N/A | MISSING | Old checked if invalid account already exists and rolled back bank details. Not present in new code. |
| 16 | Reverse penny drop: HyperVerge token generation (auth API, workflowId, bank alliance flag) | BankRepository.cs:1664-1801 | InitiateReversePennyAsync + HypervergeRpdProvider | PARTIAL | New generates SDK token + caches session. Old called HyperVerge auth API, selected workflowId by app version, checked BankAlliance flag. Auth token flow not fully replicated. |
| 17 | Reverse penny drop: save bank details + alliance validation SP | BankRepository.cs:1805-1860 | CompleteReversePennyAsync → VerifyBankAccountAsync | PARTIAL | New reuses VerifyBankAccountAsync. Old had separate alliance validation SP. Alliance flag check missing. |
| 18 | YPP SDK: bank list fetch (GET_UPI_BANK_LIST) with RSA encryption | BankRepository.cs:845-1073 | N/A | MISSING | Entire YPP flow: RSA encrypted req/resp, partner key per app, bank list fetch + DB cache. Not in new code. |
| 19 | YPP SDK: bank account fetch (GET_BANK_ACCOUNT_LIST) | BankRepository.cs:600-843 | N/A | MISSING | YPP account details with encryption, decryption, USP_INSERT_YPP_ACCOUNTDETAILS. Not in new code. |
| 20 | YPP SDK log insert + response (USP_INSERT_YPPTOKEN_SDK_LOG, USP_INSERT_YPPTOKEN_RESPONSE_LOG_SJET) | BankRepository.cs:201-310 | N/A | MISSING | YPP token logging. Dependent on YPP flow (item 18/19). |
| 21 | GetBankDetails: penny flag + standalone penny drop + get details SP (USP_GET_BANK_DETAILS_SJET) | BankRepository.cs:1502-1662 | GetBankDetailsAsync returns BankAccount entity | PARTIAL | Old: call penny flag SP, trigger penny drop, IndusInd update, then get BANKDETAILS+BANKPROOFDETAILS+AnnualIncome. New returns single entity. |
| 22 | IndusInd no-penny-drop PAN name update (USP_UPDATE_BANKPENNYDETAILS_INDUSIND_SJET) | BankRepository.cs:1537-1548 | N/A | MISSING | Old updated bank penny details with PAN name for IndusInd when CALLNOPENNYAPI=1. Not in new code. |
| 23 | IMPS status check (GET_IMPS_STATUS) after bank insert to update PENNYDROPFAIL flag | BankRepository.cs:1436-1455 | N/A | MISSING | Old checked IMPS verification status post-insert and updated PENNYDROPFAIL flag on response. New does not have this check. |
| 24 | Delete bank proof (USP_DELETE_BANK_DETAILS_SJET) + cheque proof deletion on new account | BankRepository.cs:143-198 | N/A (no cheque proof concept) | MISSING | Old deleted bank proof and cheque image on re-submit. New has no bank proof upload/delete concept. |
| 25 | Bank proof OCR via AiNXT (USP_AINXT_BANKPROOFOCR_RESPONSE_SJET) | USP_AINXT_BANKPROOFOCR_RESPONSE_SJET | AinxtBankOcrProvider.cs + DigitapOcrProvider.cs (stubs exist) | PARTIAL | Provider files exist but service-level integration (cheque scan, OCR result save) not wired in BankVerificationService. |
| 26 | NRI bank flow: NRO/NRE insert/update/get with PIS, SWIFT, beneficiary | NRIBankRepository.cs:36-214 | N/A | MISSING | Entire NRI bank flow (NRO/NRE, PIS permission, RBI ref, SWIFT, beneficiary names, 6-table get, NRI MICR) not in new code. |
| 27 | Fund transfer (Razorpay + Epay) for reverse penny | FundTransferAPI.cs:237-332 | N/A | N/A | Post-account-opening fund transfer, not eKYC bank verification. Out of scope. |
| 28 | PANSITE bank name check (USP_CHECK_PANSITE_BANK_NAME_SJET) when already verified | BankAPI.cs:164-175,207-219 | N/A | MISSING | Old called this SP when penny drop was already done to re-check PAN name against bank name. Not in new code. |
| 29 | Reverse penny input logging (INSERT_REVERSEPENNY_INPUT_LOGS_SJET) | INSERT_REVERSEPENNY_INPUT_LOGS_SJET | BankVerificationService logs to journey tracker + stage events | PARTIAL | New logs via RecordStageEventAsync. Old had dedicated SP for rev penny input log. Audit trail covered differently. |
| # | Old Function / Logic | Old File | New Equivalent | Status | Gap Details |
|---|---|---|---|---|---|
| 1 | AiNXT liveness token request API (faceLivelinessRequestId, refId, sourceCode) | LivePhotoAPI.cs:1395-1459 | LivenessService.InitiateLivenessAsync + AinxtLivenessProvider.RequestTokenAsync | PRESENT | AinxtLivenessProvider exists. Service generates session ID and selects vendor. Token request flow mapped. |
| 2 | AiNXT short link liveness request (AINXTRequestAPI_ShortLink) | LivePhotoAPI.cs:1461-1523 | N/A | MISSING | Old had a short-link variant for desktop/web flows. Not replicated; new assumes mobile SDK-based flow only. |
| 3 | AiNXT get image API (unique_id → image content, lat/lng/city/state/country) | LivePhotoAPI.cs:1525-1632 | AinxtLivenessProvider.GetLiveImageAsync + LivenessService callback | PARTIAL | New has GetLiveImageAsync interface. But old code also did OpenCage reverse geocoding inline when city/state/country missing from AiNXT response + inserted opencage log SP. New handles geocoding separately in ResolveGeolocationAsync. |
| 4 | OpenCage reverse geocoding (when AiNXT returns lat/lng but no city/state) | LivePhotoAPI.cs:1559-1600 | LivenessService.ResolveGeolocationAsync + OpenCageProvider (in ExternalProviders/Geocoding/) | PRESENT | OpenCageProvider exists. New also has AinxtGeocodingProvider. Coordinate-based city fallback also present. |
| 5 | AiNXT live photo response save (USP_AINXT_LIVEPHOTO_RESPONSE_DETAILS_SJET) with image, coords, status | USP_AINXT_LIVEPHOTO_RESPONSE_DETAILS_SJET | LivenessService saves to LivenessVerification entity (GeolocationCity/Country/Lat/Lng, SelfieS3Key) | PARTIAL | New stores in EF entity. Old SP stored image content, ip_address, transactionIdHV. Image stored in S3 in new (not DB). IP address not tracked. |
| 6 | HyperVerge liveness token generation (appId, appKey, expiry=600) | LivePhotoAPI.cs:1698-1773 | LivenessService selects HYPERVERGE vendor; actual token via ILivenessProvider | PARTIAL | Vendor selection present (DetermineLivenessVendor). But no dedicated HypervergeLivenessProvider in ExternalProviders/Liveness/ (only AinxtLivenessProvider). HyperVerge token generation API call missing. |
| 7 | HyperVerge liveness log SP (USP_EKYC_HV_LIVEPHOTO_LOG_SJET) | USP_EKYC_HV_LIVEPHOTO_LOG_SJET | ApiAuditLogger (generic audit) + RecordStageEventAsync | PARTIAL | New uses generic audit logging. Old had HV-specific log SP. Fields like TOKEN stored in old; new logs via events. |
| 8 | HyperVerge live photo response insert (TOKEN, TranId, FileData, Score, Live, ToBeReviewed, AttemptsCount) | LivePhotoAPI.cs:1775-1803 | LivenessService.ProcessLivenessCallbackAsync stores on LivenessVerification entity | PARTIAL | New stores LivenessPassed, FaceMatchScore, LivenessAttempts, SelfieS3Key. Old stored Score, Live flag, ToBeReviewed flag, raw FileData. ToBeReviewed not tracked in new. |
| 9 | Geolocation boundary check (India lat/lng validation) | LivePhotoAPI.cs:1559-1600 USP_GET_GEOLOCATION_FLAG_SJET | LivenessService.ResolveGeolocationAsync: lat 6-37, lng 68-98 check | PRESENT | Coordinate-based India check present. Old also had USP_GET_GEOLOCATION_FLAG_SJET for DB-driven flag; new uses hardcoded bounds + geocoding provider. |
| 10 | Location exception whitelist (PAN-based bypass for users outside India) | TBL_LIVE_PHOTO_LOCATION_EXCEPTION | LivenessService.InitiateLivenessAsync: LocationExceptionWhitelist table check | PRESENT | New checks LocationExceptionWhitelist by PanHash. Matches old TBL_LIVE_PHOTO_LOCATION_EXCEPTION concept. |
| 11 | City whitelist validation (TBL_LIVEPHOTO_LOCATION_DETAILS_CITYLIST) | Implicit in geolocation flow | LivenessService: CityMaster check in ResolveGeolocationAsync | PRESENT | New checks city_master table. Non-blocking (logs warning). Old used city list for validation. |
| 12 | Face match via AiNXT Face API (USP_INSERT_AINXT_FACEAPI_REQUEST_SJET, USP_INSERT_AINXT_FACEAPI_RESPONSE_SJET) | USP_INSERT_AINXT_FACEAPI_REQUEST_SJET + USP_INSERT_AINXT_FACEAPI_RESPONSE_SJET | AinxtFaceMatchProvider.MatchFacesAsync + IFaceMatchProvider interface | PRESENT | AinxtFaceMatchProvider + HypervergeFaceMatchProvider + DigioFaceMatchProvider all exist. Request/response logging via ApiAuditLogger. |
| 13 | Face match STP/NON_STP threshold scoring | Implicit in SPs and service logic | LivenessService.PerformFaceMatchAsync: score >= _faceMatchStpMin (70) = STP, >= 1 = NON_STP, 0 on attempt 2 = DROPPED | PRESENT | Config-driven threshold (Journey:FaceMatchStpMinScore=70). Three-tier scoring: STP, NON_STP, DROPPED. |
| 14 | Face match service selection SP (USP_GET_FACE_MATCH_SERVICE_SJET) | USP_GET_FACE_MATCH_SERVICE_SJET | ProviderChainExecutor resolves provider by priority from provider_configurations | PARTIAL | New uses provider_configurations + circuit breaker. Old SP returned specific face match service per user. Config-per-user granularity missing. |
| 15 | IPV status check (USP_CHECK_IPV_STATUS_SJET) | USP_CHECK_IPV_STATUS_SJET | N/A | MISSING | In-Person Verification status check not present. Old checked if IPV was already completed to skip liveness. |
| 16 | Live photo flag from config (USP_GET_LIVEPHOTO_FLAG_SJET) | USP_GET_LIVEPHOTO_FLAG_SJET | N/A (liveness always required) | MISSING | Old had config flag to enable/disable live photo requirement per user/segment. New always requires liveness. |
| 17 | Other option (branch IPV) flag (USP_GET_OTHEROPTION_LIVEPHOTO_FLAG_SJET) | LivePhotoAPI.cs:1676-1696 | N/A | MISSING | Old showed "other option" (visit branch for IPV) when live photo failed. ISSHOWOTHERPHOTOUPLOADOPTION flag. Not in new code. |
| 18 | NRI liveness bypass | Implicit in journey flow | N/A | MISSING | Old NRI flow could bypass liveness for certain NRI categories. New has no NRI-specific bypass. |
| 19 | Selfie photo storage (image_content in DB via SP) | USP_AINXT_LIVEPHOTO_RESPONSE_DETAILS_SJET | LivenessService.StoreSelfieToS3 (S3 storage) | PRESENT | New stores in S3 (better). Old stored base64 image_content in DB. |
| 20 | Aadhaar photo deletion post face match | Implicit in service logic | LivenessService: DeleteAadhaarPhotoFromS3 + sets AadhaarPhotoDeletedAt | PRESENT | New properly deletes from S3 and timestamps. Good privacy compliance. |
| 21 | Multiple liveness attempt handling (AttemptsCount tracked per user) | LivePhotoAPI.cs:1775 (AttemptsCount param) | LivenessService: LivenessAttempts + FaceMatchAttempts tracked, max limits enforced, CS hold on exhaustion | PRESENT | New tracks separately: liveness attempts (max 3) and face match attempts (max 2). Better than old single counter. |
| 22 | Geolocation flag SP (USP_GET_GEOLOCATION_FLAG_SJET) for per-user geo requirement | USP_GET_GEOLOCATION_FLAG_SJET | N/A (geolocation always checked) | MISSING | Old had per-user flag to skip geolocation check. New always validates geolocation. |
| 23 | AiNXT liveness request logging SP (USP_INSERT_AINXT_LIVEPHOTO_REQUEST) | LivePhotoAPI.cs:1446 | ApiAuditLogger + RecordStageEventAsync | PARTIAL | New uses generic audit. Old had specific SP with faceLivelinessRequestId, refId, sourceCode fields. |
| 24 | OpenCage geocoding log (USP_INSERT_OPENCAGE_LOG_SJET) | LivePhotoAPI.cs:1596 | ApiAuditLogger logs geocoding calls | PARTIAL | New uses generic audit logging. Old had dedicated SP for OpenCage lat/lng/city/state/country/district. |
PRESENT: 4 | PARTIAL: 10 | MISSING: 10 | N/A: 2 (of 29 items). Net coverage: ~48%
PRESENT: 8 | PARTIAL: 7 | MISSING: 6 | N/A: 0 (of 24 items). Net coverage: ~63%
| # | Stage | Gap | Priority | Status |
|---|---|---|---|---|
| 1 | S6 | NRI bank flow (SWIFT-based, no penny drop) | HIGH | FIXED — HandleNriBankVerificationAsync validates SWIFT code, stores with NRI_MANUAL method |
| 2 | S6 | N/A | EXCLUDED per product decision | |
| 3 | S6 | YPP SDK bank list/account flow | MEDIUM | OPEN — UPI-based path can be added later. Penny drop + RPD cover primary flows. |
| 4 | S6 | Closed/rejected bank account handling (KC07) | HIGH | FIXED — Detects CLOSED/FROZEN accounts, deletes bank data, returns BANK_ACCOUNT_CLOSED |
| 5 | S6 | Bank proof OCR (cheque scan) | MEDIUM | OPEN — Provider exists but not wired. Low priority since penny drop is primary path. |
| 6 | S6 | Multi-provider name match | MEDIUM | OPEN — Single Levenshtein algo. Can wire AiNXT name match API later via middleware vendor switch. |
| 7 | S6 | Bank Alliance flag | LOW | OPEN — Alliance vertical out of scope |
| 8 | S7 | HyperVerge liveness provider | HIGH | OPEN — Provider stub exists. Will be wired via middleware vendor switch config. |
| 9 | S7 | IPV status check | MEDIUM | FIXED — Checks existing LivenessVerification PASS record, skips re-initiation |
| 10 | S7 | Branch IPV fallback | MEDIUM | FIXED — CS hold with CS_LIVENESS_EXHAUSTED + BRANCH_IPV_FALLBACK on max attempts |
| 11 | S7 | NRI liveness bypass | HIGH | FIXED — NRI routed to NRI_BRANCH_IPV, state set to LIVENESS_DONE |
| 12 | S7 | Geolocation config flag | LOW | FIXED — ENABLE_GEOLOCATION_CHECK toggle via application_config |
| 13 | S7 | HyperVerge ToBeReviewed flag | LOW | OPEN — Will be addressed when HyperVerge provider is implemented |
| + | S6 | Bank data cleanup on name mismatch | MEDIUM | FIXED — Deletes bank records on DROPPED due to name mismatch |
| + | S6 | Account number format validation | MEDIUM | FIXED — Validates 9-18 numeric digits before penny drop |
| + | S7 | MOSL employee liveness bypass | MEDIUM | FIXED — Employee PAN detected, routes to EMPLOYEE_LIVENESS_BYPASS |