Monday, September 19, 2022

Imprisonment upto 3 years and fines up to 10 lakhs rupees for storing Aadhaar numbers in clear text

 


 

Now a days the most used identity / address proof document by enterprises is the Aadhaar identity proof of the customer. Banks, NBFC, Stoke Brokers, Insurance Companies, Nidhi Companies etc prefer to use Aadhaar as identity proof as almost every Indian has an Aadhaar card and customers are willing to share their Aadhaar numbers when they want to avail any service of the enterprise. Using Aadhaar as KYC document has many advantage such as easy digital access of the data, fast customer on boarding, lower cost for KYC process.

The important thing to note here is that, Companies / Enterprises should be extremely careful when dealing with aadhaar data.  Mistakes in dealing with Aadhaar data can cause imprisonment upto 3 years and fines up-to 10 lakhs Rupees. (Ref: https://www.uidai.gov.in/en/289-faqs/your-aadhaar/protection-of-individual-information-in-uidai-system/1944-what-are-the-possible-criminal-penalties-envisaged-against-the-fraud-or-unauthorized-access-to-data.html)

In accordance with the UIDAI circular 11020/205/2017, any organisation that stores Aadhaar number in their database should implement Aadhaar Data Vault and replace the Aadhaar numbers using the reference tokens created by the Aadhaar Data Vault. The Aadhaar number and the aadhaar data will have to be stored in the encrypted format and the access to the Aadhaar Data Vault will have to be strictly controlled. The encryption keys should be stored in a Hardware Security Module.   This is the crux of the reference id circular published by UIDAI, for more details please follow the link given above.

Questions you need to ask yourself are below.

  • Are you storing aadhaar number of your customer?
  • Are you using Aadhaar number to identify a customer?
  • Are you storing aadhaar number along with other customer data?
  • Are you using any kind on encryption to store aadhaar number?
  • Are you using HSM device for storing the encryption keys?
  • Do you have Adhaar data revoke feature if customer request for it?

If the answers to any of the above question is Yes, you need to implement Aadhaar Data Vault solution and integrate it to your other systems like CRM, CBS etc. Then only you will reach the right side of govt regulation.

In conclusion, there must be a discussion among the stakeholders to finalize on the approach to be taken. 
If you have any questions or doubts, please reach out to us and we will be able to help you out.
We, Finahub, are experts in Aadhaar related products and services like Vault, eKYC, Authentication, etc. If you want to know how your enterprise can start using it, please give us a call  @ 0484 2388285 or email us at [email protected]






Monday, August 29, 2022

Aadhaar Face Authentication for Mobile Based Customer Onboarding


 Aadhaar eKYC  using OTP authentication and fingerprint authentication has revolutionized KYC process for Banks, Insurance companies and other such regulated entities. Aadhaar eKYC process reduces the KYC data collection time to a matter of seconds. Apart from making the the process faster the entire data is collected digitally, thus doing away with paper work required for the traditional KYC process.

It also enabled these organisations to onboard customers using their mobile apps. Using OTP based based authentication customers do a minimum KYC and open a bank account. Such accounts has an account balance limit of Rs 1 lakh and validity period of one year. Customers are required to do a full KYC by visiting the branch and upgrading to a full KYC account.

Face authentication based KYC removes this limitation. Customer will be able to open fully KYC account using the banks mobile app without visiting the branch. Face authentication based KYC process matches live photo of the user with the photo available at UIDAI. This enables AUA/ KUA's to use biometric authentication (face auth) with out the need of any additional hardware other than a mobile phone. As of now this feature works only on Andriod OS mobile phones only.

Following are the salient features of Face Authentication.

  • Now EKYC can be done using Face Authentication alone.
  • Live photo capture of the resident is done using UIDAI Face Auth mobile app
  • Can be combined with other modalities like OTP or Fingerprint biometric for more success rate.
  • Works with offline EKYC XML also
  • Avoids the need of fingerprint / IRIS capture hardware.
  • Aadhaar FaceRd (headless android) apps are released by UIDAI to enable AUA applications to
    use face authentication using android intents

 Existing AUA's / KUA's need to take approval from UIDAI to enable Face Auth on their environment.

Using face authentication based KYC, banks and other regulated entities would be able take full advantage of their mobile app to on board customers in fully digital customer onboarding process that does not require the customer to visit the branch.

We, Finahub, are experts in Aadhaar related products and services like eSign, eKYC, Authentication, etc. If you want to know how your enterprise can start using it, please give us a call @ 0484 2388285 or email us at [email protected]

Wednesday, July 27, 2022

NBFCs can be come SUB KUA's to get Aadhaar eKYC Service


Cost effective Aadhaar eKYC Solution for NBFCs

Aadhaar eKYC  service is a cost effective, fast and convenient way to collect the KYC details of the customer.  NBFCs were not able to use this service due to the changes in the Aadhaar regulation but that has changed in recently. Last year there was a news from RBI that allows NBFCs to use Aadhaar EKYC service. A new circular with number RBI/2021-22/98 DOR.AML.REC 48/14.01.001/2021-22 was issued on 13th September 2021 inviting application for Aadhaar EKYC license.  With this notification RBI allows NBFCs to register as KUAs (KYC user Agency) or Sub KUAs to avail Aadhaar eKYC service.

Existing KUA's have started offering Sub-KUA services to NBFC approved by RBI for Aadhaar EKYC license. If your NBFC is interested in becoming a Sub-KUA, please contact us, we will guide you through the process.
 
Using Aadhaar eKYC by registering as Sub-KUA is very cost effective process as most of the technology requirements for using Aadhaar eKYC is taken care off by the KUA. Sub-KUAs are not required to provide bank guarantees or use capital intensive technologies such as HSMs that are needed for a full KUA service implementation. So Sub-KUA registration is ideal for small and medium NBFCs that want to reduce their capex but are looking to grow their business.

KUA's have developed the Webservice for authorized entities (referred to as Sub-KUA) to avail the e-KYC services from KUA hosted portal. As per UIDAI guidelines, Aadhaar will be entered on the portal of KUA by respective Sub-AUA. Sub-KUA will re-direct the user to KUA portal for entering the Aadhaar and do OTP / Biometric  based e-KYC transactions.  By obtaining the consent from Aadhaar holder OTP / Biometric based e-KYC will be done. 


We, Finahub, are experts in Aadhaar related products and services like eSign, eKYC, Authentication, etc. If you want to know how your enterprise can start using it, please give us a call @ 0484 2388285 or email us at [email protected]