Towards a sweet spot in digital financial services

Authors: Shekhar Lele and Abhirup Bhattacharya

The last few years have witnessed a massive push towards digitisation of financial services in India. One of the pillars of the digitisation journey has been the usage of Aadhaar. The key objectives behind the massive push for Aadhaar include reduction in on-boarding and servicing costs and time, boost to financial inclusion through last-mile connectivity, and reduction in leaks and frauds through a common identifier. The usage of Aadhaar has grown exponentially in the last two years. A number of Authentication User Agencies (AUAs) are now a part of the ecosystem to process Aadhaar transactions. An AUA is any legal entity registered in India that seeks to use Aadhaar authentication for its services and is the principal agency that sends authentication requests to enable its services/business functions.1

Development of a massive Aadhaar-based ecosystem

Development of a massive Aadhaar-based ecosystem

The pan-India usage of a single identifier for KYC activities has, however, brought data security and privacy-related concerns into focus. Coupled with global concerns on the misuse of data, the government has taken a few steps towards boosting data security. One of them is the introduction of a 16-digit virtual identifier (VID) system, which became active from 1 July 2018. The VID would be applicable for various processes such as on-boarding, Aadhaar-based financial and non-financial transactions at points of contact such as micro ATMs. The guidelines4 aim to address privacy and security concerns related to Aadhaar through two dimensions:

Towards a more secure Aadhaar ecosystem

In order to achieve the intended objectives of the VID roll-out, a few challenges need to be addressed by various stakeholders in the ecosystem:

VID-related challenges to be addressed

Rolling out VID across multiple applications, establishing encryption/decryption mechanisms, and managing tokens and connections with National Payments Corporation of India (NPCI)/Unique Identification Authority of India (UIDAI) and other implementation tasks without impacting any existing functionalities are key for VID success.

The challenge is considerably magnified since the firms have to implement it along with the roll-out of the Aadhaar data vault and the Aadhaar number masking requirements. Moreover, existing systems will need to be enhanced as authentication via VID will require invoking API 2.5 instead of the existing API 2.0. This will further involve redevelopment of the existing platforms for authentication activities in order to invoke the new API.

Some of the key guidelines impacting the Aadhaar VID journey thus far:

Source: UIDAI circular no. 1 and 5

As digital finance gathers increasing momentum in the country, safe and secure transactions carried out over common infrastructure are undoubtedly necessary to boost trust in digitisation processes. The UIDAI database, already the world’s largest biometric database, is uniquely positioned to bring about a digital transformation in the country. It is however critical to achieve a sweet spot—an optimum point that combines factors such as convenience, cost, security and ease of implementation for sustainable Aadhaar-based digitisation pan India. With the current urgent deadlines of 31 July and 31 August for local and global AUAs respectively, AUAs need to roll out VID for the most widely used Aadhaar-based applications on priority, followed by others. Going forward, it is imperative for all stakeholders such as UIDAI, RBI, banks, agencies and technology partners to continue to work together, conduct regular audits, perform cost-benefit analysis, and address risks and deficiencies in the framework to boost the creation of a trustworthy, safe and secure pan-India Aadhaar-based ecosystem.

Sources:

1Unique Identification Authority of India website: https://uidai.gov.in/ (last accessed on 30 June 2018)

2NPCI. (n.d.) Retail payment statistics on NPCI platforms.

3Ministry of Electronics and Technology. (16 May 2018). Circular no. 05 of 2018. Classification of global AUAs and local AUAs. Retrieved from (last accessed on 30 June 2018) https://uidai.gov.in/images/resource/Circular_No_05_of_2008_Classification_22052018.pdf (last accessed on 30 June 2018)

4Unique Identification Authority of India – Authentication Division. (10 January 2018). Circular no. 01 of 2018. Enhancing privacy of Aadhaar holders - Implementation of virtual ID, UID token and limited KYC. Retrieved from https://uidai.gov.in/images/resource/UIDAI_Circular_11012018.pdf (last accessed on 30 June 2018)

5Unique Identification Authority of India – Authentication Division. (16 May 2018). Circular no. 05 of 2018. Classification of global AUAs and local AUAs. Retrieved from https://uidai.gov.in/images/resource/Circular_No_05_of_2008_Classification_22052018.pdf (last accessed on 30 June 2018)

Follow us