The Supreme Court verdict upholding the constitutional validity of Aadhaar and the various services that can be availed under the Aadhaar ecosystem has created a lot of confusion in the Banking and Fintech spaces especially in the areas of customer acquisition and providing financial services. As more clarity comes, it appears all is not that bad.
In the post SC judgment era, on-boarding applications cannot mandate the customer to provide Aadhaar. The applications need to offer both Aadhaar and non-Aadhaar options leaving it to the customer to voluntarily choose the suitable one. Furthermore, under the Aadhaar option, the application can offer online eKYC and various offline KYC options.
This note explores the various Aadhaar and non-Aadhaar options.
Aadhaar based KYC
Aadhaar KYC is possible in both online and offline modes.
Online Aadhaar based eKYC
Aadhaar can still be used for eKYC purposes (in both biometric and OTP modes) provided banks have explicit consent from the customer to fetch their Aadhaar data online for those customers who choose to do Aadhaar based authentication for opening bank accounts or receive welfare subsidies funded from Consolidated Fund of India directly to bank account.
Banks can continue to use Aadhaar for below mentioned activities provided the necessary consent is taken from the customer.
- Benefits or subsidies (DBTs)
- Aadhaar based micro ATMs
- Aadhaar enabled payment systems
- BHIM Aadhaar Pay
Offline Aadhaar based KYC
UIDAI has provisioned for offline verification of user’s Aadhaar data in 4 different ways:
- Offline KYC using digitally signed XML file
- Secure QR Code
Offline paperless eKYC using signed XML
UIDAI has made a provision for Aadhaar Holders to generate a signed XML file from their portal. Customer can generate an XML by providing their details on the portal. Customer can also save the XML for reuse later. This XML is secure and using UIDAI provided SDK/API, it can be validated. As per RBI norms, on successful validation, the Customer can be considered KYC-ed.
The application process is as follows:
- User needs to visit UIDAI portal and generate the XML file – https://resident.uidai.gov.in/offlineaadhaar
- Enter ‘Aadhaar Number’ or ‘VID’ and mentioned ‘Security Code’ in screen, then click on ‘Send OTP’.
- The OTP will be sent to the registered Mobile number for the given Aadhaar number or VID. Enter the OTP received and click on ‘Submit’ button
- User can select which set of details such as photo, DOB, email, mobile number, gender etc. he/she wishes to store in the XML file
- A share code needs to be set which will act as a passcode for the zipped file containing the XML file.
- Click download to get the Zipped file
Verification Process via Banking App
- In the onboarding app, user selects paperless eKYC option. On selection, a web link is sent as an SMS to the customer’s mobile phone or email id. Customer opens the link and uploads the signed XML file available from the UIDAI site along with the Passcode.
- Next, Customer (Aadhaar holder) will be prompted to input mobile number and email ID.
- Once all the above is provided, the hash (a technical term for secure signature) of the XML file is validated against the other inputs using UIDAI provided SDK/API.
- On successful match, details from the file are fetched and displayed on the onboarding app.
e-Aadhaar is a password protected electronic copy (PDF file) of Aadhaar, which is digitally signed by the competent Authority of UIDAI.
The application process is as follows:-
- User needs to visit e-Aadhaar portal – https://eaadhaar.uidai.gov.in/
- Generate and download e-Aadhaar card by filling details as shown below
- There is also option to download this in the form of a masked Aadhaar feature where the first 8 digits are masked.
Verification process via Banking app
- Users can use physical copy of the e-Aadhaar or Masked Aadhaar containing updated secure QR code to share KYC detail with bank.
- e-Aadhaar is the primary document containing updated secure QR code (which is different than the existing QR code available on physical Aadhaar cards. The updated QR code also provides photographic data in addition to demographic details whereas older QR codes only contained demographic data)
- Banking app will need to read this secure QR code and validate the user details. This process is explained below.
Secure QR Code
QR Code currently present on Aadhaar print-letter and e-Aadhaar contains only the demographic information of the Aadhaar holder.
UIDAI is replacing the existing one with a new Secure QR Code which will now contain demographics as well as photograph of the Aadhaar holder. Information in QR Code will be made secure and tamper-proof by signing it with UIDAI digital signature.
How it works –
- Banks will need a STQC certified physical scanner. Tested devices include –
Syga Barcode Scanner (S005)
TVS BS-I201N barcode scanner
- App will invoke QR code scanner that can be paired via Bluetooth (commercial app-to-utility SDKs available on Google Play Store and App Store) to read the data
- Currently, only a Windows based custom client developed by UIDAI for validation of UIDAI digital signatures is available. Hence, data fetched from QR code scanner above will be pushed to a windows server wherein the details can be stored and verified via UIDAI provided SDK.
- Once data is verified, same will be displayed in application.
Using mAadhaar application, users can generate their mAadhaar digital form to fulfil KYC.
- User can download mAadhaar android application from Google Play Store (mAadhaar app is not available in iOS).
- Application will ask for password as soon as it is opened as the first step.
- Aadhaar profile can be downloaded only on mobile devices having registered mobile number (Registered mobile number is the mobile number linked with user’s Aadhaar)
- mAadhaar will automatically read the OTP once it is received.
- There is no provision to manually enter the OTP anywhere in mAadhaar. This is a security feature
- User can then either enter Aadhaar number or scan the QR code on Aadhaar card to fetch details from UIDAI.
- Once details are fetched, this is displayed to user in the mAadhaar app as a virtual card.
- mAadhaar app allows option to share QR code or share e-KYC details as shown below.
Agent banking application can directly scan mAadhaar data from QR code available on the page via in-app QR code reader or obtain the KYC details as shared by user from the mAadhaar app.
However, it is important to note that the data obtained from QR code from mAadhaar does not contain customer photograph which is only available via new secure QR code as explained above.
The above mode can be used in an assisted model via an agent banking application.
Non-Aadhaar based KYC
As per RBI, below are six officially valid documents for KYC. The documents can be validated either online or offline provided necessary API(s) are available.
- Driving license
- Voter ID card
- PAN card
Banks and Financial institutes should accept other forms of KYC from customers. Let’s explore how to utilize other options
Banks can provide option for customers to capture photographs of passport. Decimal’s proprietary OCR engine can read data from Passport and automatically populate all the details. There should also be an option to capture customer’s photograph in the application.
Voter ID Card
Voter ID is one of the accepted KYC proofs. Voter ID can be validated both online and offline. Decimal technologies has ready API integrations using which you can validate Voter ID instantly. In case of offline method, customer needs to upload a photograph of voter ID card and all the details can be populated using OCR. Even in this case, a customer’s photograph needs to be captured
Similar to Voter ID, PAN can be validated instantly using our API or a photo of PAN Card can be uploaded.
Currently, NREGA can be validated offline only. There are no APIs available in the market. Customer needs to upload a photograph of NREGA card and all details can be extracted using OCR. As with other cases, a customer’s photograph needs to be captured.
User is asked to enter basic details such as Mobile and PAN (validated in real time)
When user moves to the next screen, user can either do Aadhaar KYC or select Other KYC mode. If Other KYC is selected, app allows to capture customer image, OVD doc, and related personal details
If user selects Aadhaar based KYC, user is provided the option to perform online or offline verification. If Online is selected, app asks for specific consent of customer to perform biometric validation of customer details
If user selects offline verification, then user has the above mentioned options via which to perform offline verification of Aadhaar data.
Using Decimal’s in-house integrated technology platform Vahana, we can roll out the above changes quickly using our Rapid Application Development Platform. Our integrated API manager Platware also allows us to readily integrate with APIs and third party ecosystem thus ensuring minimal friction during application development and deployment.
The latest communique from UIDAI allows for continuation of Aadhaar services for eKYC and customer verification for selective services while also allowing for offline measures to be implemented that follows the law in order and in spirit.
The above examples show how this change can be implemented with minimal disruption and quickly thus ensuring superior user experience and also regulatory compliance.
Please feel free to reach us at firstname.lastname@example.org for more details.