e-KYC using Aadhaar for Digital Identity Authentication: How Does It Work?
Not very long ago, getting a KYC was considered a headache by most. It meant locating a KYC center in your area and then scheduling a day for a visit for the KYC procedure which was often during the workweek.
Not very long ago, getting a KYC was considered a headache by most. It meant locating a KYC centre in your area and then scheduling a day for a visit for the KYC procedure which was often during the workweek. As agencies began to realize that customers find the conventional procedure frustrating, KYC executives began coming to customer locations to do the needful which gathered mixed public responses. While some were happy that their time and money were saved, others grew sceptical of the authenticity of the visiting KYC executives. Cut to now, KYC is now on your fingertips, quite literally. It’s now the era of e-KYC and India is no exception to this milestone and that is why Digi locker has been extremely efficient in making this digital identity authentication a reality.
In comparison to conventional offline KYC, e-KYC is a significant diversion as:
It is completely digital and paperless.
Generally, it requires only the name, PAN, and Aadhaar (UIDAI) number and no other additional details.
Requires no physical presence of the customer or the KYC executive.
Does not require additional details.
It can be aided by a self-shot video of the customer.
Much faster, easier, and far more economical.
Voluntary e-KYC is now allowed for banks, insurance companies, and financial institutions in India as a part of the new AML guidelines. Aadhaar offline KYC, on the other hand, is essentially available to all which can be used to assist new e-KYC provisions such as V-CIP or video KYC.
People do not need to provide a photocopy of their Aadhaar letter.
Alternatively, they can download the KYC XML and provide it to the service providers who want to have their KYC.
All the KYC details are in machine legible XML and are digitally signed by the UIDAI authority.
This allows for the service providers to validate the authenticity and detect any alterations made later on.
However, it must be ensured that the XML file or QR code generation date is not older than three days from the date of carrying out the V-CIP.
A full KYC generally requires two main documents: identity proof and address proof. The identity proof can be any of these OVDs (Officially Valid Documents) for a citizen of India:
Aadhaar Card or Aadhaar Letter
Other ID cards (accepted by the bank)
The address proof, on the other hand, can be one of these documents:
Utility bills: Electricity/LPG bill
Employer letter (accepted by the bank)
UIDAI in e-KYC
UIDAI (Aadhar) use for user authentication in e-KYC is critical to financial institutions willing to foray into the digital realm.
To fulfil e-KYC measures, financial institutions need to ensure proper digital identity verification of the customers using decentralized encryption, especially in a B2B scenario. When it comes to regulatory compliance especially in finance, APIs come as a growing necessity since they are:
Provide a faster and more efficient customer onboarding experience
Integrate with other applications easily
Reduce errors, simplify record keeping and improve efficiency
Help to enter new markets more easily
Speeds up customer onboarding, decreasing churn.
Use of Aadhaar for Authentication in eKYC Application
Although e-KYC is indeed a technological revolution in itself, the presence of a universal identifier has further bolstered its efficiency and speed. India has already been riding high on the introduction and implementation of Aadhaar (UIDAI) for all citizens.
Since Aadhaar includes personal identifiers and addresses proof of a citizen, a KYC agency’s work is massively reduced by obtaining a customer’s Aadhaar number.
The customer provides the Aadhaar number to the agency.
The agency captures the customer’s biometrics and shares it with UIDAI through secure servers that make use of decentralized encryption.
The data is then matched with that in the database for that Aadhaar number. If the two matches, the customer’s identity is considered safe.
Following successful verification, the UIDAI shares the rest of the credentials like photographs, addresses, and DOB with the agency, removing the need for multiple documents using end to end encryption.
Meanwhile, the agency is allowed (by UIDAI) to store one soft copy of all the details in their remote server for the purpose of accessing if and when needed in the future.
Aadhar e-Sign vs Standard USB-based DSC Token
Aadhaar-based eSign allows users to sign documents instantly without procuring a DSC, which can be done using a privacy app, such as Cove Identity. This comes as a more convenient alternative to the complex DSC method as anyone with a valid Aadhaar card and a registered mobile number can eSign documents from anywhere, anytime. The Government of India has actively initiated this technology for Indian citizens. It is deemed just as legally valid as any conventional, physical signature or a DSC.
A Digital Signature Certificate (DSC) is issued to businesses or individuals for digital signing.
It utilizes public key encryptions to create signatures. These keys are issued by Government-authorized Certifying Agencies (CA’s) to authenticate the certificate holders’ identity. These signatures are done using a digital signature certificate (DSC) issued to the signer by the CAS.
It comprises two unique keys – a private key and a public key.
Signers have to use a DSC stored on a USB e-token to sign. The USB e-token containing DSC has to be inserted into the signer’s computer. The signer signs the documents using a DSC password.
While a digital signature is ideal for international sign exchange, bulk signing, and/or periodic signing of documents. These would include Business agreements and invoices, tax forms, HR letters, POs, etc.
The Aadhaar-based eSign allows an Aadhaar-holder to securely digitally sign a document.
Individual users of an Application Service Provider (ASP) can sign documents digitally. For that, they are required to authenticate themselves using an OTP sent by UIDAI.
It can save a lot of unnecessary costs and time wasted in physically signing a document.
It requires only two things from the signer: an Aadhaar number and an Aadhaar-registered mobile number.
When signing through eSign, a signer opens the documents, enters the Aadhaar number, receives an OTP on the registered mobile number, and then submits it. With this process, the signature gets done.
An eSign service is more befitting for use cases where instant signing is needed for one-time use such as Application forms for account opening, signing for job acceptance letters, and one-time contracts and agreements, etc.
Safety Concerns with Aadhaar Verification
While the UIDAI-based e-KYC process offers endless prospects for businesses and individual users/customers, it may not be completely safe and fool-proof altogether.
The Aadhaar database has your personal information like name address, gender, DOB, fingerprints, iris scans, a headshot, and email ID. All these are extremely private information that can be misused for purposes like forgery and financial fraud, because of which apps like Digi locker are recommended.
However, UIDAI uses a 16-digit virtual ID to mask the actual ID while sharing user information with third parties.
Despite the basic safety measures, the fear of breach and possible misuse and fraud cannot be overlooked for Aadhar-based verification.
KYC, anyway, has come a long way. From paperwork and biometrics to complete digitization, customer onboarding is no more what it used to be. However, agencies, users/customers, and the government must not forget the underlying purpose and the safety of people at large.
Stay digitally secured with Cove Identity, a privacy app, to stay away from unauthorized identity fraud and theft. With Cove’s decentralised end to end encryption, sign documents digitally using Aadhaar based e-sign and stay clear of any fraudulent activities pertaining to your digital identity.