Virtual ID deadline extended again as UIDAI and Indian banks work to improve authentication systems
The Unique Identification Authority of India (UIDAI) has begun carrying out a directive from the Supreme Court, delivered as part of its verdict on the Aadhaar system’s legality, to delete authentications more than six months old from the log, according to UIDAI CEO Ajay Bhushan Pandey, the Business Standard reports.
The agency has begun implementing the changes mandated by the ruling, which has created stronger safeguards and will increase public confidence in the system, Pandey says.
“The apex court has also asked us that no illegal immigrant should be given Aadhaar, so we have started reviewing our own process on how we can make the scrutiny of the document more rigorous…We are taking a number of steps to implement the order to enhance safeguards.”
“This would certainly take us miles ahead in our digital journey with augmented safety,” he adds. “India’s digital journey will get a boost by this landmark judgement because it is now supported by stronger data protection safeguards.”
The steps taken by UIDAI also include working towards new authentication measures for telecoms and financial institutions which had previously used Aadhaar biometric authentication to meet KYC requirements and onboard customers.
The UIDAI has issued a circular extending the deadline to implement virtual ID, UID tokens and limited e-KYC by three months, to the end of January, Mint reports. The virtual ID program is supposed to help authentication user agencies (AUAs) like banks meet their authentication requirements, AUAs were given a month to implement the system in July, but the deadline was eventually pushed back to October 31 to give businesses more time to comply.
Mint reports that some AUAs are still requesting more time to migrate to APIs v2.5, but that fees for late adoption and orders for some AUAs to delete Aadhaar numbers by December 31 which were set out in previous circulars from UIDAI are not referred to in the latest one. Local AUAs are no longer allowed to use Aadhaar numbers, while global AUAs, which include all banks, can still use the system without biometrics for e-KYC verification.
The circular directs all AUAs to immediately make the changes necessary to accept virtual ID in front-end client applications and UID tokens in back-end systems.
The UIDAI said last week that Aadhaar Seva Kendras (local government offices) would be established in banks, post offices, and government facilities across the country within the next few months to replace private centers for enrollment and other Aadhaar management purposes. Private Aadhaar centers had been a source of security concerns.
IDMerit CEO Tony Raval told Biometric Update in a recent interview that under the original system, the security of the Aadhaar enrollment process has not been secure enough for his company to accept an Aadhaar card without a second document in support.
“With all the state governments and local agencies signing up people, creating a fake Aadhaar card has been very easy,” Raval says. “You have a local shop with a license to issue the Aadhaar card. They can take the facial features of that person, take a video, and create another Aadhaar card using that video.”