Biometric KYC authentication services worth Rs2.3B to UIDAI over 21 months
Findings by Aniket Gaurav, an Indian law student have revealed that the Unique Identification Authority of India (UIDAI) earned Rs2.319 billion (about US$31.6 million) within a period of 21 months for biometric online KYC authentication services through the Aadhaar identity scheme.
The findings are reported in an article by Money Life which accuses UIDAI, the body managing the Aadhaar program, of “fully becoming a for-profit business entity and garnering money in every possible way after forcefully collecting user data for free” in the name of offering digital identity services to Indians.
Aadhaar is the world’s biggest biometric ID system covering about 1.2 billion residents in India, according to the UIDAI.
The news report states that Gaurav’s requests to the UIDAI for more information regarding its paid Aadhaar services were turned down, but the student and Right to Information (RTI) user was able to obtain information about the body’s earnings for two services within the period May 2019 and March 2021.
Despite the refusal by Sanjeev Yadav, assistant director general and central public information officer at UIDAI ‘commercial confidence’ grounds, Gaurav found that the two services, namely e-KYC authentication and ‘yes or no’ authentication feedback, brought in a total of Rs2.541 billion ($34.6 million), Money Life states.
As if to illustrate its point, the outlet recalls a 2019 gazette notification issued by the UIDAI which announces costs for certain Aadhaar authentication services from requesting parties, except government bodies and the department of post. The paid services include further biometric and demographic updates as well as downloading and color printing of Aadhaar documents.
Prominent human rights activist Dr. Usha Ramanathan has previously claimed that Aadhaar is motivated by profit considerations.
India’s Reserve Bank adjusts rules for video-based KYC
The Reserve Bank of India has revised its biometric KYC rules to give its video-based customer identification process (V-CIP) the same legal status as face-to-face customer identification, Financial Express reports.
The move extends the process to a new set of regulated entities, including proprietorship firms, authorized signatories and beneficial owners of legal entities. They can now carry out due diligence with facial recognition when on-boarding new customers.
V-CIP is a process through which an authorized official carries out customer onboarding by identifying the customer with biometrics and live audio-visual interaction.
The Reserve Bank has also specified a number of guidelines which the regulated entities will have to adhere to. Money Control reports the requirements include auditable consent for the process from the customer, geo-tagging video recordings, and restarting the process in the event of a disruption.
“The technology infrastructure should be housed in own premises of the RE and the V-CIP connection and interaction shall necessarily originate from its own secured network domain. Any technology related outsourcing for the process should be compliant with relevant RBI guidelines,” Financial Express quoted the Bank as saying.
The adjustment also indicates that regulated entities have to draft a clear work program and a standard procedure for operating the V-CIP, adding that the process should be operated only by trained personnel.
Banks are now required by the RBI to take a risk-based approach to periodic updating of KYC data.