UIDAI’s Latest Steps To Solve Aadhaar Related Security Concern

The Unique Identification Authority of India (UIDAI) stated in a circular that it has classified AUAs (and KUAs, wherever it’s applicable) into two categories namely Global AUAs and Local AUAs.

This is being done to ensure the security of Aadhaar numbers. The circular also clarified that Virtual ID and UID Token can be used instead of Aadhaar number in most cases as they are aliases of the 12-digit unique identity number.

Only Global AUAs will have access to full e-KYC along with Aadhaar numbers whereas Local AUAs will have access to Limited e-KYC and will not be permitted to store Aadhaar numbers.

UIDAIs Latest Steps To Solve Aadhaar Related Security Concern

Categorizing of AUAs Leads to Enhanced Security of Aadhaar Numbers

As of now, residents are required to share their Aadhaar number in order to authenticate their identity so as to avail various services.

With the implementation of VID or Virtual ID, an Aadhaar holder need not share their Aadhaar number at the time of authentication of identity while availing a service.

The provision of one’s VID instead of their Aadhaar number prevents the collection of Aadhaar numbers by various agencies which result in heightened security, according to the UIDAI.

The Authority also said that it will re-evaluate the list of Global and Local AUAs from time-to-time in order to ensure the security of the Aadhaar numbers.

The Two Types of Authentication User Agencies (AUAs)

An AUA or Authentication User Agency is a requesting entity that submits Aadhaar number and either demographic or biometric information of an individual to the Central Identities Data Repository (CIDR) for authentication.

The CIDR confirms whether the information submitted by the AUA is true or false without giving out any information related to the person’s identity.

There are certain AUAs like banking institutions, financial institutions, etc, that are bound by specific laws to authenticate their customers with the help of their Aadhaar numbers.

However, some AUAs do not have the required security system in place to ensure safe usage and storage of Aadhaar numbers.

This is why the AUAs are categorized into Global and Local AUAs.

Top Features of Global AUAs

  • Global AUAs are the entities that are required to authenticate customers using Aadhaar number
  • These AUAs are allowed to store Aadhaar numbers in their database provided it is done only through data vaults
  • Have the provision to accept Aadhaar numbers as well as VID and UID Token
  • They have the ability to determine which applications don’t require the Aadhaar number and are required to only use VID with UID Token in such cases

Top Features of Local AUAs

  • Local AUAs are not permitted to verify a client using Aadhaar number but are only allowed to use VID for OTP based authentication
  • They are permitted to use Aadhaar number for biometric authentication
  • They are not allowed to store Aadhaar numbers in their databases

What Changes Must AUAs Incorporate to Retain Their Authentication Services?

In order to enhance the security of the Aadhaar number and incorporate the necessary changes in the system, Virtual ID, UID Token, and Limited e-KYC will be used. According to the UIDAI, all AUAs are required to make the following changes in their authentication systems and switch to the new system by July 1, 2018.

  • All AUAs/KUAs must ensure that Aadhaar numbers or VIDs should not be stored while sending authentication or e-KYC requests to the CIDR.
  • All Local AUAs/KUAs shall capture the UID Token and Global AUAs shall capture the Aadhaar number or UID Token as sent by the UIDAI in response to the authentication/e-KYC request in their database.
  • All Local AUAs/KUAs must make sure to replace Aadhaar numbers with UID Tokens and delete all Aadhaar number from their database by August 31, 2018. This also includes transaction logs.
  • All KUAs need to ensure that their application, as well as backend system, are designed in a manner that if there’s a requirement in the future to restrict some of the demographic fields as part of the Limited e-KYC response, the change must be incorporated without any changes in their system.

Failing to comply with these new norms by July 1st would result in the suspension of authentication services and the imposition of monetary fines.

The UIDAI had mentioned that it would share updated API/technical documents, guidelines, and conduct workshops or training sessions for the AUAs and KUAs to make sure that the process of implementation can take place in a smooth and timely manner.

Accordingly, the new APIs —Authentication API 2.5 and OTP Request API 2.5— can be found on the UIDAI Authentication Portal.

All the AUAs/KUAs need to submit a compliance report to the UIDAI as soon as they update their systems the new APIs.

List of Global & Local AUAs as on May 16, 2018

The UIDAI so far has classified 141 Global AUAs and 23 Local AUAs. The AUAs that have been already been classified into the two categories are mentioned at the end of this article.

In order for the other AUAs to be classified as Global AUAs or Local AUAs, they are required to submit a form containing certain information to the UIDAI through the form attached below.

After evaluating the information submitted these AUAs will be categorized. The information required to be submitted is:

  • Name of the AUA
  • Date of appointment as AUA
  • Date of appointment as KUA
  • Purpose of using the authentication service
  • Purpose of using e-KYC service
  • Modality-wise authentication transaction details
  • Modality-wise e-KYC transaction details; and
  • A copy of the specific laws or regulations that require the AUA to authenticate their customers with Aadhaar number

Form for Global & Local AUA categorization

List of Global AUAs (as on May 16, 2018)

Global AUAs consist of Scheduled Commercial Banks, Payment Banks, Regional Rural Banks, Co-operative Banks, Small Finance Banks, Insurance Companies (only Life Insurance), Retail Payments and Settlement Systems.

i) Scheduled Commercial Banks – Regulated by RBI

Sl. no Name of AUA
1 Allahabad Bank
2 American Express Banking Corp.
3 Andhra Bank
4 AXIS Bank
5 Bandhan Bank Limited
6 Bank of Baroda
7 Bank of India
8 Bank of Maharashtra
9 Bharatiya Mahila Bank
10 Canara Bank
11 Catholic Syrian Bank
12 Central Bank of India
13 City Union Bank Limited
14 Corporation Bank
15 DBS Bank
16 DENA Bank
17 Deutsche Bank
18 Development Credit Bank Limited (DCB Bank Limited)
19 HDFC Bank
20 ICICI Bank
21 IDBI Bank
22 IDFC Bank
23 Indian Bank
24 Indian Overseas Bank
25 Karnataka Bank Limited
26 Kotak Mahindra Bank Ltd.
27 Oriental Bank of Commerce
28 Punjab and Sind Bank
29 Punjab National Bank (PNB)
30 Ratnakar Bank (RBL Bank Limited)
31 South Indian Bank Ltd
32 Standard Chartered Bank
33 IndusInd Bank
34 Jammu & Kashmir Bank
35 State Bank of India
36 Syndicate Bank
37 Tamil Nadu Mercantile Bank Ltd.
38 The Federal Bank Ltd.
39 The Hongkong and Shanghai Banking Corporation Limited, India (HSBC)
40 The Karur Vyasya Bank Limited
41 The Lakshmi Vilas Bank Limited
42 The Nainital Bank Limited
43 UCO Bank
44 Union Bank of India
45 United Bank of India
46 Vijaya Bank
47 Yes Bank

ii) Payment Banks – Regulated by RBI

Sl. no Name of AUA
1 Aditya Birla Idea Payments Banks Limited
2 Paytm Payments Bank Limited
3 Jio Payments Bank Limited
4 Fino Payments Bank Limited

iii) Regional Rural Banks – Regulated by RBI

Sl. no Name of AUA
1 Allahabad UP Gramin Bank
2 Andhra Pradesh Grameen Vikas Bank
3 Andhra Pragathi Grameena Bank
4 Assam Gramin Vikash Bank
5 Bangiya Gramin Vikash Bank
6 Baroda Gujarat Gramin Bank
7 Baroda Rajasthan Kshetriya Gramin Bank
8 Baroda Uttar Pradesh Gramin Bank
9 Bihar Gramin Bank
10 Central Madhya Pradesh Gramin Bank
11 Chaitanya Godavari Grameena Bank
12 Chattisgarh Rajya Gramin Bank
13 Dena Gujarat Gramin Bank
14 Ellaqui Dehati Bank
15 Gramin Bank of Aryavart
16 Himachal Pradesh Gramin Bank
17 Jharkhand Gramin Bank
18 Karnataka Vikas Grameena Bank
19 Kashi Gomti Samyut Gramin Bank
20 Kaveri Grameena Bank
21 Kerala Gramin Bank
22 Langpi Dehangi Rural Bank
23 Madhya Bihar Gramin Bank
24 Madhyanchal Gramin Bank
25 Maharashtra Gramin Bank
26 Malwa Gramin Bank
27 Manipur Rural Bank
28 Meghalaya Rural Bank
29 Narmada Jhabua Gramin Bank
30 Odisha Gramya Bank
31 Pallavan Grama Bank
32 Pandyan Grama Bank
33 Paschim Banga Gramin Bank
34 Pragathi Krishna Gramin Bank
35 Prathama Bank
36 Punjab Gramin Bank
37 Purvanchal Bank
38 Rajasthan Marudhara Gramin Bank
39 Saptagiri Grameena Bank
40 Sarva Haryana Gramin Bank
41 Sarva UP Gramin Bank
42 Saurashtra Gramin Bank
43 Sutlej Gramin Bank
44 Telangana Grameena Bank
45 Tripura Gramin Bank
46 Utkal Grameena Bank
47 Uttar Bihar Gramin Bank
48 Uttarakhand Gramin Bank
49 Uttarbanga Kshetriya Gramin Bank
50 Vananchal Gramin Bank
51 Vidharbha Konkan Gramin Bank
52 Puduvai Bharathiar Grama Bank

iv) Co-operative Banks – Regulated by RBI

Sl. no Name of AUA
1 Abhyudaya Co-operative Bank Ltd.
2 Gopinath Patil Parsik Janata Sahakari Bank Ltd.
3 Janata Sahakari Bank Ltd.
4 Punjab & Maharashtra Co-operative Bank
5 Shivalik Mercantile Co Operative Bank
6 The A.P. Mahesh Co-op Urban Bank Ltd.
7 The Cosmos Co-op Bank Ltd.
8 The Kalyan Janata Sahakari Bank
9 The Mehsana Urban Co-Operative Bank Ltd.
10 The Odisha State Cooperative Bank Ltd.
11 The Rajasthan State Co-operative Bank Limited
12 The Saraswat Co-operative Bank Ltd.
13 The Shamrao Vithal Co Op Bank Ltd.
14 Thrissur District Cooperative Bank
15 TJSB Sahakari Bank Ltd.
16 Apna Sahakari Bank Ltd.

v) Small Finance Banks – Regulated by RBI

Sl. no Name of AUA
1 EASF Small Finance Bank Limite
2 Equitas Small Finance Bank Limited
3 Ujjivan Small Finance Bank Limited
4 Suryoday Small Finance Bank Ltd.
5 AU Small Finance Bank Limited
6 Fincare Small Finance Bank Limited

vi) Insurance Companies (only Life Insurance) – Regulated by IRDA

Sl. no Name of AUA
1 Aviva Life Insurance Company India Limited
2 Bajaj Allianz Life Insurance Co. Ltd.
3 Bharti AXA Life Insurance Company Limited
4 Exide Life Insurance Company Limited
5 HDFC Standard Life Insurance Company Limited
6 ICICI Prudential Life Insurance
7 India First Life Insurance
8 Max Life Insurance Co. Ltd.
9 Life Insurance Corporation of India (LIC)
10 PNB Metlife India Insurance Company Limited
11 SBI Life Insurance Co Ltd
12 TATA AIA Life Insurance
13 Future Generali India Life Insurance Company Ltd.
14 Reliance Nippon Life Insurance Company Limited
15 Aegon Religare Life Insurance Company Ltd.

vii) Retail Payments and Settlement System

Sl. no Name of AUA
1 National Payments Corporation of India (NPCI)

List of Local AUAs (as on May 16, 2018)

Local AUAs consist of Telecom Operators, Financial Corporations that are controlled by the National Housing Bank, Pre-paid Payment Instruments, Certifying Authority, Digital Locker Providers, e-Sign Providers, Insurance Companies (Non-Life Insurance), and Non-Banking Financial Companies.

i) Telecom Operators

Sl. no Name of AUA
1 Bharti Airtel Limited
2 Idea Cellular Limited
3 Vodafone India Limited
4 Reliance Jio Infocomm Limited
5 Bharat Sanchar Nigam Limited (BSNL)
6 Tata Teleservices Limited
7 Mahanagar Telephone Nigam Limited (MTNL)

ii) Regulated by National Housing Bank

Sl. no Name of AUA
1 HDFC Housing Development Finance Corporation Limited
2 India Shelter Finance Corporation Ltd.
3 Reliance Home Finance Ltd.
4 Shriram Housing Finance Limited
5 ICICI Home Finance Company Limited
6 Indiabulls Housing Finance Limited
7 Tata Capital Housing Finance Ltd.

iii) Pre-paid Payment Instruments (PPI) – Regulated by RBI

Sl. no Name of AUA
1 ITZ Cash Card Limited
2 My Mobile Payments Limited Money on Mobile)
3 One Mobikwik System Private Limited
4 Oxigen Services (India) Pvt. Ltd.
5 Smart Payment Solutions Pvt. Ltd.
6 Reliance Payment Solutions Limited

iv) Certifying Authority, Digital Locker Providers, e-Sign Providers – Regulated by CCA

Sl. no Name of AUA
1 Sify Technologies Limited
2 Capricorn Identity Services Pvt. Ltd.

v) Insurance Companies (Non-Life Insurance) – Regulated by IRDA

Sl. no Name of AUA
1 HDFC Ergo General Insurance Company Limited
2 Apollo Munich Health Insurance Company Ltd.
3 Reliance General Insurance Company Limited
4 The New India Assurance Co Ltd
5 Bajaj Allianz General Insurance Company Limited

vi) Non-Banking Financial Companies – Regulated by RBI

Sl. no Name of AUA
1 Bajaj Finance Ltd.
2 Capital First Ltd.
3 Credila Financial Services Pvt. Ltd.
4 Fullerton India Credit Company Limited
5 Geojit BNP Paribas Financial Services Limited
6 Home Credit India Finance Pvt. Ltd.
7 India Infoline Finance Limited
8 Invest India Micro Pension Services Pvt. Ltd.
9 Janalakshmi Financial Services Ltd.
10 L & T Finance Ltd.
11 Mahindra & Mahindra Financial Services Limited
12 Manappuram Finance Limited
13 Muthoot Finance Limited
14 Muthoot Fincorp Limited
15 Reliance Commercial Finance Limited
16 Shriram Transport Finance Company Ltd.
17 UAE Exchange & Financial Services Ltd.
18 Zen Lefin Pvt. Ltd.
19 SMI Finance Pvt. Ltd.
20 HDB Financial Services Ltd.
21 Daimler Financial Services India Pvt. Ltd.
22 TVS Credit Services Limited
23 Tata Capital Financial Services Ltd.
24 Bharat Financial Inclusion Ltd.
25 SiCreva Capital Services Pvt. Ltd.
26 IVL Finance Limited

 

Leave a Comment

Your email address will not be published. Required fields are marked *