UIDAI’s Latest Steps To Solve Aadhaar Related Security Concern

The Unique Identification Authority of India (UIDAI) stated in a circular that it has classified AUAs (and KUAs, wherever it’s applicable) into two categories namely Global AUAs and Local AUAs.

This is being done to ensure the security of Aadhaar numbers. The circular also clarified that Virtual ID and UID Token can be used instead of Aadhaar number in most cases as they are aliases of the 12-digit unique identity number.

Only Global AUAs will have access to full e-KYC along with Aadhaar numbers whereas Local AUAs will have access to Limited e-KYC and will not be permitted to store Aadhaar numbers.

UIDAIs Latest Steps To Solve Aadhaar Related Security Concern

Categorizing of AUAs Leads to Enhanced Security of Aadhaar Numbers

As of now, residents are required to share their Aadhaar number in order to authenticate their identity so as to avail various services.

With the implementation of VID or Virtual ID, an Aadhaar holder need not share their Aadhaar number at the time of authentication of identity while availing a service.

The provision of one’s VID instead of their Aadhaar number prevents the collection of Aadhaar numbers by various agencies which result in heightened security, according to the UIDAI.

The Authority also said that it will re-evaluate the list of Global and Local AUAs from time-to-time in order to ensure the security of the Aadhaar numbers.

The Two Types of Authentication User Agencies (AUAs)

An AUA or Authentication User Agency is a requesting entity that submits Aadhaar number and either demographic or biometric information of an individual to the Central Identities Data Repository (CIDR) for authentication.

The CIDR confirms whether the information submitted by the AUA is true or false without giving out any information related to the person’s identity.

There are certain AUAs like banking institutions, financial institutions, etc, that are bound by specific laws to authenticate their customers with the help of their Aadhaar numbers.

However, some AUAs do not have the required security system in place to ensure safe usage and storage of Aadhaar numbers.

This is why the AUAs are categorized into Global and Local AUAs.

Top Features of Global AUAs

  • Global AUAs are the entities that are required to authenticate customers using Aadhaar number
  • These AUAs are allowed to store Aadhaar numbers in their database provided it is done only through data vaults
  • Have the provision to accept Aadhaar numbers as well as VID and UID Token
  • They have the ability to determine which applications don’t require the Aadhaar number and are required to only use VID with UID Token in such cases

Top Features of Local AUAs

  • Local AUAs are not permitted to verify a client using Aadhaar number but are only allowed to use VID for OTP based authentication
  • They are permitted to use Aadhaar number for biometric authentication
  • They are not allowed to store Aadhaar numbers in their databases

What Changes Must AUAs Incorporate to Retain Their Authentication Services?

In order to enhance the security of the Aadhaar number and incorporate the necessary changes in the system, Virtual ID, UID Token, and Limited e-KYC will be used. According to the UIDAI, all AUAs are required to make the following changes in their authentication systems and switch to the new system by July 1, 2018.

  • All AUAs/KUAs must ensure that Aadhaar numbers or VIDs should not be stored while sending authentication or e-KYC requests to the CIDR.
  • All Local AUAs/KUAs shall capture the UID Token and Global AUAs shall capture the Aadhaar number or UID Token as sent by the UIDAI in response to the authentication/e-KYC request in their database.
  • All Local AUAs/KUAs must make sure to replace Aadhaar numbers with UID Tokens and delete all Aadhaar number from their database by August 31, 2018. This also includes transaction logs.
  • All KUAs need to ensure that their application, as well as backend system, are designed in a manner that if there’s a requirement in the future to restrict some of the demographic fields as part of the Limited e-KYC response, the change must be incorporated without any changes in their system.

Failing to comply with these new norms by July 1st would result in the suspension of authentication services and the imposition of monetary fines.

The UIDAI had mentioned that it would share updated API/technical documents, guidelines, and conduct workshops or training sessions for the AUAs and KUAs to make sure that the process of implementation can take place in a smooth and timely manner.

Accordingly, the new APIs —Authentication API 2.5 and OTP Request API 2.5— can be found on the UIDAI Authentication Portal.

All the AUAs/KUAs need to submit a compliance report to the UIDAI as soon as they update their systems the new APIs.

List of Global & Local AUAs as on May 16, 2018

The UIDAI so far has classified 141 Global AUAs and 23 Local AUAs. The AUAs that have been already been classified into the two categories are mentioned at the end of this article.

In order for the other AUAs to be classified as Global AUAs or Local AUAs, they are required to submit a form containing certain information to the UIDAI through the form attached below.

After evaluating the information submitted these AUAs will be categorized. The information required to be submitted is:

  • Name of the AUA
  • Date of appointment as AUA
  • Date of appointment as KUA
  • Purpose of using the authentication service
  • Purpose of using e-KYC service
  • Modality-wise authentication transaction details
  • Modality-wise e-KYC transaction details; and
  • A copy of the specific laws or regulations that require the AUA to authenticate their customers with Aadhaar number

Form for Global & Local AUA categorization

List of Global AUAs (as on May 16, 2018)

Global AUAs consist of Scheduled Commercial Banks, Payment Banks, Regional Rural Banks, Co-operative Banks, Small Finance Banks, Insurance Companies (only Life Insurance), Retail Payments and Settlement Systems.

i) Scheduled Commercial Banks – Regulated by RBI

Sl. noName of AUA
1Allahabad Bank
2American Express Banking Corp.
3Andhra Bank
4AXIS Bank
5Bandhan Bank Limited
6Bank of Baroda
7Bank of India
8Bank of Maharashtra
9Bharatiya Mahila Bank
10Canara Bank
11Catholic Syrian Bank
12Central Bank of India
13City Union Bank Limited
14Corporation Bank
15DBS Bank
16DENA Bank
17Deutsche Bank
18Development Credit Bank Limited (DCB Bank Limited)
19HDFC Bank
20ICICI Bank
21IDBI Bank
22IDFC Bank
23Indian Bank
24Indian Overseas Bank
25Karnataka Bank Limited
26Kotak Mahindra Bank Ltd.
27Oriental Bank of Commerce
28Punjab and Sind Bank
29Punjab National Bank (PNB)
30Ratnakar Bank (RBL Bank Limited)
31South Indian Bank Ltd
32Standard Chartered Bank
33IndusInd Bank
34Jammu & Kashmir Bank
35State Bank of India
36Syndicate Bank
37Tamil Nadu Mercantile Bank Ltd.
38The Federal Bank Ltd.
39The Hongkong and Shanghai Banking Corporation Limited, India (HSBC)
40The Karur Vyasya Bank Limited
41The Lakshmi Vilas Bank Limited
42The Nainital Bank Limited
43UCO Bank
44Union Bank of India
45United Bank of India
46Vijaya Bank
47Yes Bank

ii) Payment Banks – Regulated by RBI

Sl. noName of AUA
1Aditya Birla Idea Payments Banks Limited
2Paytm Payments Bank Limited
3Jio Payments Bank Limited
4Fino Payments Bank Limited

iii) Regional Rural Banks – Regulated by RBI

Sl. noName of AUA
1Allahabad UP Gramin Bank
2Andhra Pradesh Grameen Vikas Bank
3Andhra Pragathi Grameena Bank
4Assam Gramin Vikash Bank
5Bangiya Gramin Vikash Bank
6Baroda Gujarat Gramin Bank
7Baroda Rajasthan Kshetriya Gramin Bank
8Baroda Uttar Pradesh Gramin Bank
9Bihar Gramin Bank
10Central Madhya Pradesh Gramin Bank
11Chaitanya Godavari Grameena Bank
12Chattisgarh Rajya Gramin Bank
13Dena Gujarat Gramin Bank
14Ellaqui Dehati Bank
15Gramin Bank of Aryavart
16Himachal Pradesh Gramin Bank
17Jharkhand Gramin Bank
18Karnataka Vikas Grameena Bank
19Kashi Gomti Samyut Gramin Bank
20Kaveri Grameena Bank
21Kerala Gramin Bank
22Langpi Dehangi Rural Bank
23Madhya Bihar Gramin Bank
24Madhyanchal Gramin Bank
25Maharashtra Gramin Bank
26Malwa Gramin Bank
27Manipur Rural Bank
28Meghalaya Rural Bank
29Narmada Jhabua Gramin Bank
30Odisha Gramya Bank
31Pallavan Grama Bank
32Pandyan Grama Bank
33Paschim Banga Gramin Bank
34Pragathi Krishna Gramin Bank
35Prathama Bank
36Punjab Gramin Bank
37Purvanchal Bank
38Rajasthan Marudhara Gramin Bank
39Saptagiri Grameena Bank
40Sarva Haryana Gramin Bank
41Sarva UP Gramin Bank
42Saurashtra Gramin Bank
43Sutlej Gramin Bank
44Telangana Grameena Bank
45Tripura Gramin Bank
46Utkal Grameena Bank
47Uttar Bihar Gramin Bank
48Uttarakhand Gramin Bank
49Uttarbanga Kshetriya Gramin Bank
50Vananchal Gramin Bank
51Vidharbha Konkan Gramin Bank
52Puduvai Bharathiar Grama Bank

iv) Co-operative Banks – Regulated by RBI

Sl. noName of AUA
1Abhyudaya Co-operative Bank Ltd.
2Gopinath Patil Parsik Janata Sahakari Bank Ltd.
3Janata Sahakari Bank Ltd.
4Punjab & Maharashtra Co-operative Bank
5Shivalik Mercantile Co Operative Bank
6The A.P. Mahesh Co-op Urban Bank Ltd.
7The Cosmos Co-op Bank Ltd.
8The Kalyan Janata Sahakari Bank
9The Mehsana Urban Co-Operative Bank Ltd.
10The Odisha State Cooperative Bank Ltd.
11The Rajasthan State Co-operative Bank Limited
12The Saraswat Co-operative Bank Ltd.
13The Shamrao Vithal Co Op Bank Ltd.
14Thrissur District Cooperative Bank
15TJSB Sahakari Bank Ltd.
16Apna Sahakari Bank Ltd.

v) Small Finance Banks – Regulated by RBI

Sl. noName of AUA
1EASF Small Finance Bank Limite
2Equitas Small Finance Bank Limited
3Ujjivan Small Finance Bank Limited
4Suryoday Small Finance Bank Ltd.
5AU Small Finance Bank Limited
6Fincare Small Finance Bank Limited

vi) Insurance Companies (only Life Insurance) – Regulated by IRDA

Sl. noName of AUA
1Aviva Life Insurance Company India Limited
2Bajaj Allianz Life Insurance Co. Ltd.
3Bharti AXA Life Insurance Company Limited
4Exide Life Insurance Company Limited
5HDFC Standard Life Insurance Company Limited
6ICICI Prudential Life Insurance
7India First Life Insurance
8Max Life Insurance Co. Ltd.
9Life Insurance Corporation of India (LIC)
10PNB Metlife India Insurance Company Limited
11SBI Life Insurance Co Ltd
12TATA AIA Life Insurance
13Future Generali India Life Insurance Company Ltd.
14Reliance Nippon Life Insurance Company Limited
15Aegon Religare Life Insurance Company Ltd.

vii) Retail Payments and Settlement System

Sl. noName of AUA
1National Payments Corporation of India (NPCI)

List of Local AUAs (as on May 16, 2018)

Local AUAs consist of Telecom Operators, Financial Corporations that are controlled by the National Housing Bank, Pre-paid Payment Instruments, Certifying Authority, Digital Locker Providers, e-Sign Providers, Insurance Companies (Non-Life Insurance), and Non-Banking Financial Companies.

i) Telecom Operators

Sl. noName of AUA
1Bharti Airtel Limited
2Idea Cellular Limited
3Vodafone India Limited
4Reliance Jio Infocomm Limited
5Bharat Sanchar Nigam Limited (BSNL)
6Tata Teleservices Limited
7Mahanagar Telephone Nigam Limited (MTNL)

ii) Regulated by National Housing Bank

Sl. noName of AUA
1HDFC Housing Development Finance Corporation Limited
2India Shelter Finance Corporation Ltd.
3Reliance Home Finance Ltd.
4Shriram Housing Finance Limited
5ICICI Home Finance Company Limited
6Indiabulls Housing Finance Limited
7Tata Capital Housing Finance Ltd.

iii) Pre-paid Payment Instruments (PPI) – Regulated by RBI

Sl. noName of AUA
1ITZ Cash Card Limited
2My Mobile Payments Limited Money on Mobile)
3One Mobikwik System Private Limited
4Oxigen Services (India) Pvt. Ltd.
5Smart Payment Solutions Pvt. Ltd.
6Reliance Payment Solutions Limited

iv) Certifying Authority, Digital Locker Providers, e-Sign Providers – Regulated by CCA

Sl. noName of AUA
1Sify Technologies Limited
2Capricorn Identity Services Pvt. Ltd.

v) Insurance Companies (Non-Life Insurance) – Regulated by IRDA

Sl. noName of AUA
1HDFC Ergo General Insurance Company Limited
2Apollo Munich Health Insurance Company Ltd.
3Reliance General Insurance Company Limited
4The New India Assurance Co Ltd
5Bajaj Allianz General Insurance Company Limited

vi) Non-Banking Financial Companies – Regulated by RBI

Sl. noName of AUA
1Bajaj Finance Ltd.
2Capital First Ltd.
3Credila Financial Services Pvt. Ltd.
4Fullerton India Credit Company Limited
5Geojit BNP Paribas Financial Services Limited
6Home Credit India Finance Pvt. Ltd.
7India Infoline Finance Limited
8Invest India Micro Pension Services Pvt. Ltd.
9Janalakshmi Financial Services Ltd.
10L & T Finance Ltd.
11Mahindra & Mahindra Financial Services Limited
12Manappuram Finance Limited
13Muthoot Finance Limited
14Muthoot Fincorp Limited
15Reliance Commercial Finance Limited
16Shriram Transport Finance Company Ltd.
17UAE Exchange & Financial Services Ltd.
18Zen Lefin Pvt. Ltd.
19SMI Finance Pvt. Ltd.
20HDB Financial Services Ltd.
21Daimler Financial Services India Pvt. Ltd.
22TVS Credit Services Limited
23Tata Capital Financial Services Ltd.
24Bharat Financial Inclusion Ltd.
25SiCreva Capital Services Pvt. Ltd.
26IVL Finance Limited

 

Leave a Comment

Your email address will not be published. Required fields are marked *