Bharti Airtel has been deservedly rapped on the knuckles by the Unique Identification Authority of India (UIDAI) which has disallowed it and Airtel Payments Bank from verifying the bona fides of customers via eKYC using Aadhaar. This is a strong signal to all players from the UIDAI, and shows it means business. The penalty might seem harsh, but is deserved because companies cannot be playing around with customers and sensitive data. Already, there is much concern about Aadhaar data ‘leaks’—in several cases, government departments/ministries have put out data on various benefits being transferred to citizens with information on their Aadhaar number, names and addresses, bank account numbers, and so on.
A fine would have been less effective since, with the e-KYC licence suspended, albeit temporarily, Bharti Airtel must now follow the more tedious and time-consuming manual KYC process for enlisting mobile phone subscribers. In fact, since customer acquisition costs do go up when a KYC needs to be completed physically, eKYC is clearly the best solution, but it cannot work if the facility is abused by companies. Given both Aadhaar and the digital ecosystem in India are relatively new, UIDAI must watch players closely and be ready to act with strong penal measures whenever there is a breach. In this case, when consumers came to link their mobile numbers to their Aadhaar—as was warranted by the law—Bharti Airtel used this verification process to open payments banks accounts for its subscribers without their ‘informed consent’. This is unacceptable both from the point of view of the system as also the individual.
Airtel’s mobile app allegedly came with a box that was pre-checked which meant that unless the user took care to uncheck it, his consent to upgrading or creating an Airtel Payment Bank wallet using the mobile KYC, was assumed. Going by reports, at least 2-3 million new banks accounts were created in this fashion. Also, subscribers were inconvenienced because their LPG subsidies were deposited into the Airtel Bank accounts rather their regular accounts. Following the episode, the government has amended the rules for receiving subsidies—these will no longer be automatically deposited in the latest Aadhaar-linked bank account.
Consumers are wary of digital banking given instances of accounts being hacked, and enough fear has been created about the breach of privacy using Aadhaar. If there are more incidents like the Airtel one, people will become even more reluctant to use digital banking/payment facilities. The fear of sensitive personal information being leaked is justified. A committee has been tasked with writing a report on data privacy , and unless it—along with UIDAI—ensures that custodians of data are able to keep it confidential, the use of both digital payments and Aadhaar might be limited.