Virtual ID system and UID token are different forms of Aadhaar number, and those should be deemed as the 12-digit biometric number for identity verification and to satisfy regulatory compliance, the UIDAI said.
Virtual ID system and UID token are different forms of Aadhaar number, and those should be deemed as the 12-digit biometric number for identity verification and to satisfy regulatory compliance, the UIDAI said. Virtual ID system and UID token — the two-tier security system introduced recently to address privacy concerns — are meant to be used by authentication agencies like telecom firms that are classified as ‘local AUAs (authentication user agencies)’. The twin features are “different forms of Aadhaar number”, and “will be deemed as the Aadhaar number for the purposes of compliance” of regulations, the Unique Identification Authority of India (UIDAI) has clarified.
According to a recent gazette notification, the entities classified as local Authentication User Agencies or local AUAs have been directed to make stipulated changes in their systems for use of Virtual ID (VID) and UID token as substitute of Aadhaar number and limited eKYC. The Aadhaar-issuing body, on July 1, rolled out the Virtual ID (VID) feature which an Aadhaar-card holder can generate from its website and produce for various authentication purposes, instead of sharing the actual 12-digit biometric ID.
The VID is a temporary 16-digit, randomly-generated number that Aadhaar holder can share for authentication or KYC services along with his/her fingerprint in lieu of the Aadhaar number. The UID token, on the other hand, allows authentication agencies to uniquely identify their customers within their systems – in other words ensuring uniqueness of customers in the system — without having to store the Aadhaar number in their database.
The freshly minted twin features are aimed at strengthening the privacy and security of Aadhaar data, in the face of increasing concerns over collection of personal and demographic details of individuals. The UIDAI has already classified all authentication agencies registered with it under two heads — global or local. Banks have been categorised as global AUAs (authentication user agency), and telecom companies amongst local AUAs for the purpose of authentication and KYC entitlement.
Besides telecom service providers, National Housing Bank regulated finance companies, eSign providers, non life insurance companies and Non-Banking Financial Companies (NBFC) have also been classified as local AUAs. As per the norms laid down by the UIDAI, global AUAs will be allowed access to complete KYC with Aadhaar number, and the entities classified as local AUAs will have limited access to KYC details of customers.
The UIDAI had announced that its virtual ID mechanism is “operational” with its various authentication agencies from July 1. The authority, however, gave banks time until August 31 to deploy the new feature. It had also said that telecom companies and e-sign companies, that may not have implemented the VID system from July 1 will be charged Rs 0.20 for every transaction performed thereafter, a sort of ‘disincentive’.
The rider, however, is that in case they are able to fully migrate to the new platform by July 31, the entire “authentication transaction charges imposed for the above said period of July 1-31, 2018, shall be waived”. This was done to nudge such companies to expedite the migration process to VID.