While the Supreme Court verdict on Aadhaar was welcome, given the high-decibel campaign against it, its reading down of Section 57 of the Aadhaar Act was always difficult to comprehend.
While the Supreme Court verdict on Aadhaar was welcome, given the high-decibel campaign against it, its reading down of Section 57 of the Aadhaar Act was always difficult to comprehend. Ostensibly, it was done to ensure data of individuals didn’t get leaked when private sector firms used Aadhaar for authentication, but since the SC was satisfied that the Aadhaar information was secure, it was not clear why private sector firms were not to be allowed to use it. The SC ruling then had the unfortunate effect of crippling fintech firms since an Aadhaar-based e-KYC was no longer an option and, since it was no longer mandatory to link your bank account with your Aadhaar number, this would allow tax thieves to have bank accounts that were not reported to the taxman; the accounts would be opened using fake PAN cards. Also, since the SC stopped the linking of Aadhaar with mobile phones, this meant it would be easy for people—thieves, terrorists, kidnappers—to get SIM cards using some fake ID.
Given the SC may have ruled differently if there was a law in place mandating the use of Aadhaar for phones and bank accounts—the Aadhaar Act really concerns itself with subsidies, so the SC had no problem upholding the use of Aadhaar for payment of subsidies—the government has done well to change the Telegraph Act as well as the Prevention of Money Laundering Act to allow even private entities to use Aadhaar as one of the KYC methods. So, a private telecom firm/bank can now use an Aadhaar e-KYC, but they also need to offer users a choice of offering, say, a ration card or a driving licence as a proof of identity if they wish. Also, customers must have the choice of doing their Aadhaar verification online or offline. An online verification means the user gives her biometric impression on a small scanner and UIDAI gives an online confirmation to the telco or bank. In the case of an offline verification, the customer gives the bank/telco her Aadhaar slip which has a QR code printed on it, the telco/bank uses a card-reader to read this; what will come up on the screen of the card-reader will be the name, age, photograph and address of the person, and this can be used to do the KYC; since all the information is embedded on the QR code, the query doesn’t need to go to the UIDAI/Aadhaar database.
Since the government has now deleted Section 57 of the Aadhaar Act, following the SC reading down provisions of it, the only solution for the fintech industry is to use offline Aadhaar QR codes for e-KYC; this, however, will require some RBI notification since, till this is done, it is unlikely fintechs will use the offline solution even though it doesn’t violate the SC ruling.