The Unique Identification Authority of India (UIDAI) has beefed up Aadhaar's security to address privacy concerns around leakage of Aadhaar numbers and data.
Moneycontrol News
The Unique Identification Authority of India (UIDAI) has beefed up Aadhaar's security to address privacy concerns around leakage of Aadhaar numbers and data.
Earlier this month, The Tribune found in an investigation that details of any of the about billion Aadhaar numbers issued in India can be accessed for as little as Rs 500 on WhatsApp. Following the allegations, the authority has announced several steps to secure Aadhaar data.
Here are some measures taken by the UIDAI to safeguard Aadhaar:
Virtual ID
The virtual identity or virtual ID (VID) will be a random 16-digit number mapped to the Aadhaar number of a citizen.
The VID will not be duplicable by agencies performing authentication of Aadhaar number, and hence, will ensure safety of the Aadhaar number. The ID, similar to a debit card, will come with an expiration date.
According to a statement by UIDAI, which administers Aadhaar, the VID can be generated and revoked only by the Aadhaar number holder through channels such as the Aadhaar portal and the mAadhaar mobile app. If so required, a new VID can be generated by the Aadhaar holder for each new transaction, and the previous ID will automatically become redundant.
Last week, Nandan Nilekani, the man behind the Unique Identification Authority of India (UIDAI) also backed the virtual ID arrangement announced by the UIDAI.
Limited KYC
The UIDAI has further introduced limited KYC (know your customer) process wherein only some entities, categorised as global authentication user agency (global AUA), will be allowed to store a citizen's Aadhaar number, while others, known as local AUAs will not be allowed to store Aadhaar numbers.
These agencies will be given a UIDAI token specific to them, to enable them to uniquely identify their customers.
The UID token, a unique character for system usage, will be unique to every authentication request made by a global or local AUA.
Currently, every agency that uses Aadhaar for KYC authenticates a user and often stores a person's Aadhaar number.
As of now, the new measures do not specify what happens to the Aadhaar numbers that have already been stored by public or private entities. It also does not mention which AUAs would qualify as global or local.
Facial recognition
As another measure to tighten security, UIDAI has rolled facial recognition for authentication of Aadhaar number.
On Monday, the authority stated it will enable face authentication in conjunction with existing authentications such as biometric or iris scan or one-time password to be able to successfully authenticate an Aadhaar number holder on registered devices from July 1.
"This facility is going to help in inclusive authentication of those who are not able to biometrically authenticate due to their worn out fingerprints, old age or hard work conditions," UIDAI said in a statement. Several cases have been reported of people being unable to complete biometric authentication due to skin of the fingers being worn out on account of age or working conditions.