September 26th 2018: Supreme Court (SC) passed a landmark judgement on the constitutional validity of Aadhaar Act, which was challenged on the concerns of privacy and mass surveillance
The verdict declared section 57 of the Aadhaar Act unconstitutional and rendered it null and void with immediate effect.
Section 57 of the Aadhaar Act had empowered lenders to perform e-KYC using UIDAI servers for authentication by sending an OTP on Aadhaar connected mobile number or fingerprint / IRIS scan based match.
In this piece we cover the impact of the judgement on the essential step of KYC for lending by NBFC’s, Banks and Digital Lending Startups. We show how they can still use the Aadhaar card for performing the KYC digitally.
It’s not the end for Aadhaar based KYC
Aadhaar is the only available identity document for over 50% of Indians and is the only document with over 90% of coverage. Aadhaar cannot but remain vital to the KYC processes of Indian retail lenders. So how do lenders use Aadhaar in a compliant way?
Aadhaar Paperless Local e-KYC
Keeping this in mind, institutions are allowed to perform Aadhar based KYC for customers who opt for it through “Aadhaar Paperless Local e-KYC” also known as “Offline KYC”
Offline KYC is a non-OTP, non-biometric based KYC which doesn’t require an api-call authentication from UIDAI.
Digital KYC Solutions for Retail Lenders: Post SC Verdict
Three compliant ways for Aadhar based KYC in the order of effectiveness are -
1. QR Scan based
Aadhaar card holders can now verify their identity using the QR codes available on the Aadhaar cards. UIDAI released new versions of Aadhaar cards to be downloaded from the UIDAI website, which will include authenticated QR codes for the purpose of verifying the demographics and photograph.
2. XML based
Aadhaar card holders can download a digitally signed XML file from the UIDAI website from both mobile as well as laptops, that can be shared for offline identity verification.
There are some caveats though, only the name and address of the card holder are shared by default where as the card holder has the option to add other data: such as Photograph, Gender, Date of Birth, Email and Phone Number.
3. Aadhar OCR (Optical Character Recognition)
Aadhaar OCR is the only completely digital way of performing KYC, compliant with both the recent SC verdict and RBI guidelines.
OCR extracts machine readable text from images of Aadhaar cards.
OCR ensures multiple benefits over other methods —
Completely Digital: Works on a photo of the Aadhaar and doesn’t require the card to be present physically
Automated: Converts the Aadhaar details from the photo to formatted machine readable text, which reduces huge operational overhead
Self-Served: Allows the borrower to perform KYC herself
The SC verdict mandates that corporates cannot store the Aadhaar numbers of its customers, except for the last 4-digits. Any tool using this technique will be required to abide by these guidelines.
Shameless Plug — FinBox Identity Verification Suite
FinBox Identity verification suite is a developer friendly and fully compliant product which solves KYC, data extraction and fraud detection for digital lending startups and NBFC’s. It takes less than 5 minutes to integrate.
Beyond KYC: Fraud Detection
FinBox AI has built extremely sophisticated fraud detection tools like live face tracking & fraud trigger monitoring. Please check out the complete feature set here.
To power your business with a SC and RBI compliant and completely paperless KYC mechanism, please reach out to email@example.com and avail a free trial.
For any unanswered questions, please feel free to contact me at firstname.lastname@example.org