Aadhaar update: UIDAI tells agencies to treat virtual ID, UID token as 12-digit biometric number
Virtual ID system and UID token are different forms of Aadhaar number, and those should be deemed as the 12-digit biometric number for identity verification and to satisfy regulatory compliance, the UIDAI said.
Virtual ID system and UID token are different forms of Aadhaar number, and those should be deemed as the 12-digit biometric number for identity verification and to satisfy regulatory compliance, the UIDAI said. Virtual ID system and UID token — the two-tier security system introduced recently to address privacy concerns — are meant to be used by authentication agencies like telecom firms that are classified as ‘local AUAs (authentication user agencies)’. The twin features are “different forms of Aadhaar number”, and “will be deemed as the Aadhaar number for the purposes of compliance” of regulations, the Unique Identification Authority of India (UIDAI) has clarified.
According to a recent gazette notification, the entities classified as local Authentication User Agencies or local AUAs have been directed to make stipulated changes in their systems for use of Virtual ID (VID) and UID token as substitute of Aadhaar number and limited eKYC. The Aadhaar-issuing body, on July 1, rolled out the Virtual ID (VID) feature which an Aadhaar-card holder can generate from its website and produce for various authentication purposes, instead of sharing the actual 12-digit biometric ID.
The VID is a temporary 16-digit, randomly-generated number that Aadhaar holder can share for authentication or KYC services along with his/her fingerprint in lieu of the Aadhaar number. The UID token, on the other hand, allows authentication agencies to uniquely identify their customers within their systems – in other words ensuring uniqueness of customers in the system — without having to store the Aadhaar number in their database.
The freshly minted twin features are aimed at strengthening the privacy and security of Aadhaar data, in the face of increasing concerns over collection of personal and demographic details of individuals. The UIDAI has already classified all authentication agencies registered with it under two heads — global or local. Banks have been categorised as global AUAs (authentication user agency), and telecom companies amongst local AUAs for the purpose of authentication and KYC entitlement.
Besides telecom service providers, National Housing Bank regulated finance companies, eSign providers, non life insurance companies and Non-Banking Financial Companies (NBFC) have also been classified as local AUAs. As per the norms laid down by the UIDAI, global AUAs will be allowed access to complete KYC with Aadhaar number, and the entities classified as local AUAs will have limited access to KYC details of customers.