The prepaid payments instrument (PPI) industry will write to UIDAI to allow mobile wallet providers to verify customers using their Aadhaar database
New Delhi: The digital payments industry will seek access to the Aadhaar database for customer authentication to comply with the stringent customer verification rules set by the Reserve Bank of India (RBI).
The prepaid payments instrument (PPI) industry will write to the Unique Identification Authority of India (UIDAI) to allow mobile wallet providers to verify customers using the Aadhaar database.
“When UIDAI has to recognize a regulated entity they should recognize all RBI regulated entities. Why create differentiation within the regulated entities? I can understand if you differentiate between regulated and non-regulated ones. But if there are entities, which are RBI regulated, then why a different set of rules for one set of regulated entities and not for others. This is creating a non-level playing field,” said Gaurav Chopra, executive director of the Payments Council of India (PCI), the industry body representing all digital payment companies in India.
In April, RBI had updated its know-your-customer (KYC) guidelines mandating Aadhaar for customer verification and due diligence by entities regulated by it, including banks, non-banking finance companies (NBFCs), payment system providers (PSPs) and PPI issuers.
UIDAI, in a move to regulate storage of Aadhaar numbers within databases, had introduced two categories of Authentication User Agency (AUA)—an entity engaged in providing Aadhaar-enabled services. The local AUA has limited access to Aadhaar data through a virtual ID, while global AUAs will have access to e-KYC using the Aadhaar number.
An AUA may be a government, public or a private legal agency registered in India, which uses the Aadhaar authentication services provided by UIDAI.
All banks, including commercial banks, payment banks, regional banks, rural banks, cooperative banks and small finance banks, as well as life insurance companies and the National Payments Corp. of India, had been categorized as global AUAs. PPIs, NBFCs, telcos and non-life insurance companies were among those classified as local AUAs.
The local AUAs are allowed to verify customers using virtual IDs only. Virtual ID is a 16-digit random number mapped with the Aadhaar number and can be used for the purpose of authentication in the same way the Aadhaar number is used. The date for implementation of Virtual IDs is 1 July.
“The concerns around security have to be rightly balanced, to be done in a phased and time-bound manner, and not stop the licences of PPI companies overnight, putting the entire business at risk… It is better to have directional implementation of virtual IDs,” said Chopra.
According to Chopra, UIDAI’s move to classify PPIs as local AUAs will prevent PPI holders from complying with the KYC norms set by RBI.
Earlier this month, PCI had written to RBI to postpone the implementation of its KYC rules till the time the wallet companies were given access to the Aadhaar database. In response, RBI had asked PCI to reach out to UIDAI to sort out the issue.