India is one of the most promising regions in terms of fintech development. The country’s fintech market is growing faster than ever and is expected to reach $31 billion in 2020. With an 87% fintech adoption rate, Indians are enthusiastically embracing all things digital: wallets, payment platforms, banks.
However, since the technology is spreading so fast, AML compliance may be falling behind a little. The largest biometric database in the world, Aadhaar, is no exception. It may be one of the most advanced identification systems, but is not immune to defaults.
At Sumsub, we work with many Indian clients and have to check Aadhaar often, so in this article, we will share what we have learned about Aadhaar over the years.
What is Aadhaar?
In 2009, the Unique Identification Authority of India (UIDAI) launched Aadhaar—a 12-digit identification number. Before Aadhaar, many residents in India, especially those living in rural areas, did not have any identification document at all, so the UIDAI made sure Aadhaar reached all corners of the country. At present, the system covers more than 85% of the 1.4 billion Indian population.
An Aadhaar number is connected to the Aadhaar digital database and contains people’s demographic and biometric data (fingerprints, iris, photo). It is printed on an Aadhaar card or on one of the card’s forms: e-Aadhaar or m-Aadhaar.
Aadhaar card: Everyone that enrolls for an Aadhaar number receives an Aadhaar card. Each person’s demographic data is put on the card in two languages: English and the local language of the cardholder (Hindi, Bengali, etc.).
e-Aadhaar: Besides an Aadhaar card, an individual can get an electronic Aadhaar, or e-Aadhaar for short. An e-Aadhaar can be downloaded from the UIDAI’s website as many times as needed. Then, a person can just show a pdf version on their phone or print the e-Aadhaar onto ordinary paper. Even a black-and-white version is accepted. An e-Aadhaar looks similar to an Aadhaar card, and is as valid as the card.
m-Aadhaar: m-Aadhaar stands for mobile Aadhaar. The UIDAI created an app through which every user can access their Aadhaar. It is enough to just show your m-Aadhaar on your phone without printing it out.
VID: VID, or virtual ID, is a 16-digit number connected with an Aadhaar number. The UIDAI developed VID in response to recent Aadhaar data breaches. If someone does not want to disclose their Aadhaar number, they can generate a VID on the UIDAI website and provide it to a bank or any other organization. These measures were introduced to reinforce people’s data privacy.
An Aadhaar card can be one of the most reliable documents to verify a person’s identity. However, the misuse of Aadhaar combined with regular data breaches poses a great threat to overall security. Let’s look at the major issues.
How data leaks, breaches, and misuse affect Aadhaar
The three main issues with Aadhaar that make falsification of the document quite easy are: data leaks, data breaches, and misuse of the Aadhaar card.
Data leaks: India saw many Aadhaar data leaks that created numerous opportunities for Aadhaar cards to be faked. For instance, several Indian ministries shared people’s Aadhaar data on government websites, making information on hundreds of thousands of people accessible to anyone.
Data breaches: Since the information of many Aadhaar holders was exposed in data breaches, there is a high likelihood that faked documents circulate both inside and outside India. For instance, as part of a journalist investigation, one Indian newspaper managed to buy all Aadhaar numbers for about $8 over WhatsApp. For an additional $3, the journalists obtained a program that could print out any Aadhaar card.
Misuse of Aadhaar: Many places in India, including airports, use Aadhaar as photo ID. This practice is inappropriate since a physical Aadhaar card or e-Aadhaar does not have any security features, such as holograms, seals, or microchips; hence, the documents are easy to fake.
Now we are aware of certain security issues with Aadhaar, let’s look into possible ways to verify the document.
How to check Aadhaar
Since Aadhaar’s biometric data was never leaked or breached, the most reliable way to check Aadhaar is to capture customers’ biometrics. Only entities registered in India can obtain one of the UIDAI’s licenses and use the Aadhaar authentication system to conduct customer verification. A company should contact the UIDAI to obtain the licenses. The cost of each KYC check conducted via the government authentication system is around $0.3.
Businesses located outside India can use a local provider to check Aadhaar or can try to manage KYC on their own. Here are the rules that can help you verify the document as accurately as possible:
- Screening out fake documents: You should have a reliable automated system that can detect any alterations in Aadhaar. It is also advisable to compare documents with the official Aadhaar template to ensure every element of the Aadhaar card is in the right place.
- Non-acceptance of an electronic version of e-Aadhaar: There is a possibility the electronic version that your client submitted is just a screenshot of someone else’s Aadhaar. Therefore, it is better to ask customers to print out their e-Aadhaar and send you a picture of it instead of just uploading a pdf file.
- Checking the QR code: If something feels suspicious, you can scan the QR code on the card that is unique to any Aadhaar user. The code holds information such as a person’s name, date of birth, address, and Aadhaar number.
To ensure 100% KYC & AML compliance, you can introduce other verification tools such as liveness checks.
Since Aadhaar is the most widespread ID document in India, the chances of coming across it are high. While the option to verify people’s biometrics through the UIDAI system is the strongest aspect of Aadhaar, its misuse as photo ID presents certain risks. Thus, it is advisable to take Aadhaar verification seriously and use a combination of approaches to check the document.
400+ businesses and 10 million users trust Sumsub. Learn more about our approach here.