TomorrowMakers

To increase the security of Aadhaar details, UIDAI will soon introduce a virtual ID and limited KYC for authentication.

Aadhaar features

To better secure Aadhaar card details and who has access to them, a 16-digit virtual ID will now be shared in place of Aadhaar number for authentication, and limited KYC will ensure that agencies don’t store Aadhaar numbers, says UIDAI.

In response to the recent concerns raised about the misuse of Aadhaar holders’ information, the Unique Identification Authority of India (UIDAI) introduced two measures to ensure the privacy of all Aadhaar number holders, on Wednesday.

What is a virtual ID?

 

Virtual ID is a 16-digit number that can be generated by an Aadhaar card holder. Just like a one-time-password (OTP), this is a temporary number which will be valid for a limited amount of time (set by the UIDAI).

How will this virtual ID ensure that your Aadhaar number is secure?

Once this is implemented, you will have to share this virtual ID instead of your Aadhaar number for various authentication purposes like booking a hotel room, booking tickets, making financial transactions etc. Unlike your Aadhaar number, however, this virtual ID would be untraceable as it will be valid only for a fixed duration.

Related: What you need to know about linking your Aadhaar and PAN card?

What does limited KYC mean?

Limited Know Your Customer (KYC) refers to a KYC which would not have access to your Aadhaar card number. To enable limited KYC, UIDAI has divided Authentication User Agencies (AUA) into two categories – Global AUAs and Local AUAs.

An AUA can be any legal private, public or government agency, registered in India that uses Aadhaar authentication services offered by UIDAI.  

While global AUAs will have access to the e-KYC with your Aadhaar number, UIDAI will provide local AUAs with a unique identity (UID) token on receiving an authentication request from them.

Related: 6 Documents that must be linked with your Aadhaar card

How will this UID token secure your Aadhaar details?

This token is a 72-character alpha-numeric string which will be different for different local AUAs. Consequently, these agencies won’t store your Aadhaar card number and you will not have to worry about them misusing your Aadhaar number or details.

Related: Government makes linking Aadhaar number mandatory with several investments

Conclusion

“By limiting access to only those agencies mandated by law, the UIDAI has ensured that someone will not be able to combine database. It's a positive development in my view and technologically feasible," Kamlesh Bajaj, former CEO of the Data Security Council of India said, told The Economic Times.

To implement these measures as soon as possible, the UIDAI plans to release required APIs (application programming interfaces) by March 1, 2018. In its circular, UIDAI has also said that all the Authentication agencies using the Aadhaar database will need to upgrade their systems latest by June 1, 2018.

Related: 7 benefits of Aadhaar Card

Related Article