India’s digital identities programme Aadhaar is reviewed in depth by Chris Skinner, who also looks at other ID schemes on the radar.

I’ve blogged a lot about digital identities, but have failed to cover via an in-depth review of the largest identity program in the world: Aadhaar. It’s was remiss of me, but I’ve been waiting for the right moment and now seems to be that moment.

Aadhaar is well known for those in the identity field, but gets too little coverage overseas. For those who are not aware, it’s the Indian government’s identity scheme that started in 2009. That was when the Unique Identification Authority of India (UIDAI) was set up with the mandate to create a 12-digit unique identification number (UID) (called Aadhaar) for all residents of India. By April 2016, over a billion UIDs had been issued, and it was at this point that the government’s National Payments Corporation of India (NPCI) unveiled the Unified Payment Interface (UPI). UPI is designed to make person-to-person and ecommerce transactions swifter and easier.

What’s the lowdown?

Since the UIDAI and UID project was established in January 2009, the objective has been to provide a unique identification for all citizens of India. The card is based on biometrics – fingerprint and iris recognition – to identify the person, and is used for delivery of government welfare services in an efficient and transparent manner. The enrolment process is fairly simple …

… and once enrolled, the UID can be authenticated and verified quickly and easily online by government and other officials, such as using it to open a bank account. Before being enrolled in the programme, Indians were excluded from many banking services, government aid and related services that demanded identification.

The first Aadhaar was issued in 2010 and has grown rapidly to reach coverage of 93% of adults, 67% of children aged 5-18, and 20% of those aged 0-5. In 13 Indian states (there are 29 in total), Aadhaar coverage is over 90%, while in the next 13 states saturation is between 75-90%. In other words, in six years, the Indian government is near to achieving its target of every citizen in the country having a biometric ID card. The Prime Minister’s Office of India has a target of all adults to use Aadhaar by September 2016, and by March 2017 all 1.28 billion Indian citizens – adults and children – to have one.

That’s according to the government’s figures. According to Ujjivan Financial Services, one of the most prominent names in the micro-finance markets, just 77% of its customers have Aadhaar as of 15 July 2016. Even a member of the parliament, petroleum minister Dharmendra Pradhan, has said that 85% of the population has Aadhaar. In other words, the figures of coverage are not robust, but it can be assured that most (four out of five) Indian citizens have the ID card.

The issue is that in order to make all citizens use the card, it would mean the card being compulsory – something it isn’t today – and compulsion is still being debated (there are 15 petitions to block such a move in the courts ). “No service will be denied for lack of Aadhaar,” according to one senior government official, but the fact is that living in India is becoming harder and harder if you don’t have an Aadhaar number. For example, there are numerous areas where it’s compulsory, such as for the receipt of benefits from the government for the poorest people, and more and more banks and corporations are demanding the Aadhaar number before they will deal with you. For example, the major mobile network operators – Airtel, Reliance Jio, Vodafone – are now using Aadhaar as a replacement for paper proof of identification in a process they call eKYC.

This makes sense as the use of a digital identity scheme is saving companies a lot of cost overheads, from KYC to benefits distribution, as well as improving confidence and trust in identification and authentication accuracy. The Indian government estimates to have saved over Rs 27,000 crore (just over $400m) by using Aadhaar to manage payments to beneficiaries under various welfare schemes in the last two years, while getting rid of 16 million fake IDs (deleted), resulting in a further Rs 10,000 crore ($150m) savings.

It also makes sense, because the move towards offering mobile financial inclusion and mobile banking relies on an effective eKYC process.

Using Aadhaar for financial services

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Act”) was passed as a money bill on 16 March 2016, though the implementation date for the bill to come into force isn’t clear. The Act makes it mandatory for a person to authenticate her/his identity using the Aadhaar number before receiving any government subsidies, benefits or services. It also introduced the UPI, Unified Payments Interface. The penetration of bank accounts, and by extension debit cards and credit cards remain low in India, but the launch of the UPI is designed to bring banking and financial services to everyone.

Unveiled earlier this year by the National Payments Corporation of India (NPCI), the primary body that governs all retail payments in the country, UPI aims to propel the economy towards more cashless transactions by making person-to-person ecommerce transactions as fast and as easy as sending a text message. This would, among other things, help the government curb unreported money exchanges that aren’t subjected to tax (the number of non-cash transactions per person in India is only six per year).

The government is focused on using citizens’ smartphones as the computing platform for UPI. India is the world’s fastest growing smartphone market, with over 350 million smartphone users, and is projected to grow past 700 million by 2020.

The other integral focus of UPI is interoperability – allowing transactions across banks – by using the UID as a single identifier to make transactions. It’s built on top of IMPS protocol, a 24×7 and real-time transaction service. Yet, unlike IMPS, which requires the counterparties to have bank details (including account number and IFSC codes), UPI-enabled apps only require the 12-digit Aadhaar UID.

Most Indian banks are releasing UPI-enabled apps, such as ICICI Bank’s Pockets app, that allows peer-to-peer payments by users, including those who don’t have an ICICI Bank account.

According to Mashable, UPI offers payments from Rs 50 (75 cents) to Rs 100,000 ($1,500) in a single transaction, and is designed as a replacement for all the apps you need to make payments for online shopping, electricity bills, barcode-based payments and college tuition.

Russia, Morocco and countries from Africa have shown interest in replicating India’s Aadhaar project but, as the Financial Express highlights, much will now depend on how quickly these cards are linked with bank accounts. This is why Indian banks are urging users to link their Aadhaar number to their bank accounts through ATMs, internet banking portals and mobile banking applications, in line with an aggressive government drive.

In addition, there are other challenges with Aadhaar. For example, a key feature of the Aadhaar project is the Central Identities Data Repository (CIDR) – a centralised database that stores every individual’s personal information. But centralisation creates “a honeypot of sensitive data vulnerable to exploitation”, according to the Electronic Frontiers Foundation. Hence, if there were a new programme rollout today, it may be more appropriate to use a distributed ledger for the core identity authentication. Equally, there are other notable identity schemes out there such as those in Argentina, Estonia and Pakistan, that are worthy of consideration.

 Argentina

Documento Nacional de Identidad, or DNI (which means National Identity Document), is the main identity document for Argentine citizens, as well as temporary or permanent resident aliens. It’s issued at a person’s birth and is updated at 8 and 14 years of age simultaneously in one format: a card (DNI tarjeta); it’s valid if identification is required, and is required for voting. The front side of the card states the name, sex, nationality, specimen issue, date of birth, date of issue, date of expiry and transaction number, along with the DNI number and portrait and signature of the card’s bearer. The back of the card shows the address of the card’s bearer, along with their right thumbprint. The front of the DNI also shows a barcode, while the back shows machine-readable information. The DNI is a valid travel document for entering Argentina, Bolivia, Brazil, Chile, Colombia, Ecuador, Paraguay, Peru, Uruguay, and Venezuela. (System still operational in the country.)

 Estonia

The Estonian i-card is a smart card issued to Estonian citizens by the Police and Border Guard Board. All Estonian citizens and permanent residents are legally obliged to possess this card from the age of 15. The card stores data such as the user’s full name, gender, national identification number, and cryptographic keys and public key certificates. The cryptographic signature in the card is legally equivalent to a manual signature (since 15 December 2000). The following are a few examples of what the card is used for:

  • As a national ID card for legal travel within the EU for Estonian citizens
  • As the national health insurance card
  • As proof of identification when logging into bank accounts from a home computer
  • For digital signatures
  • For i-voting
  • For accessing government databases to check one’s medical records, file taxes, and so on
  • For picking up e-prescriptions.
  • (This system is also operational in the country and hasn’t been removed.)

 Pakistan

The Second Amendment to the Constitution of Pakistan in 2000 established the National Database and Regulation Authority in the country, which regulates government databases and statistically manages the sensitive registration database of the citizens of Pakistan. It’s also responsible for issuing national identity cards to the citizens of Pakistan. Although the card isn’t legally compulsory for a Pakistani citizen, it’s mandatory for:

  • Voting
  • Obtaining a passport
  • Purchasing vehicles and land
  • Obtaining a driving licence
  • Purchasing a plane or train ticket
  • Obtaining a mobile phone SIM card
  • Obtaining electricity, gas and water
  • Securing admission to college and other post-graduate institutes
  • Conducting major financial transactions.

Therefore, it’s pretty much necessary for basic civic life in the country. In 2012, NADRA introduced the Smart National Identity Card, an electronic identity card, which implements 36 security features. The following information can be found on the card and subsequently the central database: legal name, gender (male, female, or transgender), father’s name (husband’s name for married females), identification mark, date of birth, national identity card number, family tree ID number, current address, permanent address, date of issue, date of expiry, signature, photo and fingerprint (thumbprint).

READ NEXT: Digital identity – keeping ahead of fraud

– This article is reproduced with kind permission. Some minor changes have been made to reflect BankNXT style considerations. Read more here. Main photo: Anton Balazh, Shutterstock.com

About the author

Chris Skinner

Chris Skinner is an independent commentator on the financial markets through the Finanser, and chair of the European networking forum the Financial Services Club, which he founded in 2004. He is an author of numerous books covering everything from European regulations in banking through to the credit crisis, to the future of banking.

Leave a Comment