KYC or Know your customer, simply put is the process of identifying a customer with a goal of detecting and avoiding fraud in financial transactions, as such it is legally binding to financial institutions including banks and NBFC’s.
Read more on What is KYC? Why is it important?
eKYC is when KYC is done electronically. With respect to Aadhaar, eKYC is defined as
A paperless Know Your Customer (KYC) procedure, wherein the identity and address of the user are verified electronically through Aadhaar authentication.
UIDAI built eKYC with a goal of simplifying customer acquisition and processing, especially in the wake of Indian governments digital India initiative, eKYC played a vital role helping poor get bank accounts and access to credit when required.
With the explicit consent by the resident, the Aadhaar e-KYC service provides an instant, electronic “Proof of Identity” and “Proof of Address” along with date of birth and gender. In addition, it also provides the resident’s mobile number and email address to the service provider, which helps in further streamlining service delivery.
This shortened the customer onboarding time by more than half, helping service providers reduce operational cost accounted usually to in-person verification of potential customers.
How does it work?
Before we go into this you would need to understand Aadhaar based KYC is depends on the data that was given by the residents, in this case, the customer of the service provider to UIDAI at the time of Aadhaar creation or modification.
When an organisation like a bank or a telecom company needs to verify their customer, as the law mandates it and if they are looking at using Aadhaar eKYC for this. The service provider in question first needs to have a license from UIDAI that allows them access to eKYC API.
The process itself of acquiring a license is out of scope of this article.
Once the organisation is able to get a license, there are basic security setup approved by UIDAI, that needs to be implemented by the company before they can start using eKYC API.
The setup includes
- Setting up a secure Aadhaar data vault for storage of data.
- HSM for encryption of the data acquired on-premise
Once done organisation can start using eKYC API to verify users.
The verification process is simple, the customer has to provide her/his Aadhaar number along with exclusive consent to use their Aadhaar data to the service provider.
Once received, the service provider can use the API to send the 12 digit Aadhaar number to UIDAI which then responds back with demographic information connected to the Aadhaar number. This data i.e. name, address, phone number, gender, etc that is received from UIDAI can be used to verify the customer(s) in question.
Customers can also be authenticated using Aadhaar Auth, which is similar to KYC apart from the fact that it doesn’t share any details of the customers with the service provider. We have extensively written about Aadhaar Auth in the article linked below
What is Aadhaar Authentication and how is it different from Aadhaar eKYC?
How is eKYC different from Offline KYC?
Supreme court disallowed use of eKYC by private entities in India in its verdict of September 2018. UIDAI in the wake of this judgement pushed for usage of Offline Aadhaar to replace Aadhaar eKYC as means to verify customers.
Offline Aadhaar allows residents to share their details with agencies or organisations that want to KYC them. This can be done using either
- Offline Aadhaar XML
- Or QR Code
In case of Offline Aadhaar XML, the customer needs to visit the UIDAI website and enter an OTP to get access to a password protected, digitally signed XML packet, which contains;
- Name
- Address
- Photo
- Download reference number
- D.O.B/Y.O.B
- Gender
- Mobile Number (hashed format)
- Email (hashed format)
This XML packet can then be shared with the organisation or agency which is trying to KYC the customer. The digital signature from UIDAI within the XML file allows the service provider to verify its authenticity.
One of the major differences between Offline Aadhaar based KYC and Aadhaar eKYC is the fact that unlike eKYC, Offline Aadhaar doesn’t access UIDAI database directly and goes through an XML file download process to access demographic details.
Following is a comparison of both KYC methodologies,
At the core of it Offline KYC is not much different from Aadhaar eKYC, apart from the fact there are now more steps involved and its cheaper the eKYC, Aadhaar Offline KYC is as reliable, secure and almost as fast as eKYC.
