Amid outcry over reported Aadhaar data breach, the Unique Identification Authority of India (UIDAI) has come up with a 2-layer safety net to limit the use of the 12-digit code.
The UIDAI today said that it will create a Virtual ID and limit the Know Your Customer (KYC) for data safety.
The Virtual ID, which would be a random 16-digit number, together with biometrics of the user would give any authorised agency like a mobile company, limited details like name, address and photograph, which are enough for any verification. The Virtual ID will end the need to share user's Aadhaar number at the time of authentication. This Virtual ID will it impossible for anyone to locate the Aadhaar.
Officials said a user can generate as many Virtual IDs as he or she wants. The older ID gets automatically cancelled once a fresh one is generated.
The virtual ID, to be offered from March 1, should address the privacy concerns of those wary of sharing a number linked to all personal know-your-customer or KYC details as well as iris scans and fingerprints.
From June 1, 2018 it will be compulsory for all agencies that undertake authentication to accept the Virtual ID from their users. Agencies that do not migrate to the new system to offer this additional option to their users by the stipulated deadline will face financial disincentives.
”Aadhaar number holder can use Virtual ID in lieu of Aadhaar number whenever authentication or KYC services are performed. Authentication may be performed using the Virtual ID in a manner similar to using Aadhaar number,” a UIDAI circular said.
As many as 119 crore biometric identifiers have been issued so far and income tax department, banks, mobile-telephony companies, government-owned companies and departments providing subsidised items now require users and beneficiaries to link their Aadhaar number with PAN or permanent account number, bank accounts and ration cards.
The move comes a day after an RBI-backed report found that the benefits of the country’s biometrics-based identity system are unclear.
The announcement of the virtual Aadhaar ID comes days after newspaper Tribune exposed how insecure was the Aadhaar authentication system and how it was leaking information of over a billion Aadhaar holders, including their Aadhaar number and demographic details. However, in the wake of the news UIDAI claimed that Aadhaar was completely secure and that leaking of demographic details didn't matter.