Aadhaar Goes Offline: These 2 Offline Aadhaar KYC Methods Will Become Mainstream Soon!
Supreme Court has strictly told all private companies not to store any Aadhaar data.
Supreme Court’s strong verdict on Aadhaar and its usage has compelled the Govt. to promote and encourage offline methods for performing KYC.
Here are two offline modes of doing Aadhaar based KYC, which is picking up momentum now, and Govt. is pushing them as well.
These two offline methods don’t require any biometric access and is considered 100% safe from hacking or stealing.
KYC With Offline Aadhaar: Method #1
Very few are aware about the QR code based KYC, which can be done for verifying Aadhaar data of any user.
In this method, the user will be required to download their QR codes from the UIDAI website. Now, based on the requirements, there are three types of QR Codes which can be downloaded: While two types of QR Codes have demographic details and photo, the other type of QR code has only demographics data.
These downloaded QR codes can be provided to the concerned parties who wish to perform the KYC, like banks, telecom operators etc.
They may have to download a QR Reader from the Internet, to access these QR Codes.
Hence, without sharing any biometric details, the user will be able to authenticate their Aadhaar, and perform the KYC, the offline way.
KYC With Offline Aadhaar: Method #2
Paperless 2KYC Forms
This is the plain ol’ Aadhaar eKYC forms, which can be downloaded from the UIDAI website. Based on the requirements, the user can opt for the data which will be visible in these eKYC forms – There are mainly 5 options which can be downloaded.
Name, Address will be present by default. Other fields such as Mobile number, Date of birth, Email Address and gender are optional.
Once downloaded, these eKYC forms can be physically sent to the parties which want to authenticate your Aadhaar data.
Again, no biometric data is being shared, and the transfer of information is 100% offline, with no online element.
Why These Offline Aadhaar Authentication Methods Are Safe?
- Since the data is directly downloaded from the UIDAI website, there is no way 3rd party will need to access UIDAI servers to match the data. Hence, the authentication process is safe and secured.
- UIDAI won’t be able to know where and why the downloaded data (QR Codes, eKYC) is being used. It can be used for opening a new bank account or buying a new SIM. Hence, user privacy and user-data are safe.
- 3rd parties and private companies which are required to conduct KYC will no longer be able to store any Aadhaar data, atleast digitally. Hence, another round of data protection.
As per reports coming in, Govt. is pushing and encouraging these two offline methods for Aadhaar based KYC, and very soon, they will become mainstream.
We will keep you updated, as more details come in.
Paytm, PhonePe, Freecharge Stop Using Aadhaar For KYC; What Is The Reason?
Aadhaar Delinking: Companies Are Still Asking To Send Digital Copies; Confusion Continues!
Jio, Airtel And Other Telcos Ordered To Create Aadhaar Delinking Plan In 15 Days
Image Source: https://www.livemint.com/Politics/nhOAqQ25hNXmveRQckWy6H/UIDAI-brings-updated-QR-code-for-offline-Aadhaar-verificatio.htm
This is not safe
– First of all, there is no 2-factor Authentication [Biometric or OTP] here so it is not secure for sure.
– The downloaded QR code and signed XML file from the UIDAI website can be stolen by malicious/phishing websites and reused.
Another concern is that this data [QR code and XML] are reusable.
– There is no access log of this data so the user will never know when was his Authentication done/Who accessed the E-KYC information. These logs were available with Auth and E-KYC.
The whole concept of sharing information without any audit logs of it for the user to examine is in itself insecure.
How and Why EKYC was better.
1. 2-Factor Auth required for each transaction. Just like in banking.
2. Each access was being logged.
3. SUB-AUA had no direct API access and was using secure gateways to access data like in payment gateways.
4. Aadhaar Number was phasing out for VID. And the unique response token allowed maintaining the uniqueness of customer, useful for saving fraud. And the token was different for every company hence no cross-linking of data.
And the biggest concern I see is the sheer volume of fraud that happens on paper-based KYC and offline KYC methods. Unverified data is an open gate for fraud. Now we will never know who is using our data offline once they get hands on it for other purposes because no OTP/Biometric will be required.
Getting the Aadhaar Number out of the system using VID and Token was a brilliant approach that got curbed before it flourished.
The government doesn’t understand that we end up giving our life choices when we log-in using Facebook on our website. While Aadhaar E-KYC was secure and robust for various companies to fuel the concept of A Digital India. Supreme Court just killed that hope and made everything less secure.
P.S. The article starts with “The Supreme Court has strictly told all private companies not to store any Aadhaar data.”
This means both offline and online it seems. So the government can only do this horrible offline E-KYC approach?