An Aadhaar biometric identity card, issued by the Unique Identification Authority of India (UIDAI). (Photographer: Dhiraj Singh/Bloomberg)

UIDAI Restricts Digital Wallets From Accessing Aadhaar Database

Aadhaar issuing body UIDAI has restricted access of digital wallet companies to its database citing security concerns.

The Unique Identification Authority of India segregated entities as local and global authentication user agencies, and classified digital wallet companies as local authentication user agencies and given them only partial access to its Aadhaar database, according to a letter from UIDAI to authentication agencies dated May 16. Only banks including payment banks, which have been classified as global authentication user agencies will have unrestricted access to the database, the letter added.

That’s because most payment companies do not have the requisite infrastructure to protect the data, the UIDAI added. “Some entities required to verify clients with Aadhaar number may not have the requisite security systems needed to use or store these numbers and have been precluded from the list of global AUAs.” BloombergQuint has accessed and reviewed a copy of the letter.

This means that all payment firms such as Mobikwik and PhonePe can not do an electronic KYC and must depend on customers to provide their virtual Aadhaar numbers for authentication. According to Reserve Bank of India guidelines, digital wallet companies were mandated to ensure complete know-your-customer of their customers to be able to offer the full set of payment services.

The development was first reported by the Economic Times newspaper.

“We are stuck,” Sameer Nigam, founder of PhonePe, said over the phone. “We have millions of people consumer stuck due to sub-optimal experience because they can’t complete the KYC.”

PhonePe was among the dozens of financial technology companies including Citrus Pay, that were unable to do verification of the customers for almost two months now. That’s after the Aadhaar database authority reportedly blocked agencies that provided these verification services. These companies rely heavily on Aadhaar for seamless, cost-effective customer verification through KYC and authentication agencies.

Now with this new circular, that will come in force from July 1, other digital wallet and payment firms such as MobiKwik and Oxigen will not be able to do an eKYC either.

“This is making the KYC more challenging,” Bipin Preet Singh, chief executive officer of Mobikwik said over the phone. “We do not agree with the assessment that there is a security issue. We will be working to make sure so that we can do KYC properly.”

Nigam of Phone Pe said the company has already made an individual representation to RBI and UIDAI in this regard.