RBI considering UID for banking authentication

by Ashwani Mishra    Aug 25, 2011

The Reserve Bank of India (RBI) is contemplating use of biometric data captured for Unique Identification (UID) issued under the government’s Aadhaar project.

According to RBI, a working group looking to enhance security of present card transactions noted that Aadhaar biometric data would serve as a secure second factor of authentication even for magnetic stripe cards. This will prevent the mandatory need to shift over to a chip and pin card system, which has considerable cost implications for the industry.

“The chip cards are an expensive alternative for banks compared to the magnetic stripe cards. As a bank we believe that as and when the biometric authentication gains footing for transactions other than micro ATMs, we shall see the Point of Sale terminals also adopting this method of authentication in a big way,” says Anand Gupta, EVP and Head, Alternate Channels, Dhanlaxmi Bank.

He adds that this step will not only act as a secure second factor authentication, but also help eliminate losses to banks on account of card data compromise or frauds.

According to sources, the Aadhaar biometric data with The Unique Identification Authority of India (UIDAI) shall act as the central repository for authenticating all transactions where the customer has already enrolled into the Aadhaar scheme, specifically for transactions originating at the ATMs.

“The biometric authentication reinforces the security aspect of the card transaction,” says Gupta.

As of June this year, there were around 24 crore debit card users and 1.8 crore people had credit cards. As per the RBI, the number of POS terminals in the country is about 5.6 lakh and there are 70,000 ATMs.

Since last year, the RBI has made a two factor authentication mandatory at banks for all delivery channels. The RBI guidelines and impending Basel III compliance are compelling financial institutions to rethink the way information is secured and managed.

“In an attempt to clamp down on the increasing digital frauds, the industry regulators (RBI and IRDA) are putting in place stringent regulations and governance mandates,” says K M Asawa, GM (Dataware House and MIS) at Bank of Baroda.

In May 2011, RBI issued its comprehensive guidelines for banks that covered various areas of IT Governance, information security etc in terms of electronic banking channels like internet banking, ATMs, cards, cyber frauds; business continuity planning, customer education and legal issues.

The UIDAI uses a Fraud Detection Application to detect and reduce identity fraud. For example, identifying fraud scenarios that the application needs to handle include misrepresentation of information, multiple registrations by same resident, registration for non-existent residents, or impersonating someone else.