UIDAI to use new two-step security system from June to ensure Aadhaar details stay private
It has put in place a new safety system to ensure that actual Aadhaar details are never revealed, after concerns over data breaches.
The Unique Identification Authority of India on Wednesday said it is introducing a two-step verification process to ensure users will never have to share their actual Aadhaar numbers, reducing chances of its misuse, and increasing privacy.
The move to introduce this safety net comes after The Tribune, on January 4, alleged that the Aadhaar data of millions of users was easily accessible. Earlier, a think tank affiliated with the Reserve Bank of India had also flagged problems related to the Aadhaar system, including security concerns, the quality of authentication, and its unclear financial benefits.
Here’s how the new system would work: Starting June 1, all Aadhaar transactions will take place with a virtual ID – a 16-digit, randomly-generated number that will be used for authentication to avail services, instead of the actual Aadhaar number. This virtual ID is temporary and can only be generated by the user. It will not reveal any of the user’s Aadhaar details. UIDAI has systems in place for the user to change the virtual ID or retrieve it if they forget.
The second safety net is “limited KYC”, a mechanism which will regulate how Aadhaar details are stored in the databases of different agencies, such as banks or telecom companies.
Instead of revealing the Aadhaar number, the limited KYC system will generate a unique ID for the different agencies that need the Aadhaar details. This way, the actual Aadhaar data of users does not get stored on any database.
All agencies will migrate to the new system by June 1, the UIDAI said.