Use OTPs only in the presence of customers: UIDAI

The Unique Identification Authority of India (UIDAI) has asked banks to provide Aadhaar-based onetime password (OTP) for opening of bank accounts only in the presence of the customer, in a banking outlet.

In a letter addressed to commercial banks, UIDAI Chief Executive Officer Ajay Bhushan Pandey cited instances of misuse of Aadhaar while opening accounts.

The direction is a huge blow to the banks that are heavily dependent on Aadhaar-based OTP authentication process for account opening (where the customers do not have to visit branches) or use tab banking to open accounts by visiting the customer’s residence.

“Banks may provide authentication and e-KYC facility (fingerprint, iris, OTP) at all banking outlets so that authentication/e-KYC can be done then and there in front of the customers,” the letter — a copy of which has been reviewed by The Hindu — said. The letter further noted that while banks are using various channels for collection of Aadhaar number from their customers, it was found by the UIDAI that the authentication of Aadhaar numbers was not carried out or authentication best practices were not followed.

“It has come to the notice of the UIDAI that there has been instances wherein: Aadhaar of person A got seeded with person B’s account to carry out fraudulent transaction,” the letter said.

“Stolen Aadhaar copy was used to open a bank account and obtain credit, debit card,” the letter said while citing another example.

The UIDAI said a fabricated Aadhaar card provided to a bank may result in fraud and loss of money, if the bank does not authenticate with finger print or OTP to adequately identify the Aadhaar holder.

According to RBI norms, there are limits for accounts that are opened through Aadhaar-based OTP authentication process, like deposits cannot exceed ₹1 lakh and full KYC requirements, which is submission of documents and giving biometric details, were needed to be made in 1 year.

Private sector lender Kotak Mahindra Bank, which had launched Aadhaar-based OTP authentication process for opening of accounts in March 2017, said last Tuesday that its customer base swelled from 8 million to 12 million within nine months of introducing the scheme. Since many other banks also offer similar schemes, bankers said account opening is likely to be hit following the UIDAI’s directions.