DoT asks telcos to tweak their systems to use virtual IDs in lieu of Aadhaar numbers
DoT also says telcos should give the option to mobile subscribers of quoting either Aadhaar number or virtual ID, but the operators should ensure that none of these numbers are stored in their database
New Delhi: The government has instructed telecom operators to tweak their systems and networks to enable use of virtual IDs in lieu of Aadhaar number and migrate to the ‘limited KYC (know your customer)’ mechanism for mobile subscribers.
The latest move is in line with the ensuing implementation of the new virtual ID system from 1 July, which users can quote instead of their Aadhaar number. The virtual ID system —a random 16-digit number mapped to a person’s Aadhaar number —is scheduled to be fully operational from next month. It aims to strengthen the privacy and security of Aadhaar data amid heightened concerns around the collection and storage of personal and demographic information of individuals.
“...all licencees shall implement the ....changes proposed by the UIDAI regarding use of Virtual ID as an alternative of Aadhaar number, UID tokens and limited KYC concept in their system/networks subject to the adherence of existing Aadhaar-based eKYC processes for issuing new mobile connection to subscribers and re-verification of existing mobile subscribers,” a notification by the Department of Telecom (DoT) has said.
It further said that licencees should “give the option to subscribers of feeding either Aadhaar number or virtual ID” as per the individual’s choice but the operators will be required to display the numbers in “masked form” at the point of sale terminal and ensure that none of these numbers are stored in their own system or database.
“The licencee (operator) shall then follow the eKYC process as per the existing instructions for new acquisition or re-verification....and after successful authentication of the subscribers, shall use a UID (Unique ID) token to ascertain the uniqueness of the subscribers and store the same along with other fields in the subscribers’ database,” it said.
The telcos will also be required to make necessary changes in their systems to replace the Aadhaar numbers of existing subscribers within the database with UID tokens.
Further, it has removed Aadhaar number from various parametres required to be included in the subscriber database, and introduced the 72-character UID token as a line item.
When contacted, Unique Identification Authority of India (UIDAI) CEO Ajay Bhushan Pandey termed the telecom department’s latest move as an “important step in protecting the privacy of the telecom subscribers”. “This also demonstrates that the VID and UID token mechanism which was announced by UIDAI in January, has been scaled up in a short span of time to a level where now more than one billion subscribers can actually use the facility,” Pandey told PTI.
Industry body COAI, which counts telecom service providers as its members, said companies are making best efforts to ensure the necessary updates in their IT systems to implement the suggested changes by 1 July, 2018.
“We believe that this step will provide convenience and confidence to the subscribers to get an authentic verification conducted without having the fear of giving their Aadhaar number,” Rajan S. Mathews, director general of Cellular Operators’ Association of India said in a statement.
The Aadhaar issuing body UIDAI had earlier informed the telecom department that all operators will have access to “limited KYC” and that these service providers will not store Aadhaar number or virtual ID of the customer while sending authentication or eKYC requests. “For all eKYC requests by telecom service providers (TSP), UIDAI as part of limited KYC response will share demographic data that is name, gender, date of birth and address along with face photo and UID token. Aadhaar number will not be shared with the TSP by UIDAI as part of limited KYC response,” the circular said.
Introduction of limited KYC will ensure that a verification request made does not return Aadhaar number and only provides agency-specific UID token to eliminate the situation of many entities storing Aadhaar number while still enabling paperless KYC.