New Delhi: The Aadhaar issuing authority Unique Identification Authority of India (UIDAI) on Saturday said that its Virtual ID system is now operational as most of the authentication user agencies, including financial institutions have migrated to the new system. The Aadhaar Virtual ID is slated to be rolled out from 1 July.

The Virtual ID is a 16-digit random number mapped with Aadhaar number. It can only be generated, replaced or revoked by the Aadhaar number holder. It has been introduced so that the actual 12-digit Aadhaar number need not be shared for authenticating identity. The move is part of UIDAI’s initiative to put in place multi-layered security to reinforce privacy for Aadhaar holders.

Banks have been given time till 31 August to migrate to the new system which supports authentication using Virtual IDs and UID tokens.

“It has been observed that a number of AUAs have already migrated to production environment using APIs 2.5 for Virtual ID implementation and most of the remaining AUAs have tested Virtual ID and UID Token in pre-production environment APIs 2.5. We are requesting with these agencies to fully migrate to production environment by the stipulated date," UIDAI CEO Ajay Bhushan Pandey said in a statement.

UIDAI had in January said it would release necessary APIs (application programming interfaces) by 1 March. All agencies had been directed to make the necessary changes for the use of Virtual ID, UID token and limited KYC and operationalize it by 1 June, which got delayed by a month to 1 July.

UIDAI has introduced two categories of an Authentication User Agency (AUA)—an entity engaged in providing Aadhaar-enabled services. Local AUA, which is the limited KYC category and a global AUA, will have access to e-KYC using the Aadhaar number. An AUA may be a government, public or a private legal agency registered in India which uses Aadhaar authentication services provided by UIDAI.

All banks, be it commercial banks, payment banks, regional banks, rural banks, cooperative banks, small finance banks, life insurance companies and National Payments Corporation of India (NPCI) have been categorized as global AUAs. Prepaid payment instruments (PPIs), non-bank financial companies (NBFCs), telecom operators and non-life insurance companies are among those classified as local AUAs.

According to UIDAI, telecom companies and e-sign provider AUAs not using the upgraded systems beyond 30 June shall be charged 0.20 for every transaction performed. However, if these AUAs are able to complete migration to the new system by 31 July, the “authentication transaction charges imposed for the above said period of 1st to 31st July 2018 shall be waived off," it said.

In case of their failure, UIDAI shall be free to take actions under The Aadhaar Act, 2016, including imposition of financial disincentives and termination of license key, the statement added.

UIDAI also said that it is in the process of review of the classification of Global and Local AUAs based on the security and risk assessment of the authentication process of the AUAs. Pending this review, AUAs which were not classified earlier are now being provisionally classified.

On Thursday, Mint reported that the mobile wallet companies, categorised as local AUAs, will seek access to the Aadhaar database for customer authentication to comply with the stringent customer verification rules set by the Reserve Bank of India (RBI).

Close