The Aadhaar issuing authority Unique Identification Authority of India (UIDAI) on Saturday said it has made Virtual ID (VID) system operational with its Authentication User Agencies (AUAs) which have migrated to VID and UID Token.
Telecom companies and E-sign provider AUAs not using API version 2.5 and e-KYC API 2.5 starting July 1 shall be charged Rs. 0.20 for every transaction performed, read a statement.
However, as an incentive to expedite the migration process to VID (via Auth API 2.5), UIDAI has decided that in case an AUA has fully migrated to APIs 2.5 by July 31, then the authentication transaction charges imposed for the above said period of July 1-31 shall be waived off.
Also, for all the other AUAs including banks, it has been decided that they shall migrate to VID and UID Token using Auth API 2.5 and e-KYC API 2.5 by August 31.
"It has been observed that a number of AUAs have already migrated to production environment using APIs 2.5 for VID implementation and most of the remaining AUAs have tested VID and UID Token in pre-production environment APIs 2.5. We are requesting with these agencies to fully migrate to production environment by the stipulated date," Dr Ajay Bhushan Pandey, CEO, UIDAI, said.
He further reiterated that VID is a critical security measure for protecting residents' privacy and their Aadhaar numbers. With the introduction of Virtual ID, an Aadhaar holder will have an option of not sharing his/her Aadhaar number and can generate a Virtual ID to share with AUAs to perform Aadhaar based authentication.
Pandey further explained that the authentication ecosystem varies from AUA to AUA.
It is observed that in certain AUAs, the authentication is always done in a controlled environment in the presence of their own regular staff while in case of some AUAs, the authentication is performed in the presence of their agents who many a time cater to more than one AUA.
Sometimes these agents in addition to AUA specific activity are also involved in other business activities.
Therefore, "it is imperative that on the basis of level of supervision in authentication ecosystem and the risk assessment, the VID/UID Token associated security features should be implemented in certain category of AUAs sooner without any delay", Pandey said.
He added that UIDAI is further in the process of review of the classification of Global and Local AUAs based on the security and risk assessment of the authentication process of the AUAs.
"UIDAI, in near future, proposes to introduce other forms of Aadhaar data verification and the same may be provided to AUAs for identity verification in lieu of global or local, as per our review and assessment," Pandey stated.
AUAs have been asked to make necessary changes in their front-end client application to accept Aadhaar number as well as Virtual ID and in Backend application to consume the UID Token and Limited KYC data immediately.