The government has instructed telecom operators to tweak their systems and networks to enable use of Virtual IDs in lieu of Aadhaar number and migrate to the 'limited KYC' mechanism for mobile subscribers.
The Virtual ID system -- a random 16-digit number mapped to a person's Aadhaar number -- is scheduled to be fully operational from next month. It aims to strengthen the privacy and security of Aadhaar data amid heightened concerns around the collection and storage of personal and demographic information of individuals.
"...all licencees shall implement the ....changes proposed by the UIDAI regarding use of Virtual ID as an alternative of Aadhaar number, UID tokens and limited KYC concept in their system/networks subject to the adherence of existing Aadhaar based eKYC processes for issuing new mobile connection to subscribers and re-verification of existing mobile subscribers," a notification by the Department of Telecom (DoT) has said.
It further said that licencees should "give the option to subscribers of feeding either Aadhaar number or Virtual ID" as per the individual's choice but the operators will be required to display the numbers in "masked form" at the point of sale terminal and ensure that none of these numbers are stored in their own system or database.
"The licencee (operator) shall then follow the eKYC process as per the existing instructions for new acquisition or re-verification....and after successful authentication of the subscribers, shall use a UID (Unique ID) token to ascertain the uniqueness of the subscribers and store the same alongwith other fields in the subscribers' database," it said.
Further, it has removed Aadhaar number from various parametres required to be included in the subscriber database and introduced the 72-character UID token as a line item.
The Unique Identification Authority of India (UIDAI), the Aadhaar issuing body, had earlier informed the Telecom Department that all operators will have access to "limited KYC" and that these service providers will not store Aadhaar number or Virtual ID of the customer while sending authentication or eKYC requests.
"For all eKYC requests by telecom service providers (TSP), UIDAI as part of limited KYC response will share demographic data that is name, gender, date of birth and address alongwith face photo and UID token. Aadhaar number will not be shared with the TSP by UIDAI as part of limited KYC response," the circular said.
Introduction of limited KYC (know your customer) will ensure that a verification request made does not return Aadhaar number and only provides agency-specific UID token to eliminate the situation of many entities storing Aadhaar number while still enabling paperless KYC.