I’ve blogged a lot about digital identities, but failed to cover an in-depth review of the largest identity program in the world: Aadhaar. It’s been very remiss of me, but I’ve been waiting for the right moment and now seems to be that moment.
Aadhaar is well known for those in the identity field, but gets too little coverage overseas and, for those who are not aware, it is the Indian government’s identity scheme that started in 2009. That was when the Unique Identification Authority of India (UIDAI) was set up with the mandate to create a 12-digit Unique Identification (UID) Number (termed as Aadhaar) for all the residents of India. By April 2016, over a billion UIDs had been issued, and it was at this point that the government’s National Payments Corporation of India (NPCI) unveiled the Unified Payment Interface (UPI). UPI is designed to make person-to-person and e-commerce transactions swifter and easier.
What’s the low-down?
Since the UIDAI and UID project was established in January 2009, the objective has been to provide a unique identification for all citizens of India. The card is based upon biometrics – fingerprint and iris recognition – to identify the person and is used for delivery of government welfare services in an efficient and transparent manner. The enrolment process is fairly simple …
… and once enrolled, the UID can be authenticated and verified quickly and easily online by government and other officials, such as using it to open a bank account. Before being enrolled in the program, Indians were excluded from many banking services, government aid and related services that demanded identification.
The first Aadhaar was issued in 2010 and it has grown rapidly to reach coverage of 93% of adults, 67% of children aged 5-18 and 20% of those aged 0 to 5. In 13 Indian states – there are 29 in total – Aadhaar coverage is over 90% whilst, in the next 13 states, saturation is between 75-90%. In other words, in six years, the Indian government is nearing achieving its target of every citizen in the country having a biometric ID card. The Prime Minister’s Office of India has a target of all adults to use Aadhaar by September 2016 and, by March 2017, all 1.28 billion Indian citizens – adults and children – to have one.
That’s according to the government’s figures. According to Ujjivan Financial Services, one of the most prominent names in the microfinance markets, just 77% of its customers have Aadhaar as on 15 July 2016. Even a member of the Parliament, Petroleum Minister Dharmendra Pradhan, has said that 85% of the population have Aadhaar. In other words, the figures of coverage are not robust, but it can be assured that most (4 out of 5) Indian citizens have the ID card.
The issue is that in order to make all citizens use the card would mean the card would be compulsory – something it isn’t today – and compulsion is still being debated (there are 15 petitions to block such a move in the courts ). “No service will be denied for lack of Aadhaar”, according to one senior government official, but the fact is that living in India is becoming harder and harder if you don’t have an Aadhaar number. For example, there are numerous areas where it is compulsory, such as for the receipt of benefits from the government for the poorest people, and more and more banks and corporations are demanding the Aadhaar number before they will deal with you. For example, the major mobile network operators – Airtel, Reliance Jio, Vodafone – are now using Aadhaar as a replacement for paper proof of identification in a process they call eKYC.
This makes sense as the use of digital identity scheme is saving companies a lot of cost overheads, from KYC to benefits distribution, as well as improving confidence and trust in identification and authentication accuracy. The Indian Government estimates to have saved over Rs 27,000 crore (just over $400 million) by using Aadhaar to manage payments to beneficiaries under various welfare schemes in the last two years, whilst getting rid of 16 million fake IDs have been deleted resulting in a further Rs 10,000 crore ($150 million) savings.
It also makes sense as the move towards offering mobile financial inclusion and mobile banking relies on an effective eKYC process.
Using Aadhaar for Financial Services
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Act”) was passed as a money bill on March 16, 2016, although the implementation date for the bill to come into force is not clear. The Act makes it mandatory for a person to authenticate her/his identity using the Aadhaar number before receiving any government subsidies, benefits or services. It also introduced the UPI, Unified Payments Interface. The penetration of bank accounts, and by extension, debit cards and credit cards remain low in India, but the launch of the UPI is designed to bring banking and financial services to everyone.
Unveiled earlier this year by the National Payments Corporation of India (NPCI), the primary body that governs all retail payments in the country, UPI aims to propel the economy towards more cashless transactions by making person-to-person e-commerce transactions as fast and easy as sending a text message. This would, among other things, help the government curb unreported money exchanges that aren’t subjected to tax (the number of non-cash transactions per person in India is only six per year).
The government is focused upon using citizens’ smartphones as the computing platform for UPI. India is the world’s fastest growing smartphone market with over 350 million smartphone users, and projected to grow past 700 million by 2020.
The other integral focus of UPI is interoperability — allowing transactions across banks — by using the UID as a single-identifier to make transactions. It is built on top of IMPS protocol, a 24×7 and real-time transaction service but, unlike IMPS which requires the counterparties to have bank details including account number and IFSC codes, UPI-enabled apps only the 12-digit Aadhaar UID.
Most Indian banks are releasing UPI-enabled apps, such as ICICI Bank’s Pockets app, that allows peer-to-peer payments by users including those who don’t have an ICICI Bank account.
According to Mashable , UPI offers payments from Rs 50 (75 cents) to Rs 100,000 ($1,500) in a single transaction, and is designed as a replacement for all the apps you need to make payments for online shopping, electricity bills, barcode-based payments and college tuition.
Russia, Morocco and countries from Africa have shown interest in replicating India’s Aadhaar project although, as the Financial Express highlights, much will now depend on how quickly these cards are linked with bank accounts. That is why Indian banks are urging users to link their Aadhaar number to their bank accounts through ATMs, internet banking portals and mobile banking applications, in line with an aggressive government drive.
In addition, there are other challenges with Aadhaar. For example, a key feature of the Aadhaar project is the Central Identities Data Repository (CIDR) – a centralised database that stores every individual’s personal information. But centralisation creates “a honeypot of sensitive data vulnerable to exploitation”, according to the Electronic Frontiers Foundation. Hence, if there were a new program rollout today, it may be more appropriate to use a distributed ledger for the core identity authentication. Equally, there are other notable identity schemes out there such as those in Argentina, Estonia and Pakistan, that are worthy of consideration.
Documento Nacional de Identidad or DNI (which means National Identity Document) is the main identity document for Argentine citizens, as well as temporary or permanent resident aliens. It is issued at a person’s birth, and updated at 8 and 14 years of age simultaneously in one format: a card (DNI tarjeta); it’s valid if identification is required, and is required for voting. The front side of the card states the name, sex, nationality, specimen issue, date of birth, date of issue, date of expiry, and transaction number along with the DNI number and portrait and signature of the card’s bearer. The back side of the card shows the address of the card’s bearer along with their right thumb fingerprint. The front side of the DNI also shows a barcode while the back shows machine-readable information. The DNI is a valid travel document for entering Argentina, Bolivia, Brazil, Chile, Colombia, Ecuador, Paraguay, Peru, Uruguay, and Venezuela. (System still operational in the country)
The Estonian i-card is a smart card issued to Estonian citizens by the Police and Border Guard Board. All Estonian citizens and permanent residents are legally obliged to possess this card from the age of 15. The card stores data such as the user’s full name, gender, national identification number, and cryptographic keys and public key certificates. The cryptographic signature in the card is legally equivalent to a manual signature, since 15 December 2000. The following are a few examples of what the card is used for:
- As a national ID card for legal travel within the EU for Estonian citizens
- As the national health insurance card
- As proof of identification when logging into bank accounts from a home computer
- For digital signatures
- For i-voting
- For accessing government databases to check one’s medical records, file taxes, etc.
- For picking up e-Prescriptions
- (This system is also operational in the country and has not been removed)
The Second Amendment to the Constitution of Pakistan in 2000 established the National Database and Regulation Authority in the country, which regulates government databases and statistically manages the sensitive registration database of the citizens of Pakistan. It is also responsible for issuing national identity cards to the citizens of Pakistan. Although the card is not legally compulsory for a Pakistani citizen, it is mandatory for:
- Obtaining a passport
- Purchasing vehicles and land
- Obtaining a driver licence
- Purchasing a plane or train ticket
- Obtaining a mobile phone SIM card
- Obtaining electricity, gas, and water
- Securing admission to college and other post-graduate institutes
- Conducting major financial transactions
Therefore, it is pretty much necessary for basic civic life in the country. In 2012, NADRA introduced the Smart National Identity Card, an electronic identity card, which implements 36 security features. The following information can be found on the card and subsequently the central database: legal name, gender (male, female, or transgender), father’s name (husband’s name for married females), identification mark, date of birth, national identity card number, family tree id number, current address, permanent address, date of issue, date of expiry, signature, photo, and fingerprint (thumbprint).