This afternoon I sold a used mobile phone to a second-hand site. The site had a really sophisticated user experience including a very elegant Android app for the agent who came and inspected the phone and then made a payment to me. However he needed to have a proof of ID - and I produced my Aadhaar letter that he promptly photographed. Of course he would've done the same with a Drivers License or a PAN or a Passport - and I would've been none the worse - but the sad reality is that if only Aadhaar API's had been opened to the company, both sides could've been MUCH better off!
For those who understand the architecture of Aadhaar, it is distressing to see the way Aadhaar is being used with people making photocopies or taking photos - in several cases, Aadhaar is being used in a WRONG.
However, the simplicity of the design of Aadhaar means that if the UIDAI takes some swift steps vis-a-vis policies and communication, Aadhaar can be widely used by all in a safe and secure manner and in the most consumer friendly manner too.
Here are my top 3 recommendations:
1. STOP THE USE OF PHOTOGRAPH or PHOTOCOPY of Aadhaar
Aadhaar is an ONLINE identity - and a Photograph or PhotoCopy of Aadhaar should have zero value. It is appalling that even the most progressive of banks in the country accept a photocopy of the Aadhaar letter knowing fully well that the letter has no security measures - the only way to validate an Aadhaar is via an online API call.
When the whole country is learning to make payments by scanning a QR code, anyone requesting you for an ID should be able to scan my Aadhaar letter QR Code and verify it - perhaps the existing mAadhaar app can be enhanced with this functionality that can also be exposed as an Android Intent for other applications to integrate.
2. Open up Auth & (at least) OTP-based eKYC
Authentication and (at least) OTP-based eKYC API's should be instantaneously made available as Sub-AUA or Sub-KUA to ALL legal entities in India.
The combination of points 1 and 2 are far more secure for the consumer that the photograph or photocopy of the Aadhaar letter.
3. Share & Verify on mAadhaar
Make sharing of a non-fakeable, "Digitally Signed Aadhaar" through the mAadhaar application very convenient - with very easy authentication by the receiving party if it also has an mAadhaar app.
These three policies & solutions coupled with the recently introduced VID & Tokenization and Limited KYC will go a long way in increasing the correct use of Aadhaar, increasing adoption and ensuring privacy and security for all. It is time we get to reap the benefits of the tremendous investment made in Aadhaar - one which is the envy of the whole world, and one we have worked hard to build!
Note: I used to be a volunteer at UIDAI for a year in the very early days.
About the Author -
Sanjay Swamy is an Entrepreneur & Early-Stage Fintech Investor! #DigitalPayments & #Financial Services Fanatic! #IndiaStack_Evangelist!
This article was originally published on Linkedin
If you believe you are building the next big thing, let’s make it happen.