It is reported that RBI is considering use of Aadhar as a second factor authentication for Credit Card transactions.
The cost of upgrading the card swipe mechanism at the merchants with a biometric capable instrument is being held as a stumbling block. However it is also necessary to examine if the move has legal sanction.
First of all the UIDAI bill is yet to become law. A case is before the Supreme Court to decide the examine the validity of the scheme. But the Government is going ahead with the scheme to render it more and more difficult for Courts to cancel the scheme.
Further the current move talks of using aadhar for “authentication”. It is to be noted that “Authentication” of a customer’s instructions is the prime responsibility of the Bank.
The move proposed by RBI means that UIDAI will be used as an outsource partner of the Bank to examine and authenticate a customer of the Bank. This raises the question as to whether in this process the “UIDAI” will act as an “Officer” of the Bank and “Pass Payment Instructions of the customer” and if so whether this is legally within the mandate of Banking.
If however this system of “Outsourcing” is to be legitimized, the Bank has to execute an SLA with the UIDAI authorities and follow the instructions on information security issued by RBI for “Outsourcing”.
If these considerations are not taken into account, the move will be contradicting RBI’s own earlier instructions.