Use of Aadhar for Cardholder authentication

It is reported that RBI is considering use of Aadhar as a second factor authentication for Credit Card transactions.

Report in TOI here

The cost of upgrading the card swipe mechanism at the merchants with a biometric capable instrument is being held as a stumbling block. However it is also necessary to examine if the move has legal sanction.

First of all the UIDAI bill is yet to become law. A case is before the Supreme Court to decide the examine the validity of the scheme. But the Government is going ahead with the scheme to render it more and more difficult for Courts to cancel the scheme.

Further the current move talks of using aadhar for “authentication”. It is to be noted that “Authentication” of a customer’s instructions is the prime responsibility of the Bank.

The move proposed by RBI  means that UIDAI will be used as an outsource partner of the Bank to examine and authenticate a customer of the Bank. This raises the question as to whether in this process the “UIDAI” will act as an “Officer” of the Bank and “Pass Payment Instructions of the customer” and if so whether this is legally within the mandate of Banking.

If however this system of “Outsourcing” is to be legitimized, the Bank has to execute an SLA with the UIDAI authorities and follow the instructions on information security issued by RBI for “Outsourcing”.

If these considerations are not taken into account, the move will be contradicting RBI’s own earlier instructions.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, RBI, Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.