Aadhaar e-KYC Service
In India,customer needs to submit identity & address documents to several agencies to get the work done & this process of customer identification is known as “Know Your Customer”
Aadhaar KYC API eliminates complex,time consuming operations and provides agencies an electronic, paper-less KYC experience
by Using KYC API, agencies can carry electronic identity verification using biometrics/OTP- One Time Password (based on their choice) and obtain a digitally signed (by UIDAI) electronic identity document for storing within their system. This makes entire process simpler and cost effective for both customers and agencies.
e-KYC has certain Requirements which are listed below:
Need for KYC derives from membership in FATF/ATG for supporting AML/CFT initiatives
PMLA(Prevention of Money Laundering Act) enacted in India along with KYC rules
Basel III framework also requires banks to perform KYC
A Government-issued photo ID is required for KYC
Electronic KYC should have the ability to verify or provide demographic information and photograph
latest UIDAI authentication provides capability to verify collected demographic and biometric data
In order to address data-collection issues, photograph, and ease of use, a KYC architecture is proposed as an application of UIDAI authentication
Government Planned KYC Framework :
SEBI(Securities and Exchange Board of India) has defined the concept of a KRA (KYC Registration Agency)
Entities who take advantage of the electronic KYC (banks, brokerage houses, etc) are called KUA (KYC User Agency)
Other regulators contemplating the use of KRAs
The FM announced the creation of a central KYC repository in his Budget Speech (2012)
For enabling pure electronic KYC for Aadhaar holders, a 3-tier KYC architecture is proposed comprising of KUA –> KSA -> UIDAI
API Data Flow and High Level Logic
Fig1.0 API Data Flow and High Level Logic
KYC front-end application captures Aadhaar number and biometric/OTP(One Time Password) of resident and creates the encrypted PID block
KUA creates the Auth XML using the PID block, signs it, and uses that to form KYC XML and signs it and sends to KSA
KSA forwards the KYC XML to Aadhaar KYC API
Aadhaar KYC service authenticates the resident and if successful responds with digitally signed and encrypted demographic and photograph in XML format
Demographic data and photograph in response is encrypted with either KSA or KUA public key as defined in the Aadhaar server (CIDR)
KSA sends the response back to KUA enabling paper-less electronic KYC
Note:KSA can also form KYC XML on behalf of KUA. In that case, KSA needs to sign it.
High Level API Logic:
Validate XML structure
Validates KUA code, KSA code, and ensure they are valid KUAs/KSAs
Validates KUA/KSA signature
Validates that txn namespace and “rc”
Validates bio/otp flag to ensure it is “y”
Invokes authentication service
Validates “ra” attribute and ensures it matches “info” of Auth response
If successful, reads demographic data and photo using getDemographics API (common search API)
Create response XML and sign it
Write KYC audit (minimal audit details in RDBMS and entire response in HBase) in all cases
Encrypt the response (either with KSA/KUA key) and sends back
Send notification to resident