from  individuals for the purpose of enrolling them   ical  as  well  as  electronic  payment  and  settlement
            into the Aadhaar system.                           systems.
               The biometric and demographic data is main-       NPCI has collaborated with Unique Identification
            tained in a Central Identities Data Repository (CIDR),   Authority of  India  (UIDAI) to create  a centralised
            identity claims and authentication services are pro-  Aadhaar mapper. It maintains an association between
            vided through open Application Programming Inter-  customer's Aadhaar number, mobile number, and
            faces (APIs) with yes/no answers. Several applica-  Bank accounts. This central repository can be used
            tions like eSign, digital locker, mobile banking apps   to  route  payment  instructions  based  on  Aadhaar
            etc. use Aadhaar biometric based authentication    number or mobile number. The Aadhaar mapper, at
            services.                                          present acts as an enabler for payment owing to the
               UADAI provides the following functional process-  Aadhaar number mapping to the Account number as
            es to enroll and verify identity of users of Aadhaar  the financial address. NPCI has already build capabil-
                                                               ities such as the e-KYC and Aadhaar Payment Bridge
            •   Enrolment  process:  creating  and  storing  an   (APB) system around this enablement. Unified Pay-
                enrolment data record for an individual who is   ment Interface (UPI), Immediate Payment System
                the subject of a biometric capture process in   (IMPS), and National Unified USSD Platform (NUUP)
                accordance with the enrolment policy. The sub-  can take advantage of Central Mapper for fetching
                ject usually presents his/her biometric charac-  and routing their payments. Hence having such a
                teristics to a sensor along with his/her identity   common repository can create a great process value
                reference. The captured biometric sample is pro-  add, for overall payment ecosystem and consequent-
                cessed to extract the features which are enrolled   ly to the end customer.
                as a reference in the enrolment database with
                identity reference.                            2�4  Authentication and e-KYC for DFS
            •   Verification process: testing a claim that an indi-  UIDAI  offers  two  types  of  services/facilities  for
                vidual who is the subject of a biometric capture   private sector and DFS providers:
                process is the source of a specified biometric
                reference. The subject presents his/her identity   a)  Authentication services to authenticate identity
                reference  for  a  claim  of  identity  and  biometric   claim in the form of Yes/No using biometric or
                characteristic(s) to the capturing device, which   Mobile OTP; and
                acquires biometric sample(s) to be used for    b)  E-KYC (Electronic Know your Customer) authen-
                comparison with the biometric reference linked    tication explicitly allowing UIDAI to share their
                to  the  identity reference  for  identification.  The   demographic data with the requesting party only
                verification process has a possibility of impact-  after Aadhaar holder's consent.
                ing a subject's information privacy, since this pro-
                cess requires both biometric reference and iden-  To explain how the authentication and e-KYC services
                tity reference. The identification process requires   work a brief overview of the Aadhaar authentication
                exhaustive search of enrolment database. So, this   and KYC ecosystem is provided first, which, describes
                also has a possibility of impacting on subject's   the role of each stakeholder.
                physical privacy. Verification is generally con-
                sidered to be less privacy intrusive than identi-  2.4.1   Aadhaar authentication ecosystem
                fication. In Aadhaar system verification is done   The Aadhaar authentication ecosystem has following
                via online authentication having only a "yes/no"   agencies:
                answer.
                                                               a)  AUA (Authentication User Agency)

            2�3  National Payments Corporation of India        AUA connects to the Aadhaar Database and uses
            While Aadhaar system provide basic identity authen-  Aadhaar authentication to validate a user and enable
            tication, National Payments Corporation of India   its services. Examples of  AUAs are banks, various
            (NPCI), an umbrella organization set up with the   state and central government ministries provid-
            guidance and support of the Reserve Bank of India   ing services such as the Public Distribution System
            (RBI) and Indian Banks Association (IBA) provides   (PDS), the National Rural Employment Guarantee
            infrastructure to the entire Banking system for phys-  Scheme (NREGS), and private agencies like mobile
                                                               phone operators. An AUA is required to enter a



           14    e-KYC use cases in digital financial services