eKYC – Know Your Customer unassisted using Aadhaar, OTP and Face Biometrics

Context

Know Your Customer (KYC) is essential for obtaining Financial, Healthcare, Insurance, and Telecom services around the world. In the Indian context, until Aadhaar opened up its APIs, KYC was a laborious process costing billions to services providers and inconveniencing customers with a mountain of paper identity documents. The thoughts here are confined to the Banking sector but applies to other sectors equally.

eKYC “assisted”

With the advent of electronic KYC or eKYC using the Aadhaar biometrics platform, things haven’t changed a lot. It certainly has reduced paper documents. However, eKYC is still done in “assisted” mode – meaning either the customer has to be present at the Bank or a Bank Executive has to reach the customer to collect the biometric data. Besides, in most Banks, a paper trail is still maintained despite the biometrics data – reasons best known to themselves. What was costing the Banks earlier is what is costing today – perhaps more with the new biometric devices and the cost to maintain them.

eKYC “unassisted”

The Reserve Bank of India (RBI) took a significant step in December 2016 to allow opening of deposits and borrower accounts using OTP based eKYC, albeit with some restrictions (RBI notification on 08 December 2016, Chapter VI – Customer Due Diligence (CDD) Procedure – Clause 17 and 38 amendments). This has opened up the opportunity to provide this service to customers at the comfort of their homes at a vastly reduced cost to Banks. This would satisfy the two-factor authentication needed by RBI and would suffice to open an Account. However, with increasing volumes (500 million eKYCs projected for 2020 by UIDAI), and the possibility for this service to be abused through third party fraud, this would need additional authentication to ensure that the person completing the transaction is who he really says he is (as close to a physical check).

eKYC “unassisted” with three factor authentication – Aadhaar, OTP and Face Biometrics

To solve this particular problem, FRS Labs rolled out the “Atlas eKYC” solution – fully integrated with Aadhaar – with face biometrics as the third factor of authentication (watch the 60 second video here). While the face is captured by UIDAI as the third biometric element (fingerprints and IRIS being the other two), RBI has not mandated the use of face for biometric authentications – for reasons that face is considered not as unique as fingerprints and certainly not IRIS – and the false acceptance rates (e.g. twins) could be high and that people’s faces change over time – but as always research contradicts this notion and there are plenty of evidence to prove that face is a reliable biometric feature. And it can only get better.

Notwithstanding, RBI has not specified that face could not be used if a commercial organisation wishes to do so as additional factor of authentication to protect their businesses and consumers, so long as the mandatory 2 factor authentication is in force. In a similar tone, RBI has not ruled out authenticating customers using their voice (another biometric element not in Aadhaar). ICICI Bank and Citibank have rolled out voice biometrics to authenticate customers to call centres is a case in point – It is still two factor authentication (the registered mobile phone as the first factor and the consumer’s voice as the second factor of authentication). Therefore, there is a great opportunity here for Banks to provide face biometrics as the third factor of authentication for secure “unassisted” OTP based eKYC without the need for biometric devices. I can only begin to image the convenience for consumers and cost savings for Banks.

Author: P. Shankar – Founder & CEO of FRS Labs.