eKYC – Know Your Customer unassisted using Aadhaar, OTP and Face Biometrics

Context

Know Your Customer (KYC) is essential for obtaining Financial, Healthcare, Insurance, and Telecom services around the world. In the Indian context, until Aadhaar opened up its APIs, KYC was a laborious process costing billions to services providers and inconveniencing customers with a mountain of paper identity documents. The thoughts here are confined to the Banking sector but applies to other sectors equally.

eKYC “assisted”

With the advent of electronic KYC or eKYC using the Aadhaar biometrics platform, things haven’t changed a lot. It certainly has reduced paper documents. However, eKYC is still done in “assisted” mode – meaning either the customer has to be present at the Bank or a Bank Executive has to reach the customer to collect the biometric data. Besides, in most Banks, a paper trail is still maintained despite the biometrics data – reasons best known to themselves. What was costing the Banks earlier is what is costing today – perhaps more with the new biometric devices and the cost to maintain them.

eKYC “unassisted”

The Reserve Bank of India (RBI) took a significant step in December 2016 to allow opening of deposits and borrower accounts using OTP based eKYC, albeit with some restrictions (RBI notification on 08 December 2016, Chapter VI – Customer Due Diligence (CDD) Procedure – Clause 17 and 38 amendments). This has opened up the opportunity to provide this service to customers at the comfort of their homes at a vastly reduced cost to Banks. This would satisfy the two-factor authentication needed by RBI and would suffice to open an Account. However, with increasing volumes (500 million eKYCs projected for 2020 by UIDAI), and the possibility for this service to be abused through third party fraud, this would need additional authentication to ensure that the person completing the transaction is who he really says he is (as close to a physical check).

eKYC “unassisted” with three factor authentication – Aadhaar, OTP and Face Biometrics

To solve this particular problem, FRS Labs rolled out the “Atlas eKYC” solution – fully integrated with Aadhaar – with face biometrics as the third factor of authentication (watch the 60 second video here). While the face is captured by UIDAI as the third biometric element (fingerprints and IRIS being the other two), RBI has not mandated the use of face for biometric authentications – for reasons that face is considered not as unique as fingerprints and certainly not IRIS – and the false acceptance rates (e.g. twins) could be high and that people’s faces change over time – but as always research contradicts this notion and there are plenty of evidence to prove that face is a reliable biometric feature. And it can only get better.

Notwithstanding, RBI has not specified that face could not be used if a commercial organisation wishes to do so as additional factor of authentication to protect their businesses and consumers, so long as the mandatory 2 factor authentication is in force. In a similar tone, RBI has not ruled out authenticating customers using their voice (another biometric element not in Aadhaar). ICICI Bank and Citibank have rolled out voice biometrics to authenticate customers to call centres is a case in point – It is still two factor authentication (the registered mobile phone as the first factor and the consumer’s voice as the second factor of authentication). Therefore, there is a great opportunity here for Banks to provide face biometrics as the third factor of authentication for secure “unassisted” OTP based eKYC without the need for biometric devices. I can only begin to image the convenience for consumers and cost savings for Banks.

Author: P. Shankar – Founder & CEO of FRS Labs.

India Stack takes the Digital India campaign to a whole new level

India is the third largest smartphone and mobile internet user market in the world with over 200 million internet users in 2013. The figures are expected to touch a staggering 500 million users by 2017, including 314 million mobile internet users according to a report by IAMAI and KPMG. Clearly, mobile phones are the ‘computing device of choice’ for the country. To keep up the momentum, the Government of India is keen on developing the digital infrastructure of the country under the Digital India program.

Digital India is a revolutionary program that will empower the masses and leapfrog India into the next generation of government services. Fortunately, the lower level of investment in earlier generation technology means India has skipped the legacy era and waited for the right technology to arrive at its doorstep. To kick-start and empower the Digital India program in a very democratized form and involve the great innovation talent of the nation, the Government of India has launched an open API policy. An open API, often referred to as a public API, is a publicly available Application Programming Interface (API) that provides programmers with programmatic access to a propriety software application. This set of open API is known as the India Stack and these would enable the ease in integration of mobile applications with the data securely stored and provided by the government to authenticated Apps.

India Stack is a complete set of API for developers and includes the Aadhaar for Authentication (Aadhaar already covers over 940 million people and will quickly cover the population of the entire nation), e-KYC documents (safe deposit locker for issue, storage and use of documents), e-Sign (digital signature acceptable under the laws), unified payment interface (for financial transactions) and privacy-protected data sharing within the stack of API. Together, the India Stack enables Apps that could open up many opportunities in financial services, healthcare and education sectors of the Indian economy. What this essentially means is that developers and tech startups can now build software and create businesses around the readily available infrastructure offered through India Stack, thus opening a huge potential to tap into the booming smartphone market in the country. Since the consumer market in India is very large, such startups could also hope for institutional funding and gain from the early mover advantage.

Through the digitized elements like e-KYC, e-Sign, digitized Aadhaar information and digital locker, the entire ecosystem has now become a presence less, paperless and cashless based system. A Digital Locker enables users to have all their legal documents in a digitized format that is stored online and can be accessed from any part of the country. The e-Sign makes it simple for people to sign deals, contracts and legal documents through their phones and the Unified Payment Interface lets people make payments with ease through their smartphones from anywhere.

India Stack makes a user base of over a billion people readily available through its API. This means that startups and tech companies can build over this to be able to integrate various functions for their businesses or for larger enterprises. Every bank or telecom operator scans through tons of paperwork every day to be able to verify customers and generate KYC documents. Now imagine the impact if this entire process could be digitized by building an application which would integrate India Stack and the user base of over a billion Indians!

With the technology, documentation and sample code available, entrepreneurs and startups can get started with innovating, prototyping as well as building India Stack enabled applications. The commercial applications are endless with multiple opportunities, as the large user base opened up by India Stack is nascent, solution-hungry and largely untouched by technology. Now even a local vegetable trader can take an intra-day loan almost instantly through his mobile phone and pay it back the very same or next day without even physically visiting the bank or wasting any time (time is money when earnings are proportional to time spent)! With their e-KYC documents and digital signatures, a loan can be processed almost instantly and the money transferred through the Unified Payment Interface. Long queues at banks, telecom offices and all other government and non-governmental processes should be the thing of the past, through proper integration of India Stack.

The nation is looking for “a transition from technology-poor to innovation-rich society” and entrepreneurs have a good role to play. The problems (read opportunities) in financial services, healthcare and education are all so large that only the right technology can cost-effectively solve them. Solving these scale problems would mean great business sense too.

iSPIRT, the non-profit software product industry think tank powered by industry veterans, has been actively involved in the development of India Stack and is helping entrepreneurs make the best use of business opportunities provided by India Stack, while building their startups. iSPIRT believes that India Stack creates a whole new generation of business opportunities around the mobile phone and early movers would have tremendous market advantages.

On a recent visit to India, Bill Gates commented on India Stack saying, “India is on the cusp of leapfrogging!” And it truly is; considering it is the only country in the world offering such an open and secure API, India is certainly looking at taking the Digital India campaign to a whole new level.

The future is here and now is the time to act.