No need to share Aadhaar ID for verification says UIDAI

Last week, the Tribune report, widely shared on social media, claimed that it had got access through an "agent" to every detail of an individual submitted to the UIDAI including name, address, postal code, photo, phone number and email and found in its investigation that unauthorised persons had gained access to people's personal information.

However, at such critical juncture, Unique Identification Authority of India (UIDAI) did deny accusations of Aadhaar data leak. "The Aadhaar data, including biometric information, is fully safe and secure," the authority had said in a statement, calling the report in The Tribune "a case of misreporting."

Now in the latest development, addressing privacy concerns after a news report claimed a breach in the Aadhaar database, UIDAI has now announced a new two-layer system to strengthen the security of Aadhaar number holders which would do away with the need to share the unique ID for verification purposes.

How to enable two-step verification on WhatsApp - GIZBOT

Under the new system, at the user-end, the Aadhaar holder will have the choice not to share their Aadhaar number at the time of authentication. Instead, a random 16-digit Virtual ID number would be generated and could be used in lieu of Aadhaar with the authorized agency like banks and telecom service providers.

"Virtual ID will be a temporary, revocable 16 digit random number mapped with the Aadhaar number. It is not possible to derive Aadhaar number from Virtual ID," a circular issued by UIDAI said.

At the agency-end, the Unique Identification Authority of India (UIDAI) has introduced the concept of "Limited KYC" (Know Your Customer) which won't return Aadhaar number but would only provide an "agency-specific unique UID token to eliminate agencies storing Aadhaar numbers while still enabling their own paperless KYC."

The move comes amid heightened concerns around the collection and storage of personal and demographic data of individuals after The Tribune reported it bought unrestricted access to details of over one billion Aadhaar numbers -- for just Rs 500 and in 10 minutes.

However, people would have to wait until March 1 as the UIDAI would be releasing necessary applications for its implementation by that day, the circular said. "And by June 1, all agencies would have to fully migrate to the new system."

As per the circular, a virtual ID will be valid for a defined period of time and every time a new one gets generated by the user, the older one gets automatically canceled.

"Aadhaar number being a permanent ID for life, there is a need to provide a mechanism to ensure its continued use by the Aadhaar number holder while optimally protecting the collection and storage of Aadhaar number itself in many databases," UIDAI said.

It added that while it is important to ensure that Aadhaar number holders can use their identity information to avail products and services, the collection and storage of Aadhaar numbers by various entities had heightened privacy concerns.