Analyzing Aadhaar (Aadhar) XML and Video KYC

In an article in the Economic Times, IDfy CEO Ashok Hariharanechoes the fintech industry’s lack of enthusiasm towards alternative KYC processes suggested by the UIDAI.

“The Aadhaar XML journey has many steps including obtaining an OTP (one-time password), selecting a range of permissions and downloading the XML file before actually using it as an ID. Such a journey is extremely complicated,” said Ashok Hariharan, chief executive, IDfy, a Mumbai-based tech startup that provides authentication services.

“Presented with a choice, most users would prefer to use other ID cards rather than Aadhaar at this point,” he added

Here’s our analysis of Aadhaar XML and Video KYC

XML format authentication using Aadhaar data

• Digital Journey — Aadhaar XML is likely to be included as an officially valid document (OVD) alongside Voter ID, DL, PAN, Passport etc. An XML file is digital by definition so this is an attempt to create a completely digital journey. This is definitely a step forward in thinking, as physical KYC incurs costs due to personnel, managing paper and also makes onboarding really slow (7 to 10 days instead of minutes)
• Other ID cards — The spirit of the Supreme Court Aadhaar verdict is that users presenting other ID cards should not be discouraged. It is not clear if a similar approach of digitization would apply to other ID cards. This would require RBI to recognise that photographs of ID cards are the equivalent of photocopies (something the Information Technology Act already recognizes)
• Complicated User Journey — The Aadhaar XML journey has many steps including obtaining an OTP, selecting a range of permissions, downloading the XML file before actually using it as an ID. Such a journey is extremely complicated even for the most technologically advanced users. Presented with a choice, most users would prefer to use other ID cards rather than Aadhaar at this point
• Customer Drop Offs — Less than 30% of the population has their phone number linked to UIDAI, (as many Indians keep changing phone numbers and the task of updating phone number on UIDAI is very complicated). Therefore most of the population won’t even receive the OTP that is necessary to download their Aadhaar XML file
• Leakage and ID fraud issues — In a business correspondent (BC) journey, the XML would have to be uploaded by the BC which means that the user will pass the XML file to the BC, and also provide his password. This allows for leakage of the XML to others. In case XML is to be accepted as a means for verification, face match and face liveness should become de-facto ways of authenticating presence of the end user.
• Digital Signatures — A crucial part of using an OVD today is for an authorised officer of the Regulated Entity to sign it. If this signature were to be remain a wet signature, one would still need photocopies. In order to digitise completely, RBI has to recognise that a digital signature (using digital certificates) is the equivalent of a physical signature (just at the Information Technology Act does).

Ebook: How Aadhaar XML Really Works

Video KYC

• Live Agent — The agent will need to be present all the times. This means that for all practical purposes one can’t have a seamless, instant and 24x7 journey of onboarding.
• Internet speeds — The intent of having a video KYC is to cover remote areas. However the RBI fails to realize that video KYC is extremely difficult without good broadband or 4G. Such an implementation is almost impossible in many parts of the country. Payment providers that cover the breadth of the country have the unenviable task of signing up millions users in a really short period of time (before the Feb deadline). To make this possible, the RBI must recognize the limitation of video and allow solutions to demonstrate ‘liveness’ of the user without the need for video, such as through analysis of photographs or gestures tracked by apps.
• Costs — Requirement of an agent to be present at the time of capturing the video makes this solution costly. These costs are usually passed to the end user, so ultimately the common man will be affected.
• IT for Smaller Banks — Digitization would help smaller banks and cooperatives, but they can hardly afford a massive investment in IT. What they need is to consume KYC services, hosted elsewhere in India, by transaction (pay as you go). RBI needs to be explicit in its approval of cloud services as this is the best way to spur digitization.

Related Reads

1. How Aadhaar XML really works
2. Rapid onboarding and real-time authentication reduces customer drop offs for a finance major.