“The Aadhaar XML journey has many steps including obtaining an OTP (one-time password), selecting a range of permissions and downloading the XML file before actually using it as an ID. Such a journey is extremely complicated,” said Ashok Hariharan, chief executive, IDfy, a Mumbai-based tech startup that provides authentication services.
“Presented with a choice, most users would prefer to use other ID cards rather than Aadhaar at this point,” he added
Here's our analysis of Aadhaar XML and Video KYC
XML format authentication using Aadhaar data
- Digital Journey - Aadhaar XML is likely to be included as an officially valid document (OVD) alongside Voter ID, DL, PAN, Passport etc. An XML file is digital by definition so this is an attempt to create a completely digital journey. This is definitely a step forward in thinking, as physical KYC incurs costs due to personnel, managing paper and also makes onboarding really slow (7 to 10 days instead of minutes)
- Other ID cards - The spirit of the Supreme Court Aadhaar verdict is that users presenting other ID cards should not be discouraged. It is not clear if a similar approach of digitization would apply to other ID cards. This would require RBI to recognise that photographs of ID cards are the equivalent of photocopies (something the Information Technology Act already recognizes)
- Complicated User Journey - The Aadhaar XML journey has many steps including obtaining an OTP, selecting a range of permissions, downloading the XML file before actually using it as an ID. Such a journey is extremely complicated even for the most technologically advanced users. Presented with a choice, most users would prefer to use other ID cards rather than Aadhaar at this point
- Customer Drop Offs - Less than 30% of the population has their phone number linked to UIDAI, (as many Indians keep changing phone numbers and the task of updating phone number on UIDAI is very complicated). Therefore most of the population won’t even receive the OTP that is necessary to download their Aadhaar XML file
- Leakage and ID fraud issues - In a business correspondent (BC) journey, the XML would have to be uploaded by the BC which means that the user will pass the XML file to the BC, and also provide his password. This allows for leakage of the XML to others. In case XML is to be accepted as a means for verification, face match and face liveness should become de-facto ways of authenticating presence of the end user.
- Digital Signatures - A crucial part of using an OVD today is for an authorised officer of the Regulated Entity to sign it. If this signature were to be remain a wet signature, one would still need photocopies. In order to digitise completely, RBI has to recognise that a digital signature (using digital certificates) is the equivalent of a physical signature (just at the Information Technology Act does).
To find out about IDfy's Digital KYC Solutions, email to firstname.lastname@example.org