Centre for Internet & Society

Since 2009, when Nandan Nilekani began to envision and implement the Unique Identification Project, the UID authority has promoted the UID/Aadhaar scheme as a tool of development for India - arguing that an identity will assist in bringing benefits to the poor, promote financial inclusion in India, and allow for economic and social development. In this blog entry I will focus on the challenges and possibilities of the UID number providing the residents of India a viable method of access to financial services across the country.

 

Why the UID could bring financial inclusion

In their strategy document “Exclusion to Inclusion with Micro payments” the UIDAI argues that a few of many challenges to successful financial inclusion in India for the poor have been: lack of identity, lack of accessibility of financial outlets, unreliability of infrastructure, high costs of banking, and the common presence of a middle man. For Indian banks the UID sites challenges such as: the high cost of transactions for banks servicing clients in rural areas, lack of infrastructure, costly processes of cash management, and high costs of IT.(UIDAI, 2010)The UID's solution to these obstacles is a system of financial services and micro payments based off of an individuals UID number, in which an individual with a UID number would be able to: open a bank account, make a payment, withdraw money, deposit money, and send remittances. The hope is that this system will allow banks to scale up their branch less banking, and reach out to larger populations. Residents having a bank account linked to their UID number is also key to the UID's larger scheme for subsidy delivery to the poor. Until all consumers who rely on government subsidies have a bank account linked to their UID number, the UID will not be able to implement a system of direct transfer of cash subsidies.(CNBC-TV18, 2011) For example, the UIDAI has started conducting a pilot disbursement of funds under the Mahatma Gandhi National Rural Employment Guarantee Scheme (MNREGS) to Jharkhand through Union Bank, ICICI Bank and Bank of India branches.(IBN-Live, 2011)

How the UID will bring financial inclusion

In their vision, the UIDAI has designed a system that involves bank branches enrolling individuals, bank branches establishing relationships with BC organizations, the use of Micro ATM's, and the use of the UID numbers for authentication in all financial transactions. In short the system of financial inclusion would work as follows:

Step 1. Enroll and obtain UID number

An individual enrolls for a UID number. During enrollment an individual shares his/her KYC information with the UIDAI. The UIDAI verifies the individuals KYC information, along with their other information, and issues the individual a UID number. If an individual already has a bank account at the time of enrollment they have the option to link their UID number to their bank account [1]

In India every bank must verify and confirm an individuals KYC information. This is to help reduce tax evasion and fraud. In December 2011, India's Ministry of Finance recognized the Aadhaar number has an officially valid identification to satisfy the KYC norms for opening bank accounts. By verifying an individuals KYC information at the enrollment stage the UIDAI is hoping reduce the amount of paperwork and time needed for an individual to open a bank account. In addition to satisfying KYC norms, the Government of India has also recognized the Aadhaar number as an acceptable form of identity for the purpose of obtaining a mobile connection. By having the UID number accepted for establishing both mobile connections and bank accounts, financial inclusion through mobile banking is encouraged as it allows for individuals who previously had no identity, to join the financial system and mobile network – thus allowing bank accounts to be more accessible than before, and aiding banks by simplifying the process of account opening.(Akhand Tiawari, Anurodh Giri, 2011)

Step 2. Open UID Enabled Bank Account
Now that the individual has a UID number they can open a bank account by presenting their UID number and thumb print to the bank branch for authentication. Currently the one bank enrolling citizens and issuing UID numbers and UID based ATM cards is the Bank of India.(Aggarwal, 2011) Bank of Maharashtra, State Bank of India and Indian Overseas Bank are currently waiting for approval from the UIDAI.(Chavan, 2011) In this scenario the UID number will be the only form of identification needed to open a bank account.

3.Make financial transactions with UID number
Once a UID Enabled Bank Account (UEBA) is opened, individuals can begin making financial transactions using their UID number and fingerprint. Individuals can access their UEBA through BC institutions. With a UEBA individuals have the option of using four basic banking services:

  •  Store cash for savings through electronic deposits and withdraw only small amounts of cash
  • Make payments
  • Send and receive remittances
  • Acquire balance and transaction history

Transactions completed through the UID-enabled bank account work similarly to a prepaid mobile system. BC organizations, or Bank Correspondents, are organizations such as SHGs, kirana stores, dairy agents that larger banks develop a business relationship with. The BC organizations handle all transactions at the local level. Using BC organizations as financial outlets is meant to increase the penetration of financial outlets and make financial services more accessible in rural areas. How the process works is: a BC institution begins by depositing a certain amount of money with a larger banking institution. This ‘ prepaid balance’ paid by the BC institution changes with every transaction the BC institution makes. For example, when an individual makes a deposit it decreases as that money is then transferred into an individuals account, and increases when an individual withdraws money, because of the transaction fee that is charged to the individual. When the individual is making a deposit, he pays physical cash to the BC, who in turn makes an electronic transfer from the BC account to the individual's account. When making a withdrawal, the electronic transfer is made from the individual's account to the BC account, and the BC hands out physical cash to the customer, (UIDAI, 2010).


The micro ATM that is to be used at BC institutions is a hand held device, in this case a mobile phone, attached to a finger print reader. The micro ATM is meant to replace larger ATM’s and reduce the cost that banks incur when establishing full fledged ATM machines. The hand held device will be remotely accessed to the central server of the bank. Currently Italian tech company Telit Communication SpA, is hoping to provide the GSM wireless M2M modules that will allow the wireless device and the wired server to communicate with each other. (Kanth, 2011) The most significant difference between the micro ATM system and the traditional ATM system is that the BC employee executes the transaction. 

Though having BC employees carry out financial transactions might eliminate the possibility of a fraudulent ATM being set up, it opens many possibly corrupt doors. How will it be ensured that the transaction is completed without fraud, and how can it be ensured that the Micro-ATM is not fraudulent, or that the BC organization itself is not fraudulent. Though this scenario might sound unlikely, the UID has already experienced difficulties with fake enrollment centers being set up, such as in Pune. (Gadkari, 2011), fake UID papers being issued, as was done in Patna(Tripathi, 2011) and enrollment centers illegally outsourcing work, as the IT company Tera Software was found doing (Prajakta, 2011). If these scenarios have all been tried, it is not unreasonable to see the same being tried with financial institutions.

Challenges to a system of authentication for financial transactions with the biometric based UID number

Not withstanding the fact that financial inclusion cannot be achieved only through an identity, focusing on the identity component of financial inclusion - in the report Low Cost Secure Transaction Model for Financial Services, published by Nitin Munjal, Ashish Paliwal, and Rajat Moona, from the Indian Institute of Technology, the authors note that present challenges in India to financial inclusion through access to financial institutions include(Munjal, Nitin Paliwal, Ashish Moona, 2011):

  • Currently financial transactions require network connectivity to take place. For financial transactions made in rural areas this has lead to both high costs for each transaction and to high fixed IT costs.
  • Current financial schemes such as mobile banking depend on network connectivity, making the network indispensable, yet 70% of the Indian population is rurally located with limited or no network connectivity.
  • Current financial service outlets are densely located in urban areas and not rural areas. Rural populations are financially excluded, as in most cases the completion of financial transaction require the presence of financial outlets.
  • Currently there are no easy safeguards to protect against fake ATMS or fraud, because the current Financial Service Model is based on blind trust of the service outlet – this allows for high rates of fake ATM’s being installed and fraud.
  • For an individual to access financial services, an identity is required. In most cases the poor lack an identity.


Clearly there are many obstacles that the UID identity card must overcome to successfully authenticate individuals in financial transactions and facilitate financial inclusion. For the system to be successful the UID must at the minimum do the following:

  • Accurately generate unique numbers
  • Capture accurate personal information
  • Ensure security of the database
  • Ensure that the technology is secure and accurate
  • Ensure that only necessary information is collected
  • Verify BC centers
  • Provide a secure network that can handle large numbers of transactions


Possible ways in which the system can go wrong include:

  • Inaccurate authentication
  • Delays in authentication
  • Fraud at the level of the BC institution
  • Over collection of personal information by banks
  • Linking of databases by banks, or other agencies
  • Network failure
  • Down time of the database

Though UID enabled bank accounts have yet to be officially established the UID is already experiencing many of the listed difficulties. For instance, in an Indian Express article published on June 15th, it was reported that banks are issuing additional UID forms that ask if individuals have credit cards, operate mobile or internet banking accounts, own a two wheeler or four wheeler, or live in a rented or personally owned accommodation. (Indian Express, 2011) Even more alarming is a recent news item from the Deccan Herald, which details the efforts that have been taken by NATGRID to access banking clients personal information, and NATGRID's proposal to tie banking information to a linked database containing information from bank accounts, railways, airlines, stock exchanges, income tax, credit card, immigration records, and telecom service providers. (Arun, 2011)The banks
have refused to give NATGRID access to clients personal information, but the ease at which NATGRID could track and collect information about individuals with the UID is chilling – especially if the UID is linked to almost every bank account in India. Several news reports have also shared experiences of confusion, inconsistent requirements, and unorganized enrollment centers, which place doubt in the accuracy of the information collected and the accuracy of the UID numbers issued.(Tripathi, 2011). 


Looking at the technology and operational design of the UEBA system, though the scheme relies on mobile networks, it fails to eliminate the need for connectivity to the central server, because authentication of individuals biometric must be done through comparison of one fingerprint to the central server of all fingerprints. This will not only complicate the effectiveness of delivery of services, as it is possible for connectivity to be limited and slow, but it will also incur large network overhead costs for each transaction that is verified. Furthermore, even though the use of BC institutions as financial service outlets is meant to increases the availability of financial outlets, a dependency is created on BC institutions – as they must be present for any financial transaction to take place.
Additionally, individuals have no way of authenticating and verifying BC institutions. As mentioned earlier this allows for possible scenarios of fraud. Additionally, the UID has not provided any alternative method of identification in the case that the network or technology fails, or if an individuals biometrics are incorrectly rejected.

Could the SCOSTA standard be an option?

Many developing countries, like Kenya and Brazil, that face similar challenges to financial inclusion have looked towards smart cards as secure methods for authenticating individuals. In 2003 India also implemented a smart card approach to identity management. The SCOSTA standard smart card was introduced with the MNIC national identification scheme. Though the scheme was eventually dropped by the Indian Government, the SCOSTA smart card standard is still a valid option for authentication of individuals in financial transactions. A SCOSTA standard based approach for financial inclusion would include: 

  • Authentication of an individuals key, pass-phrase, and pin. This is known as public keyinfrastructure. This will allow a person to protect their password and easily replace it if stolen.
  •  Authentication through public key infrastructure would not depend on connectivity to thenetwork. This would allow for financial inclusion of populations not connected to networks and not be fully dependent on working networks.
  •  Authentication through public key infrastructure establishes mutual trust of user and institution. This would lower the presence of fraudulent institutions and corrupt transactions.
  •  Connection to a central server is not required for the authentication of an individual in a financial transaction. This will lower the cost of transactions and lower IT overhead costs (ibid Munjal, Nitin Paliwal, Ashish Moona, 2011)

Conclusion

Though it is hard to say that a fool proof system of authentication can easily be made, and that system will indeed promote financial inclusion, when comparing the biometric UID number with the SCOSTA standard smart card, there are many benefits to the SCOSTA standard such as ability of individuals to verify banking institutions, no need for connectivity to the central server, and the ability to easily replace lost or stolen pins and passwords. No matter what standard is implemented though, it is important to clearly look at the current implementation, technological, and operational challenges that identification schemes face and the possible ramifications of such challenges before adapting it as a ubiquitous system.

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.