Aadhaar e-KYC Service

In India,customer needs to submit identity & address documents to several agencies to get the work done & this process of customer identification is known as “Know Your Customer”

Aadhaar KYC API eliminates complex,time consuming operations and provides agencies an electronic, paper-less KYC experience

by Using KYC API, agencies can carry electronic identity verification using biometrics/OTP- One Time Password (based on their choice) and obtain a digitally signed (by UIDAI) electronic identity document for storing within their system. This makes entire process simpler and cost effective for both customers and agencies.

e-KYC has certain Requirements which are listed below:

  • Need for KYC derives from membership in FATF/ATG for supporting AML/CFT initiatives
  • PMLA(Prevention of Money Laundering Act) enacted in India along with KYC rules
  • Basel III framework also requires banks to perform KYC
  • A Government-issued photo ID is required for KYC
  • Electronic KYC should have the ability to verify or provide demographic information and photograph
  • latest UIDAI authentication provides capability to verify collected demographic and biometric data
  • In order to address data-collection issues, photograph, and ease of use, a KYC architecture is proposed as an application of UIDAI authentication

Government Planned KYC Framework :

  • SEBI(Securities and Exchange Board of India) has defined the concept of a KRA (KYC Registration Agency)
  • Entities who take advantage of the electronic KYC (banks, brokerage houses, etc) are called KUA (KYC User Agency)
  • Other regulators contemplating the use of KRAs
  • The FM announced the creation of a central KYC repository in his Budget Speech (2012)
  • For enabling pure electronic KYC for Aadhaar holders, a 3-tier KYC architecture is proposed comprising of KUA –> KSA -> UIDAI

API Data Flow and High Level Logic

Fig1.0 API Data Flow and High Level Logic

  1. KYC front-end application captures Aadhaar number and biometric/OTP(One Time Password) of resident and creates the encrypted PID block
  2. KUA creates the Auth XML using the PID block, signs it, and uses that to form KYC XML and signs it and sends to KSA
  3. KSA forwards the KYC XML to Aadhaar KYC API
  4. Aadhaar KYC service authenticates the resident and if successful responds with digitally signed and encrypted demographic and photograph in XML format
  5. Demographic data and photograph in response is encrypted with either KSA or KUA public key as defined in the Aadhaar server (CIDR)
  6. KSA sends the response back to KUA enabling paper-less electronic KYC

Note:KSA can also form KYC XML on behalf of KUA. In that case, KSA needs to sign it.

High Level API Logic:

  • Validate XML structure
  • Validates KUA code, KSA code, and ensure they are valid KUAs/KSAs
  • Validates KUA/KSA signature
  • Validates that txn namespace and “rc”
  • Validates bio/otp flag to ensure it is “y”
  • Invokes authentication service
  • Validates “ra” attribute and ensures it matches “info” of Auth response
  • If successful, reads demographic data and photo using getDemographics API (common search API)
  • Create response XML and sign it
  • Write KYC audit (minimal audit details in RDBMS and entire response in HBase) in all cases
  • Encrypt the response (either with KSA/KUA key) and sends back
  • Send notification to resident