Now RBI Wants Aadhaar Validation For Card-based Transactions
Nov 27, 2013, 16:49 IST
Advertisement
Aadhaar is finally getting its teeth into key financial transactions, going by the central bank’s tough stand. The Reserve Bank of India has recently asked banks to ensure Aadhaar authentication for card transactions at merchant locations.“All new card present infrastructure has to be enabled for both EMV chip and PIN and Aadhaar (biometric validation) acceptance,” the RBI stated in a notification on November 26. It also directed banks to issue chip-based cards by November 30 to tackle rising cases of fraud. The latest notification follows the recommendations of the Working Group headed by Gowri Mukherjee, global head of digital marketing at Standard Chartered Bank.
A rise in fraud cases due to stolen card data had prompted the RBI to set up a panel in March 2011, which looked into securing card-based transactions through additional layers of authentification such as PINs and biometrics. According to the RBI, the recommendations of the Working Group have been examined and the measures have been advised after taking into consideration the developments that took place in the card payment ecosystem as well as in the scalability and effectiveness of Aadhaar over a period of time.
Euro pay MasterCard Visa or EMV chip and PIN authentication involves card information being stored in a chip that is accessible through a PIN or personal identification number, which replaces a cardholder’s signature. This is in line with global best practices and is currently getting implemented. So is it really essential to come up with an additional security layer by linking the entire process with Aadhaar and its biometric validations?
Not for all cards, it seems. “In respect of cards, not specifically mandated by the RBI to adopt EMV norms, banks may take a decision whether they should adopt Aadhaar as additional factor of authentication or move to EMV chip and Pin technology for securing the card present payment infrastructure,” said RBI.
Advertisement
Even then, the biometric validation will be mandatory for all new machines/replacements and that means getting infrastructure-ready where no such infrastructure exists.
Before we get into more details, let us have a look at Aadhaar’s current functionality and future scope. Launched by the Unique Identification Authority of India (UIDAI), Aadhaar cards are essentially identity proofs based on biometric data. These are currently used for opening bank accounts and further ensure that Indian government’s welfare payments are routed directly to beneficiaries.
But Aadhaar is bound to play a more crucial role and gain a nation-wide runway when the latest RBI directive comes into force. Since both provisions are made mandatory by the RBI, Aadhaar validation will have to be facilitated at all new point of sale (PoS) terminals/ATMs.
Although most banks have started rolling out the EMV chip and PIN systems and are deploying new cards to customers, implementing Aadhaar validation will require more time and additional costs. That’s because banks will have to put in place the mechanism for biometric checks, in tune with the system established by the UIDAI.
“This new requirement is a challenge as we have very basic thumb print and reading devices. There is no service provider that manufactures such machines in bulk,” the payments head of a leading private sector bank told Economic Times. As a result, most private banks may stop installing PoS terminals at merchant outlets, he said.
Advertisement
But the worst hit could be the public sector banks such as the State Bank of India and Bank of Baroda who are planning to roll out a large number of PoS machines. They will have to start from scratch to enable biometric facilities.
In spite of the current gap in infrastructure, no one can deny the benefits of including biometric data (finger print/retina scan) captured by the UIDAI. This can be effectively used for authentication to protect against both domestic counterfeit and lost & stolen card fraud as the cardholder has to be physically present at the PoS terminal/ATM to authenticate the transaction. Even if the card is counterfeited, the fraudster will not be able to use the card as the biometric data of the customer will be required.
Currently, transactions using cards at PoS do not require additional authentication in majority of the cards. However, data stored in magnetic stripe is vulnerable to skimming. If more and more customers are to be encouraged to use PoS channels, it will surely require securing these transactions through biometric authentication and prevention of counterfeiting (skimming) by migrating to chip and PIN. That’s exactly what the RBI is doing although it may take some time to get into action.
With input from Agencies
Image: Indiatimes