The Reserve Bank of India is considering the use of biometric data captured for Unique Identification issued under the government's ambitious 'Aadhaar' scheme. According to G Padmanabhan, executive director at RBI, a working group looking into enhancing security of present card transactions has noted that Aadhaar biometric data would serve as a secure second factor of authentication even for magnetic stripe cards obviating the need mandating a switch over to chip and pin card regime, which has cost implications for the industry.
He spoke at length on frauds and authentication issues at an event in Mumbai last Friday. He highlighted the type of frauds and ways to deal with them. "While the challenges to security are stiff and increasing by the day, being alive to threats is more important," Padmanabhan said in his speech.
RBI has introduced certain measures like one-time password (OTP) and confidential data confirmation. This measure has ensured greater security in online card transactions and instances of online frauds has considerably dropped, he added. More importantly, this has resulted in a significant growth in card transactions in this mode, reflecting the enhanced level of customer confidence.
Here is some key feedback RBI has received on the secondary authentication process from customers:
* One time password or two factor authentication is one of the methods in securing transactions. However, the essential requirement of such OTP being sent to the registered mobile of the customer leads to several issues or inconvenience due to factors like network availability, restriction to a particular phone number, non-availability of the service when customer travels abroad, timing out of online transactions due to slow speed of OTP transmission etc. It also has cost implications for the customer as he has to pay for charges at international data transmission tariffs..
* Multi-layer security by way of log-in password, transaction password and some confidential data confirmation make online transactions more secure, and in a better manner. But, there are issues like memorising of multiple passwords, slogans, pictures and answers to questions. Some transaction of urgent nature getting stuck due to these problems and even online access getting blocked some times. This, coupled with the time taken for access re-activation, password generation,which is sometimes a time taking process, causes irritation and inconvenience to the customer.
* In mobile banking, the challenge is to decide the transaction value limits up to which unencrypted data can be transmitted for payments or funds transfer. If the limits are set too tight, there can be cost and efficiency implications while making it too lax may invite the risk of information getting compromised.
* Surveillance cameras help in making ATM transactions more secure, but there are issues about privacy and more so, customer discomfort with the same.
All the above factors make it necessary for RBI to look at other credible options. Unique Identification number with its biometric database could ensure that the person with the right identity is accessing personal financial data.
In April 2011, UIDAI (Unique Identification Development Authority) discussed possibilities of the number usage in the banking sector with a section of banks. They were looking to allow customers to operate ATMs armed with only their 12-digit Aadhaar number where the access will be facilitated by a biometric scan, said a report in the mint newspaper.
Updated Date: Dec 20, 2014 04:07:01 IST