Inside Aadhaar, India’s massive digital identity program
- Aadhaar is hardly the gold standard of digital identity systems but identity experts often refer to it as an example of how an government-mandated scheme could work at scale
- The impact of a strong digital identity scheme affects banks, payments, security, compliance and financial inclusion -- and Aadhaar's is already seeing results.
Digital identity has become a hot topic in the last couple years among U.S. and European banks, who are already watching China leapfrog them in mobile payments. Now, add India to that list, with a digital identity scheme that will allow people to pay using just their biometric. In 2008, India set up the Unique Identification Authority of India (UIDAI) to create what’s become known as the Aadhaar number for the country’s then 1.21 billion residents (now 1.32 billion). The point was to create a single, unique identification document or number that would link all people’s lives together across their accounts at various businesses. Now, it’s also the basis for banks’ regulatory reporting of customer information and a way for disadvantaged people to access services they’ve been denied because they lacked identification documents. Aadhaar is hardly the gold standard of digital identity systems but identity experts often refer to it as an example of how an government-mandated scheme could work at scale. In the U.S. and Europe, customers give their personal information away freely to every company it does business with because that's often the only way to consume a good or service in the digital world. It's not always clear how that information's being used or by whom. In India, customers only have to share it once: when they register for their Aadhaar number. Here’s what you need to know about how Aadhaar works. How does it work? Indian residents can apply for an Aadhaar number by submitting their proof of identity, proof of address and registering their biometric (fingerprints and iris scan) information. The Aadhaar number (there’s also a card) doesn't replace other forms of ID like passports or driver's licenses, but it can be used in place of them when opening accounts at banks or other businesses that maintain customer profiles. For example, money transfer giant Western Union has biometric capabilities turned on in India, so when someone wants to initiate a money transfer through Western Union, they can identify and verify themselves using their biometric fingerprint, without showing any paper or plastic documents. And in mid-2014 Indian Prime Minister Narendra Modi instructed banks to provide bank accounts to those who previously didn't have them, using their newly minted Aadhaar numbers. In 2015, the country's unbanked population was 233 million -- half the number it was in 2011, at 557 million. The Aadhaar system wasn't just beneficial to everyday people who didn't have formal financial services, banks made new customers of hundreds of millions of people. Why does it matter for payments? China may be ahead in mobile payments, but Aadhaar Pay may usher in a post-mobile payments world, where people don't need to carry their phones or wallets in order to make payments. They would only need their registered biometric linked to their Aadhaar number. The Indian government this year mandated that all banks, ATM operations and authorized card payment networks migrate to Aadhaar-based biometric authentication for every transaction to improve security and prevent fraud as India continues its shift to becoming a completely cashless society. Fraud is an increasing concern for all parties of a financial transaction as the digital overhaul has raised the bar for bad actors. Why does it matter for banks? When the world became more digital, moving money became less about moving dollars and cents and more about moving customers’ data — and how companies manage, protect and otherwise use that data directly affect customer experience and customer trust. People are spending more time online or on mobile whether they’re on social media, they’re shopping, or even paying their bills and transferring money and as services crop up they’re opening more and more accounts with headache inducing passwords. And with such an overflow of customer information floating around the Internet, every trace of it is vulnerable to online attackers. “Proving and vetting that you are who you say you are so you can access whatever you want to access online becomes more and more complex because your digital footprint does not have a bridge with your physical footprint,” said venture capital investor Pascal Bouvier. Banks also have KYC requirements to comply with. Similar to the Canadian banks' digital identity solution -- in which customers wanting to open an account with a certain business would hand over their information through a mobile app in which they would biometrical authenticate that they're sharing their personal information -- Indian customers wanting to open accounts can provide their Aadhaar number as proof of identity and the business can use that information as needed. By contrast, when opening an account in the U.S., customers usually have to fill out some paperwork each time they sign up to use a different service because customer data is a business's most important asset. And they don't share that information with their competitors. “Because banks are under such strong regulatory pressure, they need to vet everyone more and more to more to avoid the impact of bad actors in the system,” he said. “It becomes very complicated and it’s expensive so they take a prudent and conservative approach — which means if you're an individual or a small business there’s a greater chance you'll be declined or it'll take you forever to open an account or continue a service.” What are its flaws? It’s not clear how much privacy its users get. That’s a huge part of why Western countries haven't come together on a single digital identity solution: People are still debating various philosophies around identity — what it is, who should control it, how to let customers retain ownership of their identity while still monetizing it. “There’s a lot to like about the Aadhaar approach in as much as there is simplicity in centralizing something and having all kinds of services that piggy back on that tech stack,” Bouvier said. “There are also things one has to be careful of.” The point of the Aadhar system is to have a centralized database and one technology stack enforced on the entire country — that means one centralized point of failure. It’s not clear whether or not Aadhar is unhackable or, at the scale of 1.3 billion people, how it assures the anti-money laundering/KYC data it registers to create an identity in the system is accurate. “If you want to suspend disbelief and say it can be solved then it is powerful,” Bouvier said. “But if you don't then you have to be careful what you wish for. A government that all of a sudden has digital identity on everyone but also a central repository that could be breached would be a catastrophe.”