The Aadhaar eKYC is similar to the Authentication transaction of verifying the customer, except that it returns with
the Name, Address, Gender and Date-of-Birth and Face-photo of the Aadhaar-holder electronically. It does NOT return the mobile number or
email id of the Aadhaar holder.
eKYC privacy provisions under the Aadhaar Act
- Consent of the Aadhaar holder needs be procured for conducting an eKYC transaction.
- The Aadhaar holder needs to be adequately notified of the purpose for which his eKYC transaction is being conducted.
- The Aadhaar holder needs to be notified as to the agency/company on whose behalf the eKYC transaction is being conducted.
- The agency that conducted the eKYC transaction cannot share it with any third party, without the consent of Aadhaar resident.
eKYC flow
- e-KYC front-end application captures Aadhaar number + biometric/OTP of resident and forms the encrypted PID block
- KUA forms the Auth XML using the PID block, signs it, uses that to form final e-KYC input XML and sends to KSA
- KSA forwards the KYC XML to Aadhaar e-KYC service
- Aadhaar KYC service authenticates the resident and if successful responds with digitally signed and encrypted XML
containing resident’s latest demographic and photograph information
- E-KYC response (containing demographic data and photograph), by default, is encrypted with KUA public key
- KSA sends the response back to KUA enabling paperless electronic KYC
EKYC will perform using two ways
1. OTP
2. Biometric