The Unique Identification Authority of India (UIDAI), the government body entrusted with issuing Aadhaar identification cards to Indian citizens, has made it mandatory for telecom services to authenticate a tenth of their customers using face recognition.
This will be implemented for telecom services from 15 September – past two deadlines of 1 July and 1 August – after the first circular on the implementation of facial authentication was issued in January 2018.
For the present, however, this will be an option only for telecom service providers from 15 September, according to UIDAI’s latest circular.
The phased rollout is because not all Aadhaar Authentication User Agencies (AUAs) are ready in terms of devices for face recognition, according to UIDAI.
“TSPs are hereby directed that with effect from September 15, 2018 at least 10 per cent of their total monthly authentication transactions shall be performed using face authentication in this manner. Any shortfall in transactions using face authentication would be charged at Rs 0.20 per transaction,” said a UIDAI circular.
Face authentication means the user’s photo will be captured and compared with the one in the Aadhaar database. At the time of getting an Aadhaar card, all users have their photo taken, which will now be matched in the eKYC process for issuing SIMs on the basis of Aadhaar cards.
Telecom service providers will have to take a photo of the user and send this for authentication in their registered device, which is being used to complete the eKYC process, says a PTI report.
The TSP will have to store the photo captured for face authentication, and ensure that the live photo matches the one in the e-KYC before activating the SIM. The TSP will have to store both the photos in its database for audit purpose. TSPs who fail to follow this can invite financial disincentive, notes the circular.
Keep in mind that the face recognition verification is only required where a mobile SIM is being issued on the basis of Aadhaar cards. Where Aadhaar card is not being used to issue SIM, this rule does not apply.
“This instruction (for matching live face photo with eKYC photo) will apply only where Aadhaar is used for issuance of SIMs. As per Telecom Department’s instructions, if SIM is issued through other means without Aadhaar, then these instructions will not apply,” PTI quoted UIDAI CEO Ajay Bhushan Pandey as saying
UIDAI says the move is aimed at curbing the possibility of fingerprint spoofing or cloning. The idea of face recognition when it was originally announced is also to make the process of eKYC more inclusive, and give more choices, especially in cases where residents have a problem with iris scan or fingerprint authentication.
However, face recognition will be part of a two-factor authentication by TSPs. The first will be verification via fingerprint or iris, and second will be the face recognition. In case where users are not able to authenticate via fingerprint or iris, the TSP will have to use face recognition.
The idea is to increase security around issuing and activation of mobile SIMs. This will ensure that a SIM is not issued to someone by just verifying the fingerprint, but also matching the face, according to UIDAI’s circular.
Read more: UIDAI announces phased rollout of face authentication with telcos from September 15
In its original order, UIDAI had said in January 2018, that face authentication will have to be combined with another mode of verification for Aadhaar. This can be iris, fingerprint or OTP, according to the January 2018 circular.
Meanwhile, former CIA contractor and whistleblower Edward Snowden has said that the UIDAI has called for a more secure Aadhaar and warned against linking the unique identity to everything.
Speaking via video-conference at an event in Jaipur, Snowden said it was scary that "people are creating mandatory enrolment that is forcing identity on people throughout the country to the point where you cannot have a child and get a birth certificate unless you provide your Aadhaar number."
He also called for criminal action against enrolment agencies and private firms that misuse Aadhaar. "There should be criminal penalties assigned to any firm that seeks your Aadhaar number for a service that the government is not paying for, that is not directly funded for a social benefit. They should not just be fined, someone should go to jail for that," he said.