Taking steps towards addressing concerns over reported vulnerabilities of Aadhaar data, the Unique Identification Authority of India (UIDAI) has introduced 16-digit temporary Virtual ID and toned down know-your-customer (KYC) for Aadhaar number holders.
Now, Aadhaar card holders can share this 16-digit Virtual ID number to avoid sharing the Aadhaar number at the time of authentication, said a circular issued by UIDAI. The limited KYC service will eliminate the need for agencies to store Aadhaar numbers.
Entrackr detail queries regarding the Virtual ID did not elicit any response from UIDAI and its CEO. The development was reported by The Hindu via PTI.
The virtual ID will be a temporary, revocable 16-digit random number mapped with the Aadhaar number. It will not be possible to derive the Aadhaar number from the virtual ID.
Citizens can generate as many Virtual IDs as they want. The older IDs will get automatically canceled once new ones are generated. UIDAI will be releasing necessary APIs (Application Programming Interface) by March 1.
“Aadhaar number being the permanent ID for life, there is need to provide a mechanism to ensure its continued use by the Aadhaar number holder while optimally protecting the collection and storage of Aadhaar number itself in many databases,” the circular said.
UIDAI will also issue a unique UID token. This token will remain the same for an Aadhaar number for all authentication requests by that particular entity.
It has directed all agencies to make the necessary changes for the use of virtual ID, UID token and limited KYC to start using the new system by 1 June. Those who fail to do so may face discontinuation of authentication services and fine, added the circular.
The action has been taken after The Tribune revealed on Jan 4 a data breach available at mere Rs 500. There are around 1.19 billion Aadhaar card holders in the country. The UIDAI restricted the access of 5000 designated officials to the Aadhaar portal after the newspaper report.