The Unique Identification Authority of India (UIDAI), which announced the face authentication feature for Aadhaar earlier this year, today stated that it would start the rollout of the feature in a phased manner. The feature will start rolling out with telecom service providers from September 15. When UIDAI announced the face recognition feature, it thought of starting the service from July 1, which was later pushed to August 1. However, the Aadhaar body today confirmed the rollout is finally happening starting with telcos. It has also proposed a monetary disincentive for telcos found slipping on the prescribed targets from mid next month.
For authentication agencies other than telecom service providers (TSPs), UIDAI said specific instructions will be issued on implementation of face authentication feature, but did not give a fresh deadline.
Significantly, the Unique Identification Authority of India (UIDAI) has further said 'live face photo' capture and its verification with the photo obtained in eKYC will be essential in those cases where Aadhaar is used for issuance of mobile SIMs.
UIDAI says the move is aimed at curbing the possibility of fingerprint spoofing or cloning, and seeks to tighten the audit process and security around issuance and activation of mobile SIMs.
It may be recalled that in June this year, a Hyderabad-based mobile SIM card distributor had forged Aadhaar details for activating thousands of SIMs.
"This instruction (for matching live face photo with eKYC photo) will apply only where Aadhaar is used for issuance of SIMs. As per Telecom Department's instructions, if SIM is issued through other means without Aadhaar, then these instructions will not apply," UIDAI CEO Ajay Bhushan Pandey told PTI.
UIDAI has proposed a two-factor authentication for the use of face recognition by telcos. Where an individual provides Aadhaar number, the authentication will be done using fingerprint or iris and face. For individuals providing Virtual ID, the authentication can be on the basis of fingerprint or iris.
UIDAI said in a case where an individual is unable to authenticate fingerprint or iris, face authentication can be used as an additional mode, to make the system more inclusive.
"TSPs are at this moment directed that with effect from September 15, 2018, at least 10 per cent of their total monthly authentication transactions shall be performed using face authentication in this manner. Any shortfall in transactions using face authentication would be charged at Rs 0.20 per transaction," said a UIDAI circular.
Pandey said this would ensure that telcos provide face capture facilities to customers who encounter difficulty in authentication due to worn out fingerprints.
"Combination of the live face with a fingerprint in authentication will also enhance Aadhaar security as it will effectively curb fingerprint spoofing," Pandey said.
The circular also states that after successful eKYC authentication, the telecom operators will also capture the live face photo (that is, not merely holding a still photo in front of a camera) of the individual, over and above the photo captured for face authentication.
"It shall be the responsibility of the TSP that the live photo thus captured shall be verified at their backend system with the photo received in eKYC before activation of the SIM.
"The TSP shall store both the photos in its database for audit purpose...this process shall be followed for the eKYC performed for all the customers for issuance of SIM cards," the circular said.
Failure to comply will invite a financial disincentive in line with the prescribed norms, the authority warned.
"It has been noticed that due to non-readiness of few device providers, the various AUAs (Authentication User Agencies) were not in a position to implement face authentication with effect from August 1, 2018.
"Therefore, to avoid any inconvenience to the public it has been decided to roll out the face authentication in a phased manner," UIDAI said.
In other news, UIDAI is also planning to simplify the Aadhaar address update process next year and at the same time, it's aiming to increase the security for updating Date of Birth more than once.