Next year, you may be able make payments through an eye or a finger scan, no longer needing your debit/credit card PIN or password.
Though some technology firms have raised security concerns, the RBI had asked all payment infrastructures to facilitate payments through biometric authentication with Aadhaar-enabled terminals from January 1, 2017.
This means that new ATMs and PoS (Point of Sale) merchant terminals are likely to let you authenticate debit/credit card transactions with a fingerprint or retinal scan.
“Making payments through biometric with Aadhaar-enabled machines is an added layer of security. We are discussing with the RBI ways to work out the security threats or challenges, if any,” said a senior NPCI official.
“At present, we are enabling 30-35 million transactions per month using biometric through micro-ATMs.” NPCI is the umbrella organisation for all retail payment transactions.
Banks and third-party vendors are sceptical about the move. Recently, 32 debit and credit cards were tampered with, resulting in about ₹1.3 crore being withdrawn from savings bank accounts.
Mumbai-based mobile PoS player and major card payment processor MSwipe’s CEO Manish Patel said, “In Aadhaar-based transactions, there are systemic risks. In case a hacker captures your biometric identity, it takes away the person’s identity and that can never be changed. Global security systems have got hacked, how can we assume that Aadhaar cannot be hacked? Dispute resolution will become difficult.”
Further, huge operating costs to install PoS machines will make it more expensive for banks to provide the service.
Currently there are 11 lakh PoS terminals and over 2 lakh ATMs.
R. Gurumurthy, head of risk and governance at RBL Bank said, “Potentially, challenges could be envisaged where biometric data is stored locally thus lending itself to potential theft. As long as that is not the case, this should be workable. Compromise at the central database of UID is tough to envision. Several countries use biometric data as an identity establishment method even in airports for immigration, availing social benefits.”
Banks and the Indian Banks Association are working together to communicate their inputs to the RBI and personally I think there is less time to comply with the mandate of January next year.”
Currently, there are around 1.07 billion Aadhaar cards issued in India with nearly Rs 300 crore worth of authenticated transactions. With the government looking to shift the payments landscape to more cashless transactions, this could be a big enabler. There are around 697 million debit cards and 25 million credit cards as on July 2016 and the debit and credit card transactions over the past 2 years have been growing steadily at 16% and 25%, respectively. However, about 90% of transactions in the country are in cash.
Even as RBI agreed that the process is not in place and can be time consuming, in an official response to HT, RBI said, “With the increase in Aadhaar coverage and also the seeding of bank accounts with Aadhaar number, Aadhaar is assuming importance as an important identifier, including for financial transactions. The JAM trinity of Jan-Dhan account, Aadhaar number and Mobile, has also given a fillip to the efforts of financial inclusion and implementation of the common vision and agenda of the Government and the Reserve Bank of India towards promoting electronic payments. Accordingly, authentication of transactions using Aadhaar-biometric is also being envisaged by putting in place necessary infrastructure as indicated in our circular.”
Deepak Chandnani, CEO of Worldline South Asia & Middle East and Ajay Dubey, senior channel manager at Forcepoint, a cyber-security solution provider said that biometric technologies are being tested and used by companies like Apple and Google while banks and payment companies need to work on better or improved processing and there needs to be more awareness.