Card Transactions with Aadhaar Validation Need More Time: Experts

New Delhi: The Reserve Bank of India's (RBI's) move to introduce a new card payment infrastructure able to authenticate transactions using Aadhaar unique identity number-linked biometrics may take some time to implement as it has cost and supply implications.

"All new card present infrastructure has to be enabled for both EMV chip and PIN and Aadhaar (biometric validation) acceptance," RBI said in a notification on 26 November.

Europay MasterCard Visa, or EMV, chip and PIN authentication involves card information stored in a chip that is accessible through a PIN or personal identification number, which replaces a cardholder's signature.

Currently, all card infrastructure in India such as automated teller machines (ATMs) and point-of-sales (PoS) machines are moving towards full compliance with the global EMV standard that requires reading integrated circuit cards to authenticate credit and debit card transactions.

Although all transactions through debit cards are now required to be authenticated by PIN, validating financial transactions by using the biometric Aadhaar identity number database is yet to gain traction. Such a service is expected to begin in May.

Not all experts are in favour of the central bank's move to use biometrics data to authenticate transactions.

"This is a terrible idea. Biometrics should never be used as authentication factor since it cannot be revoked when it is compromised," said Sunil Abraham, executive director of Bangalore-based think-tank Centre for Internet and Society. "Digital signatures and its variations like the EMV chip are the right way to proceed."

A banker did not fully agree with Abraham.

Pulak Sinha, general manager (payment solutions) at State Bank of India, said: "In our experience, there is a need for biometric authentication in certain geographical segments in the country. Our bank has used biometric authentication for financial inclusion initiatives and has found it very useful. Having said that, each bank is the best judge as to which technology is more relevant for their customers."

Sinha added, "Also changing new infrastructure to accept all types of technologies has its own challenges as well as financial implications. Again, business cases need to be built and when people get additional services they may have to pay."

There are cost implications if the RBI directive is to be implemented, according to Rajiv Kaul, chief executive of CMS Info Systems Pvt. Ltd, which runs two cash management companies and has recently received an order from SBI to deploy 8,000 cash machines across the country.

"Some of the ATM infrastructure currently installed have some of the capabilities for EMV chip cards, but even as they are hardware-equipped, software will need to be upgraded," Kaul said. "For biometric compliance, both hardware and software will need to be installed, which will result in extra cost. So, for the short term, from the biometric perspective, the cost will go up."

Some experts hold that the notification provides a chance to assess the as-yet-untested Aadhaar-linked biometrics model where the EMV model may be hard to implement.

"RBI has been pragmatic in mandating it incrementally as it is giving Aadhaar a runway to evolve in terms of operations, use cases, risk, technology standards, dispute resolution and get these things in order," Uttam Nayak, group country manager, India and South Asia at Visa Consolidated Support Services (India) Pvt. Ltd, told Mint on 26 November. "Because Aadhaar is tokenless and doesn't need a card, it has great potential for inclusion."

Biometrics-enabled cash and PoS machines will require additional expenditure as they need high-speed Internet connectivity to transmit biometrics data, Rajeev Chandrasekhar, member of the upper house of Parliament, said in a letter to RBI governor Raghuram Rajan.

"The hardware and software cost of upgrading a single unit with biometrics hardware is not very much but changing the entire ecosystem would have costs," acknowledged SBI's Sinha. "When people get additional services they will have to pay."

"A high percentage of the population is still unbanked. The opportunity (to reach people through biometric validation and Aadhaar) is too tempting for the acquirers (banks and others using PoS devices) to not take this up," said Robin Roy, associate director of financial services at consultancy firm PricewaterhouseCoopers Pvt. Ltd.

Whether there would be enough suppliers of machines to implement the directive is also a concern, some experts said.