Chandigarh, January 5: Even as the UIDAI tried to dismiss The Tribune story on Aadhaar data breach as “misreporting”, it is a fact that the unauthorised individuals had direct access to the data that even government agencies don’t have.
To link beneficiaries of different government schemes to Aadhaar, the department concerned first collects the required data of beneficiaries, including their Aadhaar number. Following this, the data is sent for validation through an online verification gateway to the UIDAI.
KAP Sinha, Principal Secretary, Food & Civil Supplies, Punjab, who is state registrar for Aadhaar, confirmed that the state did not have direct access to the UIDAI data. Departments like school, higher and technical education, welfare and food and civil supplies are using Aadhaar Payment Bridge to disburse the benefit directly to the bank accounts of beneficiaries using their Aadhaar number.
Same is the case with private and public sector orgnisations. Banks, telecom companies, financial institutions etc, which have been authorised to undertake Aadhaar-based e-KYC (e-Know Your Customer) for authentication, admit that they cannot access the data randomly.
Through e-KYC, the consumer has to provide biometric proof, say fingerprint, at the respective device. The Aadhaar database gives access to the requesting entity (banks, telecom operators etc) only if the biometric input matches the information available in the database.
A senior IT official of a nationalised bank says: “The use of Aadhaar and accessing personal information of UIDAI for e-KYC can only be done after the consent of the customer. Any officer can’t access the data of any Aadhaar holder.”
Suppose a customer comes to the bank to open a new account or to link it with Aadhaar, the official concerned asks for his Aadhaar number and feeds it in the system. After that, he asks for biometric impression of the customer on a scanner which captures the customer’s fingerprint. Once the device reads the impression, it is communicated to the UIDAI via secure servers. The input biometric value is matched with the value stored in the database for that particular Aadhaar number. “If the value matches, only then the officer is able to access the personal details of the consumer,” he adds.
Following successful verification of the customer’s identity, the UIDAI releases all his credentials like photograph, address, date of birth etc to the bank.
Officials working with telecom operators too say e-KYC verification can be accessed only with the consent of the consumers. For linking mobile number and Aadhaar number, the subscriber receives a four digit verification code on his phone, which he provides to the store executive along with his/her biometric. After 24 hours, the subscriber receives a confirmation SMS. In case of new connection, one has to submit Aadhaar number and biometric impression. If both match, then only the operator has access to the details.” In case of Insurance companies, Aadhaar number is being fed manually at present.
News Source: http://www.tribuneindia.com