Use Aadhaar Freely
I gave my Aadhaar card to a service provider for proving my identity. Can anyone harm me by knowing and misusing my Aadhaar number? Open or Close
No. Just, by knowing your Aadhaar number, no one can harm you. It’s just like any other identity document such as passport, voter ID, PAN card, ration card, driving license, etc., that you have been using freely for decades with service providers. Aadhaar identity, instead, is instantly verifiable and hence more trusted. Also, as per the Aadhaar Act 2016, the Aadhaar card is required to be verified either by in physical or electronic formby way of authentication or offline verification, or in such other form as may be specified. Verification is done through fingerprint, iris scan, OTP authentication, and QR code etc. Hence, it is near impossible to impersonate you if you use Aadhaar to prove your identity. People have been freely giving other identity documents such as passport, voter ID, PAN card, ration card, driving license, etc. But did they stop using these documents for the fear that somebody would use them to impersonate? No! They continue using them and if any fraud happens, the law enforcement agencies handle them as per law. The same logic will apply to Aadhaar. In fact, Aadhaar is more secure than many other identity documents, because unlike other IDs, Aadhaar is instantly verifiable through biometric and OTP authentication and QR code. Further, under the Aadhaar Act, 2016 stringent penalties, including fines and imprisonment are provided whenever a person misuses your Aadhaar number or tries to cause any harm to you.
Does linking my bank account, PAN, and other services with Aadhaar make me vulnerable? Open or Close
No. As your bank information is not shared by the bank with anyone else, no one can have information about your bank account just by knowing your Aadhaar number. Also, UIDAI or any entity for that matter would not have any information about your bank account. For example, you give your mobile number at various places and to various authorities such as bank, passport authorities, income tax departments, etc. Would the telecom company have access to your bank information, income tax returns, etc.? Obviously no! Similarly, when you provide Aadhaar number to various service providers, your detail remains with the respective service providers and no single entity including the Government or UIDAI will have access to your personal information spread across various service providers.
Why am I asked to verify Bank account, Demat account, PAN and various other services with Aadhaar? Open or Close
As per the Supreme Court Judgement in the Aadhaar case (494 of 2012), residents are no longer required to mandatorily verify Bank account with Aadhaar. PAN Aadhaar linking is mandatory. A resident can voluntarily use his Aadhaar number in physical or electronic form by way of authentication or offline verification, or in such other form as may be specified by UIDAI. Mandatory Aadhaar authentication can be performed if the purpose is backed by law. However, for availing subsidies, benefits, services beneficiaries are required to undergo mandatory Aadhaar authentication pursuant to notification under section 7 of the Aadhaar Act, 2016 (as amended). When you link your bank account, demat account, mutual fund account, PAN, etc., with Aadhaar, you secure yourself because no one can impersonate you to avail these services. Often the fraudsters carry out transactions and transfer money from someone else’s account to their accounts and go untraced as they generally submit their fake identities to the bank while opening their accounts. They operate bank accounts in fictitious names/companies and run shell companies’ accounts to carry out money laundering or stash black money. Therefore, when all the bank accounts are verified with Aadhaar then it would not be possible for these unscrupulous elements to go untraced and banking as a whole would become more safe and secure as the identity of each bank account holders is established uniquely beyond doubt through eKYC. As of now 96 crore bank accounts out of total 110 crore accounts have been linked to Aadhaar.
At the same time, you also contribute to serve the vital national interests by making the system rid of bogus, fakes and duplicates who could misuse IDs to evade taxes, siphon off public money, etc. Through use of Aadhaar and other process improvements, the Government has been able to weed out more than 6 crore fakes, duplicates and ghosts beneficiaries and save more than Rs. 90,000 crore of public money. Also, ghost and shell entities and companies used to be created for tax evasion, money laundering, terror financing, etc. Verification of identity through Aadhaar has helped curb these practices. Similarly, use of Aadhaar has checked unscrupulous elements that used to resort to impersonation in various examination and tests for college admission and jobs, etc., and thereby denying the genuine candidates of their rightful dues. There are number of other areas where verification of identity through Aadhaar has brought in fairness and transparency in the system.
Can a fraudster withdraw money from my Aadhaar linked bank account if he knows my Aadhaar number or has my Aadhaar card? Has any Aadhaar holder suffered any financial or other loss or identity theft on account of impersonation or misuse? Open or Close
Just like by merely knowing your bank account number, one cannot withdraw money from your account, similarly by merely knowing your Aadhaar number, no one can withdraw money from Aadhaar linked bank account. As in bank for withdrawing money, your signature, debit card, PIN, OTP, etc., is required, similarly for withdrawing money from your Aadhaar linked bank account through Aadhaar, your fingerprint, IRIS or OTP sent to your Aadhaar registered mobile will be required. No Aadhaar holder has suffered any financial or other loss or identity theft on account of any said misuse or attempted impersonation of Aadhaar. Notably, everyday more than 3 crore Authentications are carried out on the Aadhaar platform. In the last eight years, so far more than 3,012.5 crore authentications (till 28th May 2019) have been successfully done. UIDAI keeps upgrading and reviewing its security systems and safety mechanisms to make Aadhaar more secure and more useable. There has not been a single instance of biometric data breach from Aadhaar database. Therefore, people should freely use and give Aadhaar to prove their identity as and when required under the provisions of the Aadhaar Act, 2016.
There are many agencies that simply accept physical copy of Aadhaar and do not carry out any biometric or OTP authentication or verification. Is this a good practice? Open or Close
Aadhaar authentication can be performed for availing benefits, services and benefits falling under Section 7 of the Aadhaar Act, 2016 and if the purpose for which Aadhaar authentication is intended to be used is either backed by law made by parliament or is in the State interest. The verification of Aadhaar can be done offline through QR code available on the physical Aadhaar copy. If any agency does not follow these best practices, then that agency will be fully responsible for situations or losses arising out of possible misuse or impersonation. An Aadhaar holder is not responsible for the wrongful act of or by any agency.
Recently, UIDAI has issued an advisory asking people not to share their Aadhaar number openly in the public domain especially on Social Media or other public platforms. Does this mean that I should not use Aadhaar freely? Open or Close
You should use your Aadhaar without any hesitation for proving your identity and doing transactions, just like you use your bank account number, PAN card, debit card, credit card, etc., wherever required. What UIDAI has advised is that Aadhaar card should be freely used for proving identity and doing transactions, but should not be put on public platforms like Twitter, Facebook, etc. People give their debit card or credit card details or cheque (which has bank account number) when they purchase goods, or pay school fee, water, electricity, telephone and other utility bills, etc. Similarly, you can freely use your Aadhaar to establish your identity as and when required without any fear. While using Aadhaar, you should do the same level of due diligence as you do in case of other ID cards – not more, not less.
If Aadhaar has to be freely used for proving identity and it is safe to do so, then why has UIDAI advised people not to put up their Aadhaar number in Social Media or public domain? Open or Close
You use PAN card, debit card, credit card, bank cheques wherever required. But do you put these details openly on internet and social media such as Facebook, Twitter, etc.? Obviously no! You do not put such personal details unnecessarily in public domain so that there is no unwarranted invasion attempt on your privacy. The same logic needs to be applied in case of uses of Aadhaar.
What happens if some fraudster who obtains a copy of my Aadhaar card and tries to open a bank account in my name without my knowledge. Will I not be harmed? Open or Close
Under the PML Rules Aadhaar is one of the officially valid documents accepted for opening bank account and the bank is required to do other due diligence for banking transaction or KYC. If at all some fraudster tries to open bank account using Aadhaar and bank doensn’t carry any due diligence then in such case an Aadhaar holder cannot be held responsible for bank’s fault. It is just like if some fraudster opens a bank account by presenting someone else’s Voter card/Ration card, it is the bank that would be held responsible not the voter or ration card holder. Till date no Aadhaar holder has suffered any financial loss on account of such misuse.
E-Aadhaar
Is e-Aadhaar equally valid like physical copy of Aadhaar? Open or Close
As per Aadhaar Act, e-Aadhaar is equally valid like Physical Copy of Aadhaar for all purposes. For UIDAI circular on validity of e Aadhaar, please visit https://uidai.gov.in/images/uidai_om_on_e_aadhaar_validity.pdf
What is e-Aadhaar? Open or Close
e-Aadhaar is a password protected electronic copy of Aadhaar, which is digitally signed by the competent Authority of UIDAI and can be downloaded from the official website or mobile Application (mAadhaar available on Google Play and Apple store for Smartphones) of the UIDAI.
From where Resident can download e-Aadhaar? Open or Close
Resident can download e-Aadhaar by visiting UIDAI websites - https://uidai.gov.in/ or by visiting https://myaadhaar.uidai.gov.in and also from mAadhaar app for mobile phones using registered mobile number
How can Resident download e-Aadhaar? Open or Close
Resident can download e-Aadhaar by following two ways.
1. By Using Enrollment Number:Resident can download e-Aadhaar using 28 digit enrolment no. along with Full Name and Pin code. In this download process, OTP is received on registered mobile no. Resident can also use TOTP to download e-Aadhaar instead of OTP. TOTP can be generated using mAadhaar mobile Application.
2. By Using Aadhaar No:Resident can download e-Aadhaar by using 12 digits Aadhaar No. along with Full Name and Pin code. In this download process, OTP is received on registered mobile no. Resident can also use TOTP to download e-Aadhaar instead of OTP.
What is Masked Aadhaar? Open or Close
Mask Aadhaar option allows you to mask your Aadhaar number in your downloaded e-Aadhaar. Masked Aadhaar number implies replacing of first 8 digits of Aadhaar number with some characters like “xxxx-xxxx” while only last 4 digits of the Aadhaar Number are visible.
What Is the Password of e-Aadhaar? Open or Close
Password of E-Aadhaar is the combination of the first 4 letters of name in CAPITAL and the year of birth (YYYY).
For Example:
Example 1
Name: SURESH KUMAR
Year of Birth: 1990
Password: SURE1990
Example 2
Name: SAI KUMAR
Year of Birth: 1990
Password: SAIK1990
Example 3
Name: P. KUMAR
Year of Birth: 1990
Password: P.KU1990
Example 4
Name: RIA
Year of Birth: 1990
Password: RIA1990
What supporting software needed to view e-Aadhaar? Open or Close
Resident needs 'Adobe Reader' to view digitally verified e-Aadhaar. To install Adobe Reader in the System visit https://get.adobe.com/reader/
How to validate digital signatures in e-Aadhaar? Open or Close
Computer must be connected to internet while downloading the E-Aadhaar.
1. Download your E-Aadhaar and open the pdf in Adobe Reader only
2. Right click on the 'validity unknown' icon and click on 'Validate Signature'
3. You will get the signature validation status window, click on 'Signature Properties'.
4. Click on 'Show Signer's Certificate.'
5. Verify that there is a certification issued by the name '(n)Code Solutions CA 2014'.
6. On Summary page(tab), Click on 'Export'
7. Click 'Next' to save the certificate in your local system (Desktop/Laptop).
8. After that click 'Next' and then 'Finish'
9. Click on 'Trust' tab, then Click on 'Add to trusted certificate'. After that Select all three options under 'Certified documents' and click 'Ok'
10. Click again on 'Validate Signature' and close the window
11. Once ' (n)Code Solutions CA 2014' has been as a Trusted Identity, any subsequent documents with digital signatures from CCA will be validated automatically when opened.
12. In case Certificate validity is seen to have an expired certificate, on the machine; you are requested to download the E-Aadhaar once again and re-validate the signature, using the said procedure given in above points and add the newly downloaded certificate again to 'Trusted Certificate' category on local machine for adding valid/current digital certificate.
13. The invalid digital signature on the downloaded e-Aadhaar can also be validated on another machine, other than the machine where it was downloaded i.e. Laptop/Desktop. However, for this document to be validated, the digital certificate needs to be downloaded and validated as per the procedure above on the alternate machine.
Note: - Once 'NIC sub-CA for NIC 2011, National Informatics centre' has been as a Trusted Identity, any subsequent documents with digital signatures from CCA will be validated automatically when opened.
mAadhaar FAQs
Is it compulsory to have registered mobile number to use m-Aadhaar services? Open or Close
No. Anyone in India with a smartphone can install and use mAadhaar App.
Without an Aadhaar registered mobile number resident will be able to avail only a few of the services such as Order Aadhaar reprint, Locate Enrolment Center, Verify Aadhaar, Scanning QR code etc.
However registered mobile number is mandatory to create the profile in mAadhaar and use the same as digital identity and avail all other Aadhaar services which require registered mobile number under mAadhaar. The OTP will be sent to only their registered mobile for creating the profile in mAadhaar.
Is it compulsory to have registered mobile number to use mAadhaar? Open or Close
No. Anyone in India with a smartphone can install and use mAadhaar App. Although for creating the Aadhaaar profile in mAadhaar, registered mobile number is required.
Without an Aadhaar registered mobile number resident will be able to avail only a few of the services such as Order Aadhaar PVC card, Locate Enrolment Center, Verify Aadhaar, Scanning QR code etc.
How to configure mAadhaar applications in phone (Android & iOS)? Open or Close
The mAadhaar App is available for both Android and iPhone users in India. In order to install the app follow the steps given below:
1. Visit the Google Play Store for Android and to App Store for iPhone.
2. Type mAadhaar in the search bar and download, or download mAadhaar Android version from https://play.google.com/store/apps/details?id=in.gov.uidai.mAadhaarPlus&hl=en_IN or iOS version from https://apps.apple.com/in/app/maadhaar/id1435469474.
3. To make sure you are downloading the right app, check to see if the developer’s name is listed as ‘Unique Identification Authority of India’
What is iOS compatible version for maadhaar app? Open or Close
The mAadhaar app for iPhone is compatible for iOS 10.0 and above.
Is there any difference in specification and/or functionality of mAadhaar basis on iOS & android device? Open or Close
mAadhaar app provides same services to both iOS and Android device users. The functionality and UX remains same irrespective of devices (iOS, Android).
Does my profile on mAadhaar get inactive when changed to new phone with registered mobile number? Open or Close
Yes. However, mAadhaar app should be installed on new mobile device.
What are the features/benefit of mAadhaar application? Open or Close
mAadhaar is more than Aadhaar card in a wallet. Using the mAadhaar App, the resident can avail the following benefits:
1. View/Show Aadhaar in offline mode, particularly when residents are required to show their ID proof
2. Update Address in Aadhaar via document or without document proof
3. Keep/Manage Aadhaar of family members(up to 5 members) in one mobile
4. Share Paperless eKYC or QR code to service providing agencies
5. Secure Aadhaar by Locking Aadhaar or Biometrics
6. Generate or Retrieve VID which user can use in the place of Aadhaar to avail Aadhaar services (for those who have locked their Aadhaar or do not wish to share their Aadhaar).
7. Use Aadhaar SMS services in offline mode
8. Check Request Status Dashboard: After enrolling for Aadhaar, ordering reprint or updating Aadhaar data, resident can check the status of the service request in the App.
9. Help others who don’t own a smartphone in availing Aadhaar services with the help of common services.
10. Get Update history and Authentication records
11. Book Appointment to visit Aadhaar Seva Kendra
12. Aadhaar Sync feature allows resident to fetch the updated data in Aadhaar profile after successful completion of an update request.
13. Time-based One-Time Password can be used instead of SMS based OTP to avail Aadhaar related Online Services available on the UIDAI Website
14. Locate Enrolment Centre (EC) helps user find nearest enrolment Centre
15. The More section in the App includes information about the mAadhaar App, Contact, Usage guidelines, Terms & Conditions of using the app and other necessary information.
16. Apart from helpful FAQs and link to Chatbot the More section also contains links to important documents from where resident can download the Aadhaar enrolment or Aadhaar update/correction forms.
17. Resident can raise request for Order Aadhaar PVC Card using Aadhaar number or Virtual ID or Enrolment ID by paying a nominal charge of Rs. 50/-.
18. QR code scanning through mAadhaar 'QR code scanner' feature
Where can mAadhaar be used? Open or Close
mAadhaar app can be used anywhere anytime within India. mAadhaar is more than Aadhaar card in a wallet. On one hand the mAadhaar profile is accepted as a valid ID proof and on the other, resident can use the features in the app to share their eKYC or QR code with service providers who sought Aadhaar verification of their customers before providing Aadhaar services.
How resident can create profile on m-Aadhaar App? Open or Close
Only someone with an Aadhaar linked to a registered mobile number can create Aadhaar profile in the mAadhaar App. They can register their profile in an App installed in any smartphone. However the OTP will be sent to only their registered mobile. Steps to register Aadhaar profile are given below:
- Launch the app.
- Tap on the Register Aadhaar tab on the top of main dashboard
- Create a 4 digit Pin/Password(memorize this password, as it will be required to access profile)
- Provide Valid Aadhaar & enter valid Captcha
- Enter Valid OTP and submit
- The profile should get registered
- The registered tab would now display the registered Aadhaar Name
- Tap on My Aadhaar tab on the bottom menu
- Enter 4-digit Pin/Password
- My Aadhaar Dashboard appears
How resident can view the profile? Open or Close
The profile can be viewed by tapping on the profile summary on the top (profile image, name and Aadhaar number on the cyan tab) in the main dashboard.
Is there any process to update the Aadhaar details through mAadhaar App , such like DOB, Mobile number , address etc. and completer process to be added? Open or Close
No, the facility to update demographic details such as Name, DoB, Mobile number aren not available in the mAadhaar app. Only address update via document facility is currently available.
However the demographics updates features may be included in future releases.
How to avoid entering your password again and again, on opening the app? Open or Close
Keeping the security and privacy of the Aadhaar holders in mind, the app does not allow save password feature in the app. Hence the user will be required to enter password every time they wish to access profile on My Aadhaar.
Aadhaar Paperless Offline e-kyc
Who are the users of this Aadhaar Paperless Offline e-KYC? Open or Close
Any Aadhaar number holder who desires to establish his/her identity to any service provider (OVSE) using digitally signed XML downloaded from UIDAI website can be a user of this service. The service provider should have provisions of providing this Aadhaar Paperless Offline e-KYC at their facility and do the offline verification
How to generate Offline Aadhaar XML? Open or Close
The process of generating Aadhaar Offline e-KYC is explained below:
• Go to URL https://myaadhaar.uidai.gov.in/offline-ekyc
• Enter ‘Aadhaar Number’ or ‘VID’ and enter mentioned ‘Security Code’ in screen, then click on ‘Send OTP’. The OTP will be sent to the registered Mobile Number for the given Aadhaar number or VID. OTP will be available on m-Aadhaar mobile Application of UIDAI. Enter the OTP received. Enter a Share Code which be the password for the ZIP file and click on ‘Download’ button
• The Zip file containing the digitally signed XML will be downloaded to device wherein the above mentioned steps have been performed.
The Offline Aadhaar XML can also be downloaded from mAadhaar app.
Where can I find the Public Certificate for Digital Signature validation? Open or Close
Public certificate for Digital signature validation can be downloaded from here.
How to share this Paperless Offline eKYC document with the service provider? Open or Close
Residents can share the XML ZIP file along with the Share Code to the service provider as per their mutual convenience.
How will service providers use Aadhaar Offline e-KYC? Open or Close
The process of Aadhaar Offline e-KYC Verification by Service Provider is:
- Once service provider obtains the ZIP file, it extracts the XML file using the password (share code) provided by the resident.
- The XML file will contain the demographic details such as Name, DOB, Gender and Address. Photo is in base 64 encoded format which can be rendered directly using any utility or plane HTML page. Email Address and Mobile number are hashed.
- Service Provider has to collect Email Address and Mobile number from residents and perform below operations in order to validate the hash:
Mobile Number:
Hashing logic: Sha256(Sha256(Mobile+ShareCode))*number of times of last digit of Aadhaar Number
Example :
Mobile number: 9800000002
Aadhaar Number: 123412341234
Share Code: Abc@123
Sha256(Sha256(9800000002+ Abc@123))*4
In case if Aadhaar Number ends with Zero or 1 (123412341230/1) it will be hashed one time.
Sha256(Sha256(9800000002+ Abc@123))*1Email Address:
Hashing Logic: This is a simple SHA256 hash of the email without any salt
- Entire XML is digitally signed and Service Provider can validate the XML file using the signature and public key available on the UIDAI website.(https://uidai.gov.in/images/uidai_offline_publickey_26022019.cer).
Can this Offline Paperless eKYC document be shared to other entities by the Service Provider? Open or Close
Service Providers shall not share, publish or display either XML or Share Code or its contents with anyone else. Any non-compliance of these actions shall invite actions under Sections 29(2), 29 (3), 29(4) and 37 of The Aadhaar Act, 2016 (as amended) and sub regulation 1A of regulation 25, regulation 14A of The Aadhaar (Authentication and Offline Verification) Regulation, 2021 and regulation 6 and 7 of The Aadhaar (Sharing of Information) Regulation, 2016.
How this Aadhaar Offline Paperless eKYC document is different from the other identification documents produced offline by residents? Open or Close
Identity verification can simply be accomplished by providing an identity document like PAN card, Passport etc to the service provider. However, all these documents, which may be used for identification can still be forged and faked which may or may not be possible to verify offline instantaneously. The document verifier has no technological means to verify the authenticity of the document or the information it contains and has to trust the document producer. Whereas, the XML file generated by the Aadhaar number holder using Aadhaar Paperless Offline e-KYC is digitally signed document using UIDAI digital signature. Thus, the service provider can verify the demographic contents of the file and certify it to be authentic when doing the offline verification
What is Aadhaar Paperless Offline e-KYC? Open or Close
It is a secure sharable document which can be used by any Aadhaar number holder for offline verification of Identification.
A resident desirous of using this facility shall generate his/her digitally signed Offline XML by accessing UIDAI website. The Offline XML will contain Name, Address, Photo, Gender, DOB, hash of registered Mobile Number, hash of registered Email Address and reference id which contains last 4 digits of Aadhaar Number followed by time stamp. It will provide Offline Aadhaar Verification facility to service providers/Offline Verification Seeking Entity (OVSE) without the need to collect or store Aadhaar number.
As an expert in Aadhaar, I can assure you that Aadhaar is a secure and reliable identity document that offers several layers of protection against misuse and impersonation. The information provided in the article aligns with the key concepts and security measures associated with Aadhaar. Let's break down the concepts discussed in the article:
-
Aadhaar Verification Process:
- Verification is done through various methods such as fingerprint, iris scan, OTP authentication, and QR code.
- The Aadhaar Act 2016 mandates verification in physical or electronic form.
- Aadhaar is instantly verifiable, making it more trusted than traditional identity documents.
-
Linking Aadhaar with Bank Accounts and Services:
- Linking Aadhaar with bank accounts, PAN, and other services enhances security by preventing impersonation.
- It helps in tracking and preventing fraudulent activities, such as money laundering and tax evasion.
- The government has successfully eliminated fake beneficiaries, saving a significant amount of public money.
-
Security Measures and Misuse Prevention:
- Misuse of Aadhaar number alone cannot lead to financial or identity theft.
- Authentication requires additional factors like fingerprint, IRIS, or OTP for transactions.
- Stringent penalties, including fines and imprisonment, are in place for those misusing Aadhaar information.
-
Use of Aadhaar in Various Services:
- Aadhaar can be freely used for proving identity and availing services, similar to other identity documents.
- UIDAI advises against sharing Aadhaar numbers on public platforms but encourages using it securely.
-
mAadhaar Application:
- mAadhaar is a mobile application that allows users to carry a digital version of their Aadhaar.
- It offers various services such as offline e-KYC, updating information, and securing Aadhaar through biometrics.
-
e-Aadhaar and Digital Signatures:
- e-Aadhaar, a password-protected electronic copy, is equally valid as a physical Aadhaar card.
- The digital signature on e-Aadhaar ensures its authenticity and integrity.
-
Aadhaar Paperless Offline e-KYC:
- Users can generate a digitally signed Offline XML for offline verification without revealing the Aadhaar number.
- Service providers can verify the XML using UIDAI's public key, ensuring the authenticity of the information.
-
Security Measures for mAadhaar:
- mAadhaar services require a registered mobile number for full functionality.
- Passwords are not saved for security reasons, and users need to enter them each time they access their profile.
Overall, the article provides comprehensive information about the security features, benefits, and best practices associated with using Aadhaar for identity verification. Users are encouraged to use Aadhaar freely for legitimate purposes while taking necessary precautions to protect their information.
