MUMBAI: Remembering your 12-digit Aadhaar number can be a test on your memory. But if you succeed, you will no longer need your debit/credit cards or e-wallets to make payments.
The Aadhaar Payment System (APS), to be launched on April 14, is a revolutionary model that allows users to pay without using plastic money or a prepaid payment instrument such as PayTM. No such card-less, personal identification number (PIN)-less payment system exists in the world yet and this is a first-of-its-kind model India is experimenting. “It’s a giant leap and has the ability to transform the way digital payments are made, particularly in rural areas, where the use of mobile phones and cards is less,” says A P Hota, managing director and CEO, National Payments Corporation of India.
Theoretically, it’s an out-of-the-box solution to draw rural masses into the fold of Narendra Modi’s grand vision of a cashless economy, but in pracice, it’s mired in privacy concerns and its success weighs heavily on resolving issues around data protection.
As the name suggests, APS relies solely on Aadhaar data, including Aadhaar number and user’s biometric and fingerprint data to make payments, unlike the secure two-factor PIN verification or quick response (QR)-enabled payments prevalent today used by credit/debit cards, prepaid payment instrument (PPI) systems such as m-wallets and paper vouchers.
“APS uses fingerprint as the PIN to complete the transaction, provided the users have an Aadhaar-linked bank account,” says Rajiv Anand, executive director, Axis Bank.
The primary concerns around Aadhaar are that the scope for misuse is high, since the data primarily passed through private hands. There are still no stringent laws to penalise those who misuse the data. Already, reports of availability of Aadhaar data in the public domain and misuse by third-party companies are doing the rounds. Users’ private data including identity, biometrics and fingerprints, assets and financial details are falling into private hands.
In this context, improvement in the safety, security, soundness, efficiency and effectiveness of the payment systems is essential. In August 2016, the government constituted the Ratan Watal committee to review the payment systems, recommended amendment of the Payment and Settlement Systems Act 2007 to provide for improved regulatory governance, consumer protection, data protection and security and graded penalties for offences. Data protection is relevant much beyond the payment system, and should encompass any digital data, even involving the Information Technology Act.
Unlike the UPI, the National Unified USSD Platform, Bharat QR that have secure and robust payment infrastructure, APS leaves much to be desired on the privacy and security front. But, Hota says these issues are being addressed. “All merchants’ APS infrastructure like dongles will be duly certified by UIDAI,” he says adding that software and hardware level security issues, too, are being dealt with.
According to the finance minister’s Budget speech, the goal for the next year is to reach 25 million cashless transactions—up from the current year’s projected nine million to 25 million. This is an ambitious target, but given the thrust on digital payments and assuming a fraction of the 400 million Aadhaar-linked bank account holders use APS, it could accelerate cashless payments. While consumers have to bear additional charge of 2-3 per cent on card payments, payments made using the APS come with zero extra charges.
Aadhaar pay offers convenience and its adoption in the Indian banking system could change the country’s financial landscape, but only when data protection and privacy are given due thrust.