FAQs at MOSIP Connect 2024

In today’s increasingly interconnected world, the need for a singular, unifying national identity has become more important than ever.

With India showing the way with its national ID – Aadhaar, many countries around the globe have expressed their interest to emulate India’s national ID success story. 

Spearheading this global initiative is the Modular Open Source Identity Platform (MOSIP), a university-incubated not-for-profit organization that helps governments ideate and implement effective digital public infrastructure in their respective countries.

To bring together the key changemakers in the global digital identity ecosystem, MOSIP recently hosted its first edition of MOSIP Connect, a 3-day event in Addis Ababa, Ethiopia from 5th to 7th March 2024.

As India’s leading Digital Identity solutions provider, ECS was privileged to present its advanced MOISP-integrated KYC solutions to global dignitaries and industry leaders at the MOSIP Connect event. Here are a few Frequently Asked Questions (FAQs) that Team ECS answered at the event:

Q1. Can you tell us more about your MOSIP-enabled solutions? What are their exact use cases?

A. As India’s leading Digital and Paperless KYC solutions provider that has processed over 2.2 Billion Digital KYC transactions for over 400+ enterprises, here are some of the key modules embedded in our ready-to-implement, MOSIP-integrated Digital KYC platform:

  1. Full stack ‘MOSIP PAP Server Module’ integrated with MOSIP’s MISP Engine.
  2. MOSIP-approved Secure Biometric Interface (SBI) integrated with all leading Biometric Devices.
  3. Web & Mobile-based Transaction Interfaces integrated with enterprises’ existing front-end modules.
  4. MOSIP based e-Sign module to enable execution of any documents in a Paperless form.

This comprehensive stack is implemented under an ‘On-Premises’ model and is designed to seamlessly communicate with the MOSIP-powered National ecosystem for downloading KYC data of citizens on a real-time basis.

Our stack that cohesively supports Fingerprint, IRIS and OTP-based KYC transactions has diverse use cases, including:

  • KYC of Telco individuals applying for a new SIM Card.
  • KYC of individuals applying for a bank or NBFC’s asset/liability products.
  • KYC of Payment Wallet customers.
  • KYC of individuals applying for competitive examinations.
  • KYC of individuals applying for a life/general insurance policy.
  • KYC of individuals seeking Government subsidies.

Paperless execution of any document by the end-user by using his/her MOSIP-powered National ID.

Q2.  What are the infrastructural requirements for integrating your solutions with our current National ID project?

A. ECS’s KYC stack is deployed under an ‘On-premises’ model to ensure complete security and control over the sensitive KYC information downloaded from the MOSIP-powered National ID Ecosystem.

Our platform is designed to function optimally on asset lite hosting environments and is scalable both horizontally as well as vertically.  Additionally, it is also designed to support HA implementation and can be implemented in a physical DC/DR setup as well as in cloud environments.

Q3. How do your solutions optimize the end user onboarding process?

A. Our solutions are designed to automate two critical facets of the end-user onboarding process:

1) The end-to-end KYC process.

2) The customer’s document execution process.

Enterprises can optimize their processes by implementing Paperless KYC and MOSIP-based e-Sign process to enable digital acquisition and secure execution of any document in a completely digital and Paperless mode.

In addition to more accurate and efficient, the Paperless KYC and Paperless e-Sign processes result in a significant reduction in the end-user onboarding costs.

Q4. How do you support the acquisition of end-users who are not enrolled in our National ID project?

A. ECS’s KYC Engine is designed to support the online KYC process (KYC data is fetched from the National ID ecosystem after validation of the end-user).

Furthermore, our KYC Engine also supports the process of capturing the images of the original Officially Valid Documents (OVDs) and process the KYC of the end-user without the need to capture the paper-based documents. This process of using other OVDs is however subject to regulatory approval.

Q5. Do your solutions enable Paperless onboarding?

A. Yes. Our National ID-based KYC Engine seamlessly supports Paperless onboarding and paperless KYC of the end users.

Q6. What are the modes of end user authentication offered by your solutions?

A. Our National ID based KYC engine supports the authentication of end users through Fingerprint biometrics, IRIS Biometrics, Face Biometrics as well as OTP. Our engine is integrated with all the leading biometric devices approved by MOSIP / National ID ecosystem.

Q7. Do your solutions mandate any specific biometric or IRIS devices?

A. No. Our platform is device agnostic in nature and is integrated with all the leading biometric devices approved by MOSIP / National ID ecosystem. Enterprises using our solution are free to choose any of the approved device vendors of their own choice.

Q8. What are the various interfaces that your solutions support?

A. Our Paperless KYC and e-Sign Engine is designed to support both mobile (iOS as well as Android) as well as web-based interfaces (supports all leading browsers).

Additionally, our solution can be easily integrated with diverse native thick-client applications.

Q9. How do you ensure data security and user privacy?

A. To ensure optimal data security, all our solutions are strictly implemented under an ‘On-premises’ model in the DC/DR/cloud environment of the client.

Furthermore, the KYC data fetched by our platform from the National ID ecosystem is purged from the database of this application after the same is successfully uploaded to the internal core applications of the client. All the entry points to our platform are secured using PKI security (RSA2048 bit encryption) and in addition to this, the users using these entry points (to invoke our KYC & e-Sign Engine) are subjected to multi-level authentication.

Q10. Are your solutions HA compatible? Can you tell us more about your solutions’ interoperability functionalities? 

A. Our platform architecture is designed to support full HA as well as partial HA and the instances of our solution can be deployed under active-active/active-passive mode to ensure complete failover between the DC and DR setup.

Summing Up

Today’s digital-first world warrants the right digital identity solutions that can help create a more inclusive global society.

By offering secure and accurate means of identifying individuals, digital identity solutions such as the ones offered by ECS pave the way for better access to essential services like healthcare, banking, and education, regardless of geographic or socioeconomic barriers.

At ECS, we strongly believe that it is not just about citizen identification, but about building the very foundation for a global society that values every individual’s identity and rights. To learn more about our MOSIP-integrated, ready-to-deploy national ID solutions, feel free to reach our colleague Amit Joshi on 9820875525 / 7208155528 or email him at amit@eastcs.com.  

Important Announcement: UIDAI Slashes e-KYC License Fees!

In a much-appreciated move, the Unique Identification Authority of India (UIDAI) has announced a significant reduction of e-KYC authentication license fees for AUAs and KUAs w.e.f. 1st July 2023.

Currently, UIDAI charges AUAs/KUAs a flat license fee of 20 lakhs for 2 years. This is all set to change as UIDAI has now aligned the license fees to the actual number of e-KYC transactions processed by an AUA/KUA.

As per the new regime, the revised license fees will be calculated as follows:

1) For AUAs/ KUAs processing Up to 5 Lakh transactions per year: License fees of Rs. 5 lakh for 2 years.

2) For AUAs/ KUAs processing between 5 lakh – 20 Lakh transactions per year: License fees of Rs. 10 Lakhs for 2 years.

3) For AUAs/ KUAs processing Above 20 Lakh transactions per year: License fees of Rs. 20 Lakhs for 2 years.

Additionally, this notification also enlists some other important points which are as mentioned below

A. Newly onboarded AUAs/KUAs will be granted free access to their pre-production environment for the first three months, provided such AUAs/KUAs move to the production stage within the prescribed time frame.

B. If the entity fails to move into production within three months of the grant of free access to the pre-production environment, it will have to pay a pre-production license fee of Rs. 5 Lakhs which will be valid for a period of 3 months.

C. Entities will be on-boarded based on the transaction estimates provided by them and the license fee shall be charged as per the applicable slab. At the time of renewal of the license if the entity is found to have processed a higher number of transactions, then the differential amount (i.e., the difference between the applicable license fee and the license fee levied initially) will be charged along with an interest of 18% per annum.

D. If the entity has processed a lesser number of transactions compared to the initially submitted transaction estimates no benefit of the lower slab will be extended.

As India’s leading Aadhaar-based Digital Identity Solutions company, at ECS we wouldn’t have been more happier about these new announcements. We are confident that this announcement will provide a significant boost to organisations looking to integrate e-KYC processes to streamline their customer onboarding experience.

Feel free to reach our colleague Amit Joshi on 9820875525 / 7208155528 or email him at amit@eastcs.com if you have any questions or if you’d like to learn how ECS can help you in your e-KYC journey.

Anchor Image Credit: https://www.freepik.com/free-photo/fingerprint-scanner-transparent-screen_12187421.htm?query=Biometric#from_view=detail_alsolike

New Development: Indian Govt. To Allow Aadhaar Authentication By Private Entities

Aadhar Authentication

In a welcome move, on Thursday 20th April 2023, the Ministry of Electronics and Information Technology (MeitY) has proposed to amend the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020.

To this date, only government ministries, departments, and regulated entities like banks and telecom companies were allowed to perform Aadhaar authentication if they were fully compliant with UIDAI’s 2019 amendment to the Aadhaar Act, 2016 (Targeted Delivery of Financial and Other Subsidies, Benefits and Services).

With an intent to enhance the adoption of the Aadhaar authentication ecosystem, MeitY has released a draft amendment that will now allow even private entities to facilitate Aadhaar authentication to promote ease of living and enable better access to public services.

To get the government’s approval for Aadhaar authentication, private entities will have to submit a proposal justifying how their Aadhar authentication service can enhance good governance, prevent the leakage of public funds, and foster innovation.

For areas that fall under the purview of the Central Government, private entities will have to submit their proposals to the central ministry governing their operations. For subjects that are managed by State Governments, private entities have to submit their proposals to the concerned ministry / department of the respective State Government.

The government has urged the public to submit their feedback/comments to the proposed amendment before 5th May 2023 through the MyGov website.

As India’s leading Aadhaar-based Digital Identity and KYC Solutions provider, at ECS we are confident that this new development holds the potential to completely transform the current Aadhaar ecosystem and usher in a new chapter in Digital India’s growth story.

Please feel free to get in touch with our colleague Amit Joshi on 9820875525 / 7208155528 or email him at amit@eastcs.com if you need any help in navigating the complex and ever-evolving Aadhaar authentication landscape in India.

Image credit: https://www.freepik.com/free-photo/senior-woman-using-her-phone-park_15440989.htm#query=rawpixel%20authentication&position=19&from_view=search&track=aishttps://www.freepik.com/free-photo/senior-woman-using-her-phone-park_15440989.htm#query=rawpixel%20authentication&position=19&from_view=search&track=ais

The Next Chapter In Securing Aadhaar Authentication Transactions

Aadhaar-based fingerprint authentication

As technology advances, malicious threat actors also adapt and refine their tactics, becoming more sophisticated each day. The case is no different with India’s homegrown Aadhaar ecosystem that has completely redefined the concept of “financial inclusivity” with its unparalleled Aadhaar Enabled Payment System (AEPS) that facilitates instant direct beneficiary transfer (DBT). 

In March last year, the Unique Identification Authority of India (UIDAI) had informed the Indian Parliament that it had recorded an unprecedented rise in attempted, unauthorized Aadhaar biometric-based financial transactions.

As per the statics presented by UIDAI, around 13,864 fraudulent transactions amounting to around ₹10 crore were reported between 2019 and 2022.

To thwart such malicious attempts, on 27th Feb 2023 UIDAI rolled out a new Artificial Intelligence (AI) and Machine Learning (ML)-based mechanism for Aadhaar-based fingerprint authentication and faster detection of spoofing attempts.

As per UIDAI, this indigenously developed security mechanism uses a combination of both finger minutia and finger image to check the liveness of the fingerprint captured  by Regulated Entities (RE)s like AUAs and Sub-AUAs, thereby facilitating a dual-level authentication of the captured fingerprint.

To appreciate the importance of this new security mechanism, let’s first understand how fraudsters spoof fingerprint authentications.

Spoofing Mechanism Used By Fraudsters

As a conventional practice the ‘Optical Sensors’ embedded in a majority of biometric devices capture either the finger minutia or the finger image of the presented finger in isolation for processing the transaction.

Realising this limitation, fraudulent operators predominantly relied on using ‘Gummy Finger’ technique to bypass the security of Biometric Devices.

Instances where fraudsters were creating ‘Artificial Fingers’  from a real fingerprint image by using  materials like Free Moulding Plastic and Gelatine Sheets were extensively reported by UIDAI. Such artificial fingers were extensively used to process unauthorized fraudulent transactions.

To plug this loophole UIDAI has now introduced a mechanism to capture a combination of both finger minutia and finger image to check the liveness of the fingerprint captured. This optimization is slated to make Aadhaar authentication transactions even more robust and secure.

As India’s leading Aadhaar-based e-KYC Solutions Company, we have been closely working with UIDAI for testing this new security module and are happy to inform you we have already implemented this for some of our key clients.  

Implementation Modalities

REs need to follow the following steps to implement this new feature:

  • Obtain a new license key from UIDAI to support FIR + FMR Transactions (UIDAI has started to mandate usage of FIR + FMR)
  • Implement the new KEY in the KUA Stack
  • Incorporate the necessary changes in the request sent to RD Service and UIDAI for processing of eKYC, Bio Auth transactions.

Feel free to get in touch with our colleague Amit Joshi on 9820875525 or 7208155528 or email him at amit@eastcs.com if you have any queries, or want to know how ECS can help your organisation to implement this new security feature.  

Credits: Anchor Image: https://www.freepik.com/free-photo/biometric-technology-background-with-fingerprint-scanning-system-virtual-screen-digital-remix_15606690.htm#query=virtual%20fingerprint&position=0&from_view=search&track=ais

Decoding RBI’s Latest Amendment On Permitting Regulated Entities To Subscribe To e-KYC Service

The Reserve Bank of India (RBI) and Unique Identification Authority of India (UIDAI) have been consistently working to improve the uptake and usability of  India’s Aadhaar-based e-KYC ecosystem.

Recently, on 13th September 2021, RBI released a circular stating that all RBI-governed entities, such as NBFCs, Payment System Providers, and Payment System Participants, can now apply for their own AUA / KUA license to use Aadhaar’s e-KYC and Aadhaar Authentication services of UIDAI.

(more…)

Implications of RBI’s latest amendments to Master Directions on KYC

On 10th May this year, the Reserve Bank of India (RBI) amended the Master Directions (MD) on KYC to expand the scope and usage of Video-based Customer Identification Process (V-CIP).

These amendments are a welcome move as they effectively eliminate the various ambiguities associated with the implementation of a V-CIP solution.

(more…)

ECS Helps NeSL Digitise and Execute Non-registrable Contracts and Agreements in Tamil Nadu

Continuing its winning streak of developing world-class digital platforms that facilitate ‘Ease of Doing Business’ and enhance the lives of discerning Indian citizens, ECS recently helped National E-Governance Services Ltd. (NeSL) – a Union Government Company, to develop a fully-digital platform to enable paperless execution of non-registrable agreements and digital payment of Stamp Duty in the the state of Tamil Nadu.

(more…)

New Development: IRDAI To Permit Insurance Companies To Use Video KYC Soon

Earlier this year, the Reserve Bank of India (RBI) had permitted banks and financial institutions to deploy Video Customer Identification Process (V-CIP) to digitally onboard new customers.

(more…)

Contactless Customer Acquisition: The “New Normal” In The Post-COVID19 World

As social distancing becomes the new norm amidst the raging Coronavirus (COVID-19) pandemic, organisations across the globe are focusing on contactless technologies to reduce in-person meetings with their customers.

(more…)