No. Just, by knowing your Aadhaar number, no one can harm you. It’s just like any other identity document such as passport, voter ID, PAN card, ration card, driving license, etc., that you have been using freely for decades with service providers. Aadhaar identity, instead, is instantly verifiable and hence more trusted. Also, as per the Aadhaar Act 2016, the Aadhaar card is required to be verified either by in physical or electronic formby way of authentication or offline verification, or in such other form as may be specified. Verification is done through fingerprint, iris scan, OTP authentication, and QR code etc. Hence, it is near impossible to impersonate you if you use Aadhaar to prove your identity. People have been freely giving other identity documents such as passport, voter ID, PAN card, ration card, driving license, etc. But did they stop using these documents for the fear that somebody would use them to impersonate? No! They continue using them and if any fraud happens, the law enforcement agencies handle them as per law. The same logic will apply to Aadhaar. In fact, Aadhaar is more secure than many other identity documents, because unlike other IDs, Aadhaar is instantly verifiable through biometric and OTP authentication and QR code. Further, under the Aadhaar Act, 2016 stringent penalties, including fines and imprisonment are provided whenever a person misuses your Aadhaar number or tries to cause any harm to you.
Aadhaar authentication can be performed for availing benefits, services and benefits falling under Section 7 of the Aadhaar Act, 2016 and if the purpose for which Aadhaar authentication is intended to be used is either backed by law made by parliament or is in the State interest. The verification of Aadhaar can be done offline through QR code available on the physical Aadhaar copy. If any agency does not follow these best practices, then that agency will be fully responsible for situations or losses arising out of possible misuse or impersonation. An Aadhaar holder is not responsible for the wrongful act of or by any agency.
Under the PML Rules Aadhaar is one of the officially valid documents accepted for opening bank account and the bank is required to do other due diligence for banking transaction or KYC. If at all some fraudster tries to open bank account using Aadhaar and bank doensn’t carry any due diligence then in such case an Aadhaar holder cannot be held responsible for bank’s fault. It is just like if some fraudster opens a bank account by presenting someone else’s Voter card/Ration card, it is the bank that would be held responsible not the voter or ration card holder. Till date no Aadhaar holder has suffered any financial loss on account of such misuse.
Just like by merely knowing your bank account number, one cannot withdraw money from your account, similarly by merely knowing your Aadhaar number, no one can withdraw money from Aadhaar linked bank account. As in bank for withdrawing money, your signature, debit card, PIN, OTP, etc., is required, similarly for withdrawing money from your Aadhaar linked bank account through Aadhaar, your fingerprint, IRIS or OTP sent to your Aadhaar registered mobile will be required. No Aadhaar holder has suffered any financial or other loss or identity theft on account of any said misuse or attempted impersonation of Aadhaar. Notably, everyday more than 3 crore Authentications are carried out on the Aadhaar platform. In the last eight years, so far more than 3,012.5 crore authentications (till 28th May 2019) have been successfully done. UIDAI keeps upgrading and reviewing its security systems and safety mechanisms to make Aadhaar more secure and more useable. There has not been a single instance of biometric data breach from Aadhaar database. Therefore, people should freely use and give Aadhaar to prove their identity as and when required under the provisions of the Aadhaar Act, 2016.
You use PAN card, debit card, credit card, bank cheques wherever required. But do you put these details openly on internet and social media such as Facebook, Twitter, etc.? Obviously no! You do not put such personal details unnecessarily in public domain so that there is no unwarranted invasion attempt on your privacy. The same logic needs to be applied in case of uses of Aadhaar.
You should use your Aadhaar without any hesitation for proving your identity and doing transactions, just like you use your bank account number, PAN card, debit card, credit card, etc., wherever required. What UIDAI has advised is that Aadhaar card should be freely used for proving identity and doing transactions, but should not be put on public platforms like Twitter, Facebook, etc. People give their debit card or credit card details or cheque (which has bank account number) when they purchase goods, or pay school fee, water, electricity, telephone and other utility bills, etc. Similarly, you can freely use your Aadhaar to establish your identity as and when required without any fear. While using Aadhaar, you should do the same level of due diligence as you do in case of other ID cards – not more, not less.
As per the Supreme Court Judgement in the Aadhaar case (494 of 2012), residents are no longer required to mandatorily verify Bank account with Aadhaar. PAN Aadhaar linking is mandatory. A resident can voluntarily use his Aadhaar number in physical or electronic form by way of authentication or offline verification, or in such other form as may be specified by UIDAI. Mandatory Aadhaar authentication can be performed if the purpose is backed by law or it is in State interest. However, for availing subsidies, benefits, services beneficiaries are required to undergo mandatory Aadhaar authentication. when you link your bank account, demat account, mutual fund account, PAN, etc., with Aadhaar, you secure yourself because no one can impersonate you to avail these services. Often the fraudsters carry out transactions and transfer money from someone else’s account to their accounts and go untraced as they generally submit their fake identities to the bank while opening their accounts. They operate bank accounts in fictitious names/companies and run shell companies’ accounts to carry out money laundering or stash black money. Therefore, when all the bank accounts are verified with Aadhaar then it would not be possible for these unscrupulous elements to go untraced and banking as a whole would become more safe and secure as the identity of each bank account holders is established uniquely beyond doubt through eKYC. As of now 96 crore bank accounts out of total 110 crore accounts have been linked to Aadhaar.
At the same time, you also contribute to serve the vital national interests by making the system rid of bogus, fakes and duplicates who could misuse IDs to evade taxes, siphon off public money, etc. Through use of Aadhaar and other process improvements, the Government has been able to weed out more than 6 crore fakes, duplicates and ghosts beneficiaries and save more than Rs. 90,000 crore of public money. Also, ghost and shell entities and companies used to be created for tax evasion, money laundering, terror financing, etc. Verification of identity through Aadhaar has helped curb these practices. Similarly, use of Aadhaar has checked unscrupulous elements that used to resort to impersonation in various examination and tests for college admission and jobs, etc., and thereby denying the genuine candidates of their rightful dues. There are number of other areas where verification of identity through Aadhaar has brought in fairness and transparency in the system.
Mask Aadhaar option allows you to mask your Aadhaar number in your downloaded e-Aadhaar. Masked Aadhaar number implies replacing of first 8 digits of Aadhaar number with some characters like “xxxx-xxxx” while only last 4 digits of the Aadhaar Number are visible.
Resident can download e-Aadhaar by following two ways.
By Using Enrollment Number:Resident can download e-Aadhaar using 28 digit enrolment no. along with Full Name and Pin code. In this download process OTP is received on registered mobile no. Resident can also use TOTP to download e-Aadhaar instead of OTP. TOTP can generated using mAadhaar mobile Application.
By Using Aadhaar No:Resident can download e-Aadhaar by using 12 digits Aadhaar No. along with Full Name and Pin code. In this download process OTP is received on registered mobile no. Resident can also use TOTP to download e-Aadhaar instead of OTP. TOTP can generated using mAadhaar mobile Application.
One Aadhaar profile can be active on only one device at a time. If you create profile on another device by inserting the SIM in another device, the previous profile would become inactive and would be deleted from older device whenever any operation is attempted from that device.
Yes, it is compulsory to have registered Mobile Number.OTP will be shared and auto-filled via registered mobile number in mAadhaar app. In case you’re mobile number is not registered with Aadhaar visit the nearest Aadhaar Enrolment/Update Centre.
A user can add maximum 3 profiles in his device, all having same mobile number registered in their Aadhaar. Auto-fill OTP is valid and hence user cannot add any profiles which are registered with any other mobile number. If members of your family have the same mobile number registered as you in their Aadhaar, you can add their profile in your device.
Application will ask for password as soon as it is opened as the first step. User should enter a password of minimum 8 and maximum 12 characters length. The password should contain at least 1 number, 1 alphabet, 1 special character ( @,#,&,%,*,!,-,(,) ) and 1 alphabet in capital e.g. Sharma@123.
There is no provision to manually enter the OTP anywhere in mAadhaar. This is a security feature. Please do not navigate from application if it is waiting for SMS. Aadhaar will automatically read the OTP once it is received.
Electronic Know your Client or e KYC is the way of resident authentication used by organization like Banks, Aadhaar allows the residents to submit it as an address proof electronically which is valid as a Xerox copy of Aadhaar Card.
This feature is to secure biometric authentication by locking biometrics data of the resident. Biometric remains locked till the Aadhaar Holder chose to either unlock it (which is temporary) or Disable the Locking system.
TOTPs avoid a number of shortcomings that are associated with traditional SMS based OTP. The most important shortcoming that is addressed by TOTPs is that resident will not be dependent on mobile network for SMS delivery. Generating and sending OTP requires users to go through a completely unrelated workflow.
It is an one-time temporary password (OTP), that is generated by an algorithm and valid only for 30 seconds. Because of this time variable characteristic, it is called TOTP.
TOTP is 8 digit long numeric strings.
TOTP is personal to the resident and is uniquely generated every 30 seconds for each resident separately.
With time-based OTP, the TOTP validation server and token generation app(like mAadhaar) use their respective system times to generate OTPs. The TOTP algorithm assumes that the system times are synchronized.
It is a secure sharable document which can be used by any Aadhaar number holder for offline verification of Identification.
A resident desirous of using this facility shall generate his/her digitally signed Aadhaar details by accessing UIDAI resident portal. The details will contain Name, Address, Photo, Gender, DOB, hash of registered Mobile Number, hash of registered Email Address and reference id which contains last 4 digits of Aadhaar Number followed by time stamp in a digitally signed XML. It will provide Offline Aadhaar Verification facility to service providers/Offline Verification Seeking Entity (OVSE) without the need to collect or store Aadhaar number.
Identity verification can simply be accomplished by providing an identity document like PAN card, Passport etc to the service provider. However, all these documents, which may be used for identification can still be forged and faked which may or may not be possible to verify offline instantaneously. The document verifier has no technological means to verify the authenticity of the document or the information it contains and has to trust the document producer. Whereas, the XML file generated by the Aadhaar number holder using Aadhaar Paperless Offline e-KYC is digitally signed document using UIDAI digital signature. Thus, the service provider can verify the demographic contents of the file and certify it to be authentic when doing the offline verification
Enter ‘Aadhaar Number’ or ‘VID’ and mentioned ‘Security Code’ in screen, then click on ‘Send OTP’ or ‘Enter TOTP’. The OTP will be sent to the registered Mobile Number for the given Aadhaar number or VID. TOTP will be available on m-Aadhaar mobile Application of UIDAI. Enter the OTP received/TOTP. Enter a Share Code which be the password for the ZIP file and click on ‘Download’ button
The Zip file containing the digitally signed XML will be downloaded to device wherein the above mentioned steps have been performed.
Any Aadhaar number holder who desires to establish his/her identity to any service provider (OVSE) using digitally signed XML downloaded from UIDAI website can be a user of this service. The service provider should have provisions of providing this Aadhaar Paperless Offline e-KYC at their facility and do the offline verification
Service Providers shall not share, publish or display either Share Code or XML file or its contents with anyone else. Any non-compliance of these actions shall invite actions under Sections 17 and 25 of The Aadhaar (Authentication) Regulation, 2016, Sections 4 and 6 of The Aadhaar (Sharing of Information) Regulation, 2016 and Sections 29(2), 29 (3) and 37 of The Aadhaar Act, 2016.
The process of Aadhaar Offline e-KYC Verification by Service Provider is:
Once service provider obtains the ZIP file, it extracts the XML file using the password (share code) provided by the resident.
The XML file will contain the demographic details such as Name, DOB, Gender and Address. Photo is in base 64 encoded format which can be rendered directly using any utility or plane HTML page. Email Address and Mobile number are hashed.
Service Provider has to collect Email Address and Mobile number from residents and perform below operations in order to validate the hash:
Hashing logic: Sha256(Sha256(Mobile+ShareCode))*number of times of last digit of Aadhaar Number
Example : Mobile number: 9800000002 Aadhaar Number: 123412341234 Share Code: Abc@123 Sha256(Sha256(9800000002+ Abc@123))*4 In case if Aadhaar Number ends with Zero or 1 (123412341230/1) it will be hashed one time. Sha256(Sha256(9800000002+ Abc@123))*1
Hashing Logic: This is a simple SHA256 hash of the email without any salt