Saturday, March 10, 2018

Aadhaar - Biometric Mismatch

Last week I found myself in a bit of a fix while trying to book a ride back home late at night.
Standing on a lonely roadside waiting for a confirmation on my Uber ride, I found that I no money to pay for it - there was no cash in my pocket, and my e-wallet account balance was below the minimum INR 350.

My account with Uber is linked to PayTM, a popular e-wallet platform in India. Uber gave me two options for topping up - through my credit-card or directly through PayTM. The latter had been an easier process but this hit a wall with the message which said that my account was not yet KYC compliant.

Know Your Customer (KYC) is now compulsary for all e-wallet accounts as per the new rules set by the central bank. Introduced with the objective of reducing misuse and money-laundering, KYC requires submission of id proof -  details of Passport, Tax PAN or the Adhaar universial id number.  I was under the impression that Adhaar was the fastest way of fulfilling KYC norms. I had done it earlier for my bank accounts and for a JIO mobile connection. It had taken just a few minutes to get an online confirmation.

However, the process was quite different for the PayTM. As soon as I sent my 16-digit number, I got a message saying that a PayTM representative come an meet me personally for a confirmation. A confirmation? Why is additional confirmation needed when, according to UIDAI's own procedures, the number could be used to confirm my identity with their central database? Anyway, since there was no hope of completing the KYC standing by the roadside at night, I went back to Uber and transferred some money to my PayTM account using my credit card.

A few days later, and after a series of SMSs, a representative of PayTM's "partner" turned up at my door with portable fingerprint scanner plugged into his mobile phone. He passed me his mobile and told me to type in my Adhaar number. Soon I got a message on my mobile with a code and a URL with the message - "By providing this code to our agent, you agree to become a full KYC customer of PayTM Payments Bank and confirm acceptance." You have no time to check the fine-print so the agent gets his code.

After this, a mouse-like device is used to scan my thumb-prints. One by one, the scanner moves from my thumb, to the pointer and index, until all 10 fingerprints are covered. For each and every scan he gets a message (from where? UIDAI?) saying that all the authentications had failed!

The look of amazement on my face prompted the agent to console me - "Aise hota reha hai...fingerprint badal jaate hei" (This keeps happening, fingerprints change over time). WTF?? I had heard about farm workers losing their fingerprints to hard labour but my fingers were anything but callused, or even unclean!

How can UIDAI authentications fail in urban areas? A quick internet search reveals that mine is not an isolated case. While authentication failures have been quite common on rural areas - due to incorrectly captured fingerprints, poor internet connectivity or a change in biometric details because of old age or wear and tear - it is now increasingly common in urban areas as well.

The Adhaar UID is no doubt backed by the laws of probablity and complex algorithms but this experience has placed me firmly in the ranks of the Adhaar skeptics. Failing to get an Uber taxi ride due to an Adhaar biometric failure hardly makes a difference to me, but to think that millions depends on this flawed system for their rations is just unexcusable.

Other Unanswered Questions:

* Now that the private sub-contractor to PayTM has all my fingerprints scanned and saved, what are the chances of misuse?


* Scroll on KYC problems -
* How to link PayTM with Adhaar -
* Fingerprint authentication failure -
* Medianama rebuttal to N.Nilekani's claims -