Amid the massive controversy of the alleged Aadhaar data breach, Unique Identification Authority of India (UIDAI) has introduced a new concept, called Virtual ID, which any Aadhaar-card holder can generate from its website. This Virtual ID, instead of the Aadhaar number, can then be used for purposes, including SIM verification, linking to bank account, and more.
As opposed to the 12-digit biometric ID we currently share, Virtual ID will be a random 16-digit number. Essentially, the Virtual ID will be a temporary and revocable 16-digit random number mapped to a person’s Aadhaar number, and the Aadhaar-issuing body will start accepting it from March 1, 2018. And starting June 1, 2018, it will be compulsory for all agencies that undertake authentication to accept the Virtual ID from users.
The UIDAI is instructing all agencies using its authentication and eKYC services to ensure Aadhaar holders can provide the 16-digit Virtual ID instead of Aadhaar number within their application. The authorities have also demarcated that the agencies that do not integrate support for the Virtual ID by the deadline, will face financial disincentives.
Further, users can generate multiple Virtual IDs, in instances of loss of the existing one – much like passwords. And the moment a new ID is generated, the older one gets deactivated. Each virtual ID will also come with an expiry date.
And as a security step, UIDAI says that agencies that undertake authentication would not be allowed to generate the Virtual ID on behalf of Aadhaar holder.
In addition to that, the authority has also introduced the concept of ‘limited KYC’, under which it will only provide need-based or limited details of a user to an authorised agency. So if your Aadhaar has your bank details, your permanent address and PAN card details, and say a telcos needs just the latter two, then Aadhaar will only share that limited information.