Skip to main content

Aadhaar : The Identity Proof which remains the 'Rule of thumb' in India

With Aadhaar gaining prominence as an identity in every aspect of our lives today, we shall in this blog discuss about Aadhaar, its use and relevance for businesses in the identity verification process. We shall also briefly touch upon the Aadhaar Ecosystem and the prominent methods of Aadhaar authentication.


Originally introduced to help mitigate fraud and to help ensure the right persons were entitled to the benefits from the social welfare programmes, Aadhaar - India’s national digital biometric identity is intrinsically linked to our everyday lives. It serves as a cross-functional proof of identity and proof of address across India.

The 12 digit unique Aadhaar number can be obtained voluntarily by residents or passport holders of India based on their biometric and demographic data. It is devoid of any intelligence and does not profile the Aadhaar number holder based on caste, religion, income, health and geography and does not confer any right of citizenship or domicile.

The Unique Identity (UID) is linked to their demographic (name, address, date of birth and gender) and biometric (photograph, 10 fingerprints and two iris scans) information, stored in centralised databases. A card is issued to enrolees, and the identification number, together with a means for authentication (biometric or mobile-linked), forms the basis for identification. The database ensures that there are no duplicates in the identity by validating below parameters:

Aadhaar Authentication

The purpose of Authentication is to enable an online identity platform for residents to validate their identity proof instantly anytime, anywhere. For authenticating the Aadhaar number, the UIDAI created a system under which an agency or company must be recognised as an Authentication User Agency (AUA). AUAs authenticate Aadhaar by submitting a person’s Aadhaar number, demographic and biometric information to Central Identities Data Repository (CIDR) and in turn receive a “Yes” or “No” response on whether there is a match to establish if the person is who he or she claims to be and to confirm the correctness of the data. A registered Authentication Service Agency (ASA) such as Digio operates as the digital intermediary in this process.

Understanding the Aadhaar Authentication Ecosystem

The need for Aadhaar authentication

Aadhaar serves as a Multipurpose National Identity Card and is a strategic plan developed to improve and to promote a hassle-free means of providing online facility. There are several public and private organizations in the ecosystem which are required to validate the user in order to perform their day to day functions. With the availability of several other identity proofs, it becomes cumbersome for entities to carry out the identity verification of every kind of document with full accuracy. It is also easier for the user / individual to furnish a standardised and consistent identity proof for any legal or official validation.

The Digital Aadhaar Boon

Today with the help of technology, businesses have been able to enhance their growth agenda by enabling better service, quicker, more effective and more accurate user friendly on-boarding for customers through automation. Aadhaar has grown to encompass many parts of our everyday lives - such as bank account opening, quick loan disbursement, payments, activating a mobile number, buying LPG, verifying electoral rolls, filing IT returns, etc. In the digital world, re-imaging a KYC process without Aadhaar would be challenging.

Aadhaar has made various government schemes and processes more efficient and effective. It also helps ensure better administration of human resources by monitoring employees' attendance through an Aadhaar based biometric authentication device. It also improves the turn-around time for hiring by enabling the hiring manager to evaluate the candidate’s credentials quickly while the HR is rest assured of one’s reputation and criminal background. Aadhaar eKYC can also be used to monitor and manage visitors at offices/home and carry out instant identity checks.

The Aadhaar authentication comes with many benefits which could otherwise not be achieved through offline means are as follows:
  • Simplified and streamlined process flows,
  • Restricting fake, duplicate and ghost records through database deduplication,
  • Ensuring last-mile delivery in the direct benefit transfer process by plugging leakages,
  • Digitizing the Know Your Customer (KYC) process
  • Reduces stack of documents and paperwork
  • Enabling instant verification of customers,
  • Facilitating online interoperable financial transactions at PoS (Point-of-Sale / microATM)Apart from easing the process, 
Aadhaar has also contributed to several quantitative business metrics such as reduced operational costs, shorter customer onboarding time, increase in savings, etc.

Prominent Aadhaar Based Services

Generic KYC onboarding flow

Most onboarding processes today incorporate a few minimal steps for quick, hassle free and user friendly customer experience. Here is a generic eKYC based onboarding flow implemented at Digio which has helped 500+ businesses including corporates, banks, NBFCs and stock broking entities, etc

Non- Assisted Journey

Assisted Journey



Aadhaar eKYC is the digital KYC process facilitated by the Unique Identification Authority of India (UIDAI). This online eKYC is conducted either via biometrics authentication or an OTP validation and offline methods make use of XML files and QR codes. An OTP is sent to the customer’s Aadhaar-registered mobile number or the customer’s fingerprints and retina are scanned and compared with the biometric data recorded in the UIDAI database.

eKYC enables instant and secure paperless governance through a simple, cost efficient verification process. The service is made inclusive and accessible across public and private organizations.


DigiLocker is a unified document wallet created for citizens to store and retrieve authentic documents in Digital format. It was launched as part of the Digital India Programme for Paperless Governance. The digital locker system consists of a repository where the documents are uploaded in a standard format for real-time secure access. It also has an access gateway that controls and secures the online mechanism, the gateway will identify the stored document based on a unique reference number called URI to fetch the document from the repository.
Users can sign up for services by linking their Aadhaar cards and can upload documents in a digital locker. 

DigiLocker provides an account in the cloud with a storage upto 1GB storage space to every Aadhaar holder to access authentic documents/certificates. Prominent documents that are widely stored and fetched from Digilocker include eAadhaar, digital driving licenses & vehicle registrations certificates, ePAN, Std X & XII mark sheets and certificates, LPG subscription vouchers, skill certificates issued by NSDC, Provident fund UAN number, etc. The Passport Seva Kendra has also integrated with DigiLocker for digital verification of identity and address proof and does not mandate the passport applicant to submit hard copies of any identity documents. SEBI has also considered Digilocker based Aadhaar document as an OVD. Hence, a SEBI regulated entity is not required to carry out video based KYC if Digilocker is opted.

Offline Paperless eKYC (Offline Aadhaar Based XML)

Aadhaar offline XML is a secure shareable document which can be used by any Aadhaar number holder for offline verification of Identification. This file can be generated digitally by accessing the UIDAI resident portal. The user will need to authenticate his Aadhaar details by an OTP validation. Upon successful authentication, the user’s Name, Address, Photo, Gender, DOB, hash of registered Mobile Number, hash of registered Email Address and reference id which contains last 4 digits of Aadhaar Number followed by timestamp can be obtained in a digitally signed XML.

Comparing the different Aadhaar solutions


Aadhaar eKYC

Aadhaar XML OKYC





Digilocker is an initiative of Ministry of Electronics & IT (MeitY) 


The customer provides his/ her Aadhaar number along with exclusive consent to use their Aadhaar data to the service provider.

Once received, the service provider can use the API to send the 12 digit Aadhaar number to UIDAI which then responds back with demographic information connected to the Aadhaar number.

Offline eKYC is performed either via XML or QR code. In the case of Aadhaar XML, the customer downloads an XML file with his or her demographic information. This file is readable by KYC verification service providers. Offline eKYC can also be conducted by scanning the QR code on the customer’s Aadhaar card.

Aadhaar authentication is carried out on the access gateway, where the user enters his/ her 12 digit aadhaar number, and provides consent along with OTP received on the registered mobile number.  The user has to allow digilocker to pull data from the UIDAI website through the authentication. 

Who are eligible 

License required  from UIDAI that allows them access to eKYC API. Currently, banks, NBFCs and telecom providers are permitted to procure the license. Private entities are not eligible. 

These methods of eKYC can be used by all businesses including private entities. 

Both Private and public organization can access digilocker


Instant response upon authentication as eKYC directly interacts with UIDAI database. 

Individual needs to download the XML file in a password protected format and share it with the service provider who will then validate the same

Instant response upon authentication 

Details included

Name, address, date of birth, gender, the resident’s mobile number and email address

Name, Address, Photo

Download reference number, D.O.B/Y.O.B, Gender, Mobile Number (hashed format), Email (hashed format)

Name, address, date of birth, gender, photohash

Additional compliances

Required to Set up a secure Aadhaar data vault for storage of data. Need HSM for encryption of the data acquired on-premise



Ease of Transaction from customer point of view

Ease of go-live 


The role of Central KYC registry (CKYCR) and KYC Registration Agencies (KRAs) in helping regulated entities complete the KYC process

Any regulatory requirement, entities are required to comply with the CKYCR and KRA provisions as defined by the respective regulatory bodies (RBI, in India. The individual’s KYC data that is validated during the onboarding process needs to be submitted to the central registries which are CKYCR and KRA in India. These registries do not store in-person verified KYC information on individual systems. The existence of these central databases eases the verification process for service providers.

CKYC was initiated to bring all KYC in the financial sector under a single umbrella. CKYCR is governed by Central Registry of Securitisation, Asset Reconstruction and Security Interest of India (CERSAI) and is a comprehensive database that verifies and stores customer KYC information. It generated a unique 14 digit number linked to the ID proof which can be used by the individual for all future references. On the other hand, KRA holds PAN as the unique identifier. In India, there are 5 KYC Registration agencies, namely, CVL, NDML, Karvy, CAMS, and DOTEX.An individual’s KYC can be searched and verified using his/ her PAN number in the KRA database.

Instant identity verifications can help establish trust in the onboarding process. Today with the advancement of technology and secured Aadhaar based solutions, digitization comes with high quality, quick, accurate check/ response results to help prevent fraudulent activities and ghost identities and simultaneously offer superior customer experience. DIGIKYC aids in taking informed decisions on the go - anytime, anywhere and ensures a secure and smooth on-boarding experience. To know more, feel free to write to us at or