Sugata Ghosh, ET Bureau | Jul 29, 2013
MUMBAI: Will banks
have to spend a fortune to give customers the choice of either putting their finger prints or swiping plastic cards
to withdraw money from ATMs
and pay for purchases?
Not really, says the Unique Identification Authority of India
), the agency that issues the 12-digit Aadhaar numbers and is pushing for biometric authentication
for credit card
transactions. But bankers disagree. Besides the travails and risks of a new technology, upgrading each and every automated teller machine and point of sale terminal at thousands of merchant outlets will not come cheap, they argue.
Indeed, ‘cost’ is emerging as one of the issues in the brewing debate – ‘Aadhaar or plastic cards’. According to a source familiar with the subject, an RBI
-constituted panel has pegged the cost of banks’ readiness for Aadhaar at 4,259 crore compared with 3,556 crore the banking industry has to spend to upgrade machines to match a different technology they think lowers the risk of card frauds.
Aadhaar or cards: UIDAI and banks disagree on use of biometric authentication at ATMs It’s learnt that the UIDAI nominee on the panel is likely to issue a dissent note on the estimates the agency believes is significantly higher than what banks’ migration to Aadhaar would cost.
About a fortnight ago, the findings of the report were shared by Pulak Kumar Sinha, the SBI general manager who heads the panel, at a luncheon meeting with RBI Deputy Governor HR Khan. Other members of the working group were also present at the meeting.
Cost the only point of conflict
According to a UIDAI spokesman, other than cost estimates, there is no other point on which UIDAI or any other member is in disagreement.
Responding to ET’s queries, Ashok Pal Singh, deputy director general, UIDAI, said nowhere does the report suggest that Aadhaar, in its current shape and form, is not recommended for large-scale adoption for the existing card base as an additional factor of authentication.
“If need be, UIDAI will put a dissenting note by way of a disclaimer on the costing…I repeat that on no other point is UIDAI or any other member in disagreement with the rest of the draft report,” he said.
Asked whether the working group has voiced concerns on account of the fact that if Aadhaar of a cardholder is compromised, the cardholder’s identity gets compromised for life, the UIDAI official said the report, which should be in public domain shortly, has not made any such observation.
The Reserve bank spokesperson did not respond to ET’s email query.
UIDAI is of the view that Aadhar-based payment technology can be cost effective and beneficial as it will take electronic payments to the masses. “What is this great upgradation cost we are seized about? The comparison is between cost of deploying a technology that has peaked (chip and pin) versus a technology making its debut (Aadhaar-based biometric authentication) and yet to acquire economies of scale… The number of PoS terminals
in the country is a pittance. A card does not get accepted beyond two dozen major cities. Does anyone seriously believe the aam aadmi will transact with a chip and pin card? Aadhaar uses a light PoS with no inbuilt intelligence as authentication takes place back end and the device is only a communication channel as against a device that must decode and read a chip. Even common sense will defy an assertion that the former will require a heavier and more expensive device,” said Singh.
Some of the credit card heads of banks ET spoke to said there was a distinct possibility that RBI would ask banks to gradually roll out Aadhaar-based biometric authentication as an additional authentication for card transactions. “RBI may not mandate banks immediately, but may nonetheless ask them to upgrade the technology. This is happening at a time banks
are issuing credit and debit cards
that are based on EMV technology
,” said a banker.
In EMV cards, the card and CVC numbers are encrypted. And, unlike the EMV or the conventional magnetic stripe technology where cards have to be swiped, a biometric authentication involves the bank’s ATM or PoS reading the fingerprints and matching them with the fingerprint records aggregated by authorised authentication service agents like VISA, National Payments Cop or Vodafone before the transaction is cleared.