The Andhra Pradesh State Cooperative Bank LTD – APCOB
AEPS DATA PRIVACY POLICY
Introduction
The Unique Identification Authority of India (UIDAI) has been established by the Government of India with the mandate to the Authority is to issue a unique identification number (called Aadhaar
or UID) to Indian residents that is robust enough to eliminate duplicate and fake identities, and can be verified and authenticated using biometrics in an easy and cost-effective manner.
The UID has been envisioned as a means for residents to easily and effectively establish their identity, to any agency, anywhere in the country, without having to repeatedly produce identity documentation to agencies.
The UIDAI offers an authentication service that makes it possible for residents to authenticate their identity biometrically through presentation of their fingerprints / iris authentication or non-biometrically using a One Time Password (OTP) sent to the registered mobile phone or e-mail address.
The Andhra Pradesh State Cooperative Bank LTD (APCOB) undertakes user authentications as per the UIDAI guidelines to enable some of its services / business functions. APCOB uses the demographic as well as biometric data in addition to the Aadhaar No/VID of its customers while initiating the account based relationship with its’ customers or while providing account based
services to the customers.
Applicability
The policy will apply to all departments/employees of the bank, which access, process or store Aadhaar number (in masked format ) and any other data received, from the customers or UIDAI in due
course of authentication.
Aadhaar Authentication Services
Aadhaar Authentication is defined as the process wherein, Aadhaar number along with the Aadhaar holder’s personal identity information is submitted to the Central Identities Data Repository
(CIDR) for matching following which the CIDR verifies the correctness thereof based on the match with the Aadhaar holder’s identity information available with it.
The purpose of Authentication is to enable Aadhaar-holders to prove identity and for service providers to confirm the resident’s identity claim in order to supply services and give access to benefits.
To protect resident’s privacy, Aadhaar Authentication service responds only with a “Yes/No” and no Personal Identity Information (PII) is returned as part of the response.
e-KYC Service
UIDAI also offers the e-KYC service, which enables a resident having an Aadhaar number to share their demographic information (i.e. Name, Address, Date of Birth, Gender, Phone & Email) and Photograph with a UIDAI partner organization (called a KYC User Agency –KUA) in an online, secure, auditable manner with the resident’s consent.
The consent by the resident can be given via a Biometric authentication or One Time Password (OTP) authentication.
The Bank has entered into a formal agreement with UIDAI in order to access Aadhaar authentication services, and e-KYC services. To protect the Aadhaar beneficiary, the data privacy policy of the Bank is formulated as under.
Data Privacy on Aadhaar and Biometric details
The submission of Aadhaar details by a customer to the Bank is voluntary, and the Bank will not insist on a customer to produce their Aadhaar details for availing any of the services.
In cases where the customer offers Aadhaar number voluntarily to the Bank, the Bank will seek a declaration by the customer towards the same.
For cases where e-KYC verification is required, the Bank will get an explicit consent from the resident for download of resident demographic details from UIDAI mentioning the purpose for which the details are sought.
The consent will be either in the form of an authorization letter or a provision to electronically record the consent in a software application.
Biometric details are required by the Bank to be captured for purposes of authentication, for example to authenticate a customer before permitting transaction through a Micro ATM / any other device, as an AEPS (Aadhaar Enabled Payment System) transaction.
The biometric details whenever captured by the Bank will be used only for data exchange with UIDAI, which validates the captured biometric data against the biometric data maintained in CIDR
(Central Identities Data Repository) against the specific Aadhaar number.
The biometric details whenever captured by the Bank will be used only for data exchange with UIDAI, which validates the captured biometric data against the biometric data maintained in CIDR
(Central Identities Data Repository) against the specific Aadhaar number.
A system log wherever required will be maintained to extract the details in case of disputes. The logs will capture Aadhaar Number (in encrypted format ) , timestamp etc., but will not capture / store
the PID (Person Identity Data) associated with the transaction.
Policy Review and Updates
The Policy shall be reviewed as and when required or at least once in a year, to address the requirements of the Bank and to comply
with guidelines issued by the UIDAI or any applicable regulator or judiciary from time to time.
However, any of the regulatory changes, during the year will be implemented immediately with the approval Board.
Glossary
| KYC | Know Your Customer |
| RBI | Reserve Bank of India |
| AUA | Authentication User Agency |
| ASA | Authentication Service Agency |
| CIDR | Central Identities Data Repository |
| KUA | Know your customer User Agencies |
| NDA | Non-Disclosure Agreement |
| OTP | One Time Password |
| PID | Personal Identity Data |
| STQC | Standard testing and quality control |
| KSA | KYC Service Agency |