The Reserve Bank of India (RBI) has introduced new guidelines aimed at fortifying the security of the Aadhaar Enabled Payment System (AePS). These guidelines, issued through a draft circular on July 31, 2024, outline the due diligence required by banks to verify AePS touchpoint operators, alongside proposing new methods for digital payment authentication.
In recent times, AePS has become a target for fraudsters, primarily due to identity theft and the compromise of customer credentials. This necessitated a robust framework to enhance the security of AePS transactions and protect users, especially in rural and semi-urban areas where these services are predominantly used.
Understanding AePS And AePS Touchpoint Operators
According to the RBI, the Aadhaar Enabled Payment System is a Payment System in which transactions are enabled through Aadhaar number and biometrics or OTP authentication. AePS enables basic banking services, viz., cash withdrawal, balance enquiry, mini statement, cash deposit, fund transfer, etc.
AePS touchpoint operators play a crucial role in providing essential banking services in rural and semi-urban regions. These operators facilitate transactions such as withdrawals and fund transfers using an Aadhaar number and biometric authentication. However, the increasing incidents of fraud have highlighted the need for stringent measures to ensure the integrity of these services.
New RBI Guidelines On Due Diligence For AePS Operators
The RBI’s draft circular introduces several key proposals aimed at streamlining the onboarding and monitoring processes for AePS touchpoint operators:
Onboarding Process
- Single Acquiring Bank: Each AePS touchpoint operator can only be onboarded by one acquiring bank. This measure is intended to simplify the oversight and ensure accountability.
- KYC Update: Operators who have not performed any financial transactions for six months will need to undergo a KYC (Know Your Customer) update before resuming operations. This ensures that only active and verified operators are facilitating transactions.
Ongoing Monitoring
- Due Diligence by Banks: Banks must carry out ongoing due diligence for all AePS touchpoint operators they onboard. This includes regular updates and verifications to prevent fraud.
- Transaction Limits: Transaction limits will be set based on the risk profile of each operator, ensuring that their activities align with their operational scope and risk assessment.
- Location Consistency: Transactions conducted by AePS touchpoint operators must be consistent with their declared location of operation and their risk profile. This measure aims to detect and prevent suspicious activities.
The RBI has invited public comments on these draft guidelines until August 31, 2024. Following this consultation period, banks and the National Payments Corporation of India (NPCI) will have three months to comply with the new directions from the date of issue.
These new guidelines by the RBI are a strategic move to enhance the security of digital payments in India, particularly in rural and semi-urban areas. By tightening KYC norms and ensuring rigorous due diligence, the RBI aims to prevent fraud and protect users.
Services (including Banking) Offered by AePS
- Cash Deposit
- Cash Withdrawal
- Balance Enquiry
- Mini Statement
- Aadhaar to Aadhaar Fund Transfer
- Authentication
- BHIM Aadhaar Pay
- eKYC
- Best Finger Detection
- Demo Auth
- Tokenization
- Aadhaar Seeding Status
Benefits Of The New AePS Guidelines
The new guidelines by the RBI are set to bring several benefits to the AePS framework and its users:
Enhanced Transactional Security
With stringent KYC norms and continuous due diligence, the security of AePS transactions will be significantly enhanced. This will help in reducing the risk of fraud and identity theft, providing users with greater confidence in using digital payment systems.
Increased Trust in Digital Payments
By ensuring that AePS touchpoint operators are thoroughly vetted and monitored, the RBI aims to build trust in digital payments, particularly among users in rural and semi-urban areas. This trust is crucial for the continued adoption and growth of digital financial services in these regions.
Streamlined Operations
The proposal to have each AePS touchpoint operator onboarded by only one acquiring bank will streamline operations and make it easier for banks to monitor and manage their agents. This simplification can lead to more efficient service delivery and better customer experience.
Financial Inclusion
AePS has been a key driver of financial inclusion in India, enabling access to banking services for people in remote areas. The new guidelines will ensure that this system remains robust and secure, continuing to serve its purpose of bringing more people into the formal financial sector.
FAQs
According to the RBI, an acquiring bank is the bank which onboards the AePS touchpoint operators.
According to the RBI, an AePS Touchpoint is the terminal deployed by acquirer banks to facilitate AePS transactions, using Aadhaar based biometric / OTP authentication.
As per the RBI, an AePS Touchpoint Operator is the agent onboarded by the acquiring bank who operates the AePS touchpoint.
According to the RBI, Banks and NPCI shall ensure compliance to these directions within three months from the date of issue.
A bank should apply due diligence when onboarding new AePS Touchpoint Operators and periodically update KYC for operators who have been inactive for six months.
The three key components of KYC (Know Your Customer) are:
- Customer Identification: Verifying the identity of the customer through documents such as passports, driver’s licenses, and utility bills.
- Customer Due Diligence (CDD): Assessing the customer’s risk profile by gathering and evaluating information on their financial background and business activities.
- Ongoing Monitoring: Continuously monitoring customer transactions and activities to detect and prevent suspicious behavior or financial crimes.
KYC (Know Your Customer) involves verifying a customer’s identity through documents to confirm they are who they claim to be.
Due Diligence goes beyond basic identification, involving a deeper investigation into a customer’s financial background, business activities, and risk profile to prevent financial crimes and ensure regulatory compliance.