RBI Proposes Tighter Norms For Aadhaar-Enabled Payment System Operators To Curb Frauds

The Reserve Bank of India (RBI) is pulling out all stops to combat the rising incidents of frauds and has now proposed tighter norms related to the onboarding process of Aadhaar-enabled touchpoint operators. 

The central bank has streamlined the guidelines and released a draft version of it.

As part of the move, banks are mandated to carry out due diligence on all Aadhaar-enabled Payment System (AePS) touchpoint operators that are being onboarded by them. 

This due diligence is as per the customer due diligence procedure laid out in RBI’s master directions on KYC since 2016.

Besides this, the banks will also carry out an update of KYC in cases where the AePS touchpoint operator failed to perform any financial transactions in the six months at length. 

Not to mention, the acquiring bank has to monitor all activities of AePS touchpoint operators regularly besides setting operational parameters. Notably, respective transaction limits will also be set for AePS touchpoint operators in accordance with their risk profiles. 

It is pertinent to note that the draft guidelines are open to comments and feedback from industry participants till August 31.

This development follows RBI Governor Shaktikanta Das’s statement last month outlining that the regulator would enhance the robustness of AePS. 

AePS is a bank-led model which allows online interoperable financial inclusion transactions at PoS (MicroATM) through the Business correspondent of any bank using the Aadhaar authentication. 

AePS enables different types of transactions including cash deposit and withdrawal, balance enquiry and mini statement, Aadhaar to Aadhaar fund transfer, eKYC, tokenization and aadhaar seeding status, among others. 

Notably, inputs like bank name, aadhaar number and biometrics captured during enrolment are the only inputs required to make a transaction under AePS.

Signzy’s cofounder and CEO Ankit Ratan said, “This initiative aims to bolster customer trust and ensure the safety of transactions, particularly in rural areas where digital literacy may be lower.”

“By implementing ongoing due diligence and monitoring, along with tailored transaction limits based on risk profiles, the RBI is proactively addressing potential fraud risks. Additionally, the RBI has emphasized the importance of robust cybersecurity measures and effective management of third-party risks, urging banks to combat digital fraud and raise customer awareness.”

Earlier, the Reserve Bank of India (RBI) in its annual report for the fiscal year ended March 2024 outlined that the number of online frauds in the country surged 334% year-on-year (YoY) to 29,082 in the financial year 2023-24 (FY24) as against 6,699 in FY23.

This comes at the heart of RBI as well as the government taking proactive steps to crack the whip on online frauds. In April, the Centre held deliberations with fintech startups and law enforcement agencies to collaborate and address challenges related to digital financial fraud.

In the same month, it was reported that the Ministry of Home Affairs was working with SBI and some telcos to develop a solution to alert about stolen one-time passwords (OTP) to combat phishing attacks.

In February, markets regulator SEBI also issued an advisory that alerted investors against practices employed by fraudulent trading platforms to lure customers such as online courses, seminars and mentorship programmes.

Additionally, the RBI was also said to be planning to set up the Digital India Trust Agency to check illegal lending apps, earlier this year.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.