Banks in India can now employ facial recognition and iris scanning for transactions: Rpts

In an effort to curb fraud, the Indian government is enabling banks to use face recognition and, in certain circumstances, an iris scan to authenticate individual transactions that surpass a particular yearly limit.

According to three sources, the Indian government is enabling banks to authenticate individual transactions that surpass a particular yearly limit using face recognition and, in certain circumstances, an iris scan in an effort to curb fraud and tax evasion.

According to one of the individuals, a banker who declined to be identified, a few significant private and public institutions have begun to use the option. The verification advisory is not public and has not before been publicised.

The verification is optional and is meant for situations in which another government identity card, the Permanent Account Number (PAN) card, is not shared with banks. Some privacy experts are concerned about the possibility of banks utilising face recognition.

“This poses significant privacy issues, especially given India’s absence of a specific privacy, cybersecurity, and face recognition law,” said Pavan Duggal, an advocate and cyber law specialist. The administration has stated that it hopes to have a new privacy legislation approved by parliament by early 2023.

The new measures can be used to verify the identities of individuals making deposits and withdrawals totaling more than 2 million rupees ($24,478.61) in a fiscal year, where the Aadhaar identity card is shared as proof of identity, according to two government officials who asked not to be identified because the information is not public.

V The Aadhaar card has a unique number that is linked to a person’s fingerprints, face, and eye scan.

In December, India’s finance ministry directed banks to take “necessary action” in response to a letter from the Unique Identification Authority of India (UIDAI) recommending that verification be done through facial recognition and iris scanning, particularly when fingerprint authentication of an individual fails.

The UIDAI letter, which is in charge of Aadhaar card issuance, makes no mention of a consent framework for the verification. It also does not state that banks can take action if a consumer declines.

In response to Reuters’ questions, a UIDAI official stated that Aadhaar verification and authentication take place only with the user’s explicit authorization. He claims that using Aadhaar-based biometric authentication protects against potential abuse.

“UIDAI urges all authentication and verification organisations on a regular basis to deploy face or iris authentications to accommodate citizens whose fingerprint authentication fails.” He went on to say that authentication and verification do not imply data storage.

The recent recommendation follows a government regulation issued last year requiring the use of an Aadhaar card or PAN number for making deposits or withdrawals in excess of 2 million rupees in a fiscal year. Requests for comment were not returned by the federal finance ministry.