Increasing Trust By Protecting Personal Data

[I was a member of the team that created Aadhaar, and continue to stay involved in the creation and evangelisation of the India Stack. As a result, I take part in many conversations around personal identity data. I also believe that users must be able to control their data, and its use.

As a country, we are moving from a world of paper and registers to a new digital, online world. This is the right direction to go. But, issues around the use of personal identity data are beginning to grow, and it is time to consider ways to protect users, and to respect their trust. To this end, I thought that it would be worthwhile to use a simple use case – look at the essence of it, and explore these issues.]

Identity as a source of trust

To buy a SIM card, Ram provides an identity document. The agent copies this document. The telecom company keeps it as proof of KYC compliance. The company also creates a customer record and provides services to the customer. Ram follows a similar process for setting up many different types of relationships. For example, while banking or being employed. 

Trusted identity information, and verification form the basis for setting up these relationships.

Ram may also have to prove his identity while using services. For example, when operating a bank account, or when entering an airport.

A trustworthy verification process allows for smooth access to services and transactions.

Risks

But, Ram risks misuse of his personal data in this process. Let’s look at these risks:

  1. The agent may keep an extra copy of his identity document.
  2. Someone may misuse his document to setup an account in his name without his knowledge.
  3. Someone may misuse his document to take over an existing relationship.
  4. Someone may steal his identity information from the company.
  5. Someone may be able to infer something about him from his behaviour across companies.

Identity theft, data leakage, and surveillance are not new risks, but they have become concerns with digitisation.

Mitigation

But, digital systems also provide better ways to protect Ram, and his data:

  1. Remove the need for an identity at all.
  2. Remove paper copies of the identity document – use a digital version, and protect it.
  3. Alert him on use of his identity
  4. Use different identity documents to prevent linkage.
  5. Strengthen current laws, or make new ones to dissuade bad behaviour.

Types of Data

Any conversation on the use of identity data would be incomplete without looking at the different types of data.

  • Basic Identity attributes of a person. For Example, Name, Address
  • Transaction Data. For example, purchase transactions, banking transactions, phone calls.
  • Data Aggregates – Information based on a collection of data.
  • Behavioural Data – Inferences from transaction data, possibly from different types of transactions.

All conversations around data use, consent, risks, and protection must take into account these different data types.

Interactions as a source of trust

As Ram uses the service, his trust in the reliability of service goes up. At the same time, the service provider trusts Ram more, and may increase various limits, etc.

This is true in other types of relationships as well, employees who stay longer are trusted more.

Aggregated transactions, and behavioural data also increase trust.

Role of consent
In many situations, there is no privacy policy; the user is not informed about the collection of data; and consent is not sought.  In other situations where the user gives consent, it may not be well informed.  Some examples include:

  • Overly broad consent
  • Click accept agreements which are not read
  • Policies that may be modified without notification

The consent process needs to change.  Users must know what to expect from a service provider, and be able to hold them accountable to meet these expectations.

Transparency as a source of trust

Certain services must be transparent to stakeholders and publish data. For instance, a company may publish salaries of top management to gain the trust of shareholders. Similarly, some public service providers may publish list of services delivered with beneficiary details.

Questions

In this context, I would like to frame the following sets of questions:

  1. Trust originates from identity verification, and interactions. Forgery and misrepresentation erode this trust. How do we enable the trust, even in the presence of intermediaries? How do we make this trust bi-directional, so that the user knows more about the company that he / she is dealing with?
  2. Employee records, customer lists, etc. contain identity information. How can companies protect these against theft, leakage and misuse? How can users ensure that their data is not stolen?
  3. How can companies inform users about the use of their personal data use, when asking for consent? How can users verify that the company is not doing anything different?
  4. How can public entities meet transparency requirements while being sensitive about personal data? How can users ensure that their data is not leaked? How can other stakeholders hold the service provider accountable with reduced data?

 

Looking forward to your answers and thoughts in the discussions below.

India Stack: Thoughts on Unleashing the Potential of Digital India

On December 1st 2016, in a much-awaited press conference, Mukesh Ambani, CMD of Reliance Industries, announced that Reliance Jio had crossed 50 million subscribers – a feat it had achieved in a mere 83 days. This made Jio the world’s fastest growing tech company surpassing the likes of Facebook, WhatsApp, and Skype. This astonishing achievement was made possible by the strategy of rolling out e-KYC across all outlets in India, allowing SIM activation in under 5 minutes. 95% of activations were done using e-KYC resulting at a staggering average rate of addition of 6 Lakh subscribers per day. I experienced this first-hand – I went through all required steps of identification, KYC, SIM card application and document signing – all in a couple of minutes, in seamless, paperless, and secure way. I walked out of the Reliance Digital outlet with an elevated sense of excitement, being reassured of the promise of Digital India and the potentially unlimited opportunities as a developer on India Stack.

India Stack as a Platform

Before delving into the nitty-gritties of India Stack (refer to this comprehensive article for an introduction on this topic), it is important to take a step back and understand the platform architecture and the thought process behind the design. Basically, India Stack fits the broad structure of a “platform” because it provides the digital infrastructure to link consumers (a billion plus people) and producers (developers, ISVs, start-ups, enterprises & government). It also provides specifications for service providers to provide complaint services on top of the core APIs, which producers can use to create compelling digital solutions in their own domains. This is illustrated below:

A key manifestation is that the interactions, transactions, and data exchanged in this ecosystem will make India “data rich”, allowing data-driven decision making for scale and inclusion. Nandan explains this in his talk, in detail. This is illustrated below:

Image source: iSpirt

To give another perspective, India Stack has an “hourglass” platform architecture. At the waist of the hourglass is a minimal, simple set of open APIs which allows standardization and easier execution, while adhering to all necessary regulations. Above and below the waist are the ecosystem of services, devices, and applications. Unlike the traditional pipeline structures, this layered, unbundled approach allows for innovations to flourish across the ecosystem – each part can be conceived, experimented, planned, and executed in parallel. Pramod, chief architect of Aadhaar & India Stack explains this in a simple way in his talk about India Stack. Nandan and Viral, in their book, Rebooting India explain how Aadhaar also fits this model. This model is illustrated below:

Image Source: iSpirt

An API platform alone cannot foster change. The “perfect storm” of innovation happens when digital infrastructure is supported by government’s market making policy and favourable regulation. This is what Swati covers as the framework required to foster experimentation and innovation in this excellent thought paper. To this end, the Digital India initiative, launched in July 2015 by the Government of India has a 3-part vision:

  1. Delivering Digital Infrastructure as a Utility to every citizen
  2. Providing governance and services on demand
  3. Digital empowerment of citizens

More details of how this vision is being translated to action is available in this deck from the Department of Electronics and Information Technology or DEITY). Perhaps, I am oversimplifying this massive undertaking, but basically, the Government of India is putting together several schemes under one umbrella, aligning ministries, putting a monitoring committee, setting aside budget for creating broadband infrastructure, enabling universal mobility access, re-engineering government processes using IT, and implementing digital technology-based service delivery across education, healthcare, agriculture, finance, justice, etc. To draw an analogy, a modern, digital expressway is being built as we speak. It is up to developers to meaningfully employ that infrastructure.

What does all this mean to you, as a developer?

Simply put, the conditions are ripe for you to create innovative digital solutions for the entire Indian economic pyramid – for a billion plus people across all domains. Where there were barriers a few years (or months) ago, bridges are being built; thought is meeting action. Disruption is imminent.

To give you a perspective, I have created a couple of aspirational use cases where the potential of India Stack is realized. These are illustrated below:

These use cases illustrate how different parts of the India Stack – like Aadhar authentication, UPI, Digilocker, e-Sign, e-KYC and Consent Architecture can be used to create compelling digital solutions for the common man. These are representative illustrations, but the possibilities are limitless.

What about Economics?

The question that may come immediately to one’s mind is – can we really build innovative, yet economically viable digital solutions for the Indian pyramid? To this end, I draw a lot of inspiration and ideas from CK Prahlad, especially his seminal book – Fortune at the Bottom of the Pyramid. I believe all the ideas are equally applicable in the digital age too.

Let me start by listing several myths around the Indian Pyramid (for the sake of this discussion, I use the term Bottom of Pyramid (BoP) to represent the middle and the bottom of the Indian economic pyramid, which constitutes more than 900M Indians, whose annual household income is less than 10 kakh):

  • The BoP are not our target consumers because with our current cost structures, we cannot profitably compete for that market.
  • The BoP cannot afford and have no use for digital products and services
  • Innovation is for the top of the pyramid. The BoP can use the previous generation of technology
  • The BoP is not important to the long-term viability of business.
  • Developers cannot be excited by the business challenges that have a humanitarian dimension
  • Cheaper technology and services means cheaper quality

 

These myths typically stem from a lack of understanding of behaviours at the BoP. To mention a few facts about BoP:

  • Often pay higher price for some goods and services (especially credit)
  • Cannot afford differentiated products, but readily accept advanced technology
  • Are brand-conscious, price-conscious
  • Have well connected communities (word of mouth)
  • Collectively have purchasing power
  • Are always trying to upgrade from their existing condition

 

The Solution Approach for BoP

Every digital solution must meaningfully tie together Experience, Economics, and Technology. In this post, I want to set the focus on the economics (experience and technology deserve another post). The most important consideration for the BoP is that any digital solution should make technology and experience choices that maximize Price-Performance ratio. To understand this, let’s look at some examples of innovation at the BoP:

  1. The Jaipur prosthetic leg (case study in Prahlad’s book) cost only 40$ while those in the west cost upwards of 8000$. However, the design was meant to address the basic mobility needs (and dignity) of the poor who had lost their limbs – being effective enough to help them do their daily jobs while being highly affordable.
  2. If you walk to any Kiraana store in a village, you wouldn’t see shelves of large-packaged products. Instead, you would see chains of small sachets hanging from the ceiling covering every centimetre of space within the store. You would also notice that many sachets would be from familiar brands – like Clinic Plus (shampoo), Parachute (coconut oil). The innovation from the FMCG companies here (like HUL) lies in packaging, distribution and unit pricing of the products representing popular brands. While the 1-ml sachet may have a higher per-unit cost compared to the 250-ml bottle that you and I buy, it works perfectly well for daily wage worker who cannot afford a full bottle. This model helps FMCG companies be profitable too.

The examples emphasize that cost-effective solutions built for the BoP are no less innovative. The question to ask before we build any digital solution for the BoP is – while being effective at addressing the need in each problem domain, does this have the best price-performance ratio? The solution might entail making specific design choices which are the best given the constraints – for example, may leverage lesser CPU cores (works on cheaper smartphones), may not assume 3G or a smartphone itself (works on USSD with a feature phone). Like in the case of Clinic Plus, the pricing unit could be devised in a way that the BoP can afford and consume the service effectively. Ramappa’s legal advisory “minutes” in the first aspirational use case we saw earlier in the post is a representative example.

Closing notes

  • Thanks to India Stack and the Digital India initiative, developers have an addressable customer base of 1 Billion+. There is tremendous opportunity for volume-based and profitable businesses leveraging digital technology
  • Innovative solutions can help foster universal participation in the digital economy, boost participation in formal sector and help GDP growth thereof.
  • We have a great opportunity for creating meaningful solutions across all domains – Healthcare, Finance, and education to mention a few.
  • We can now take constructive steps to make India cashless, presence-less, and paperless!

What do you think? Please feel free to share your thoughts and ideas.

References

  1. Official media release from Reliance Jio on December 1st
  2. Igniting Hundreds of Experiments – Swati Satpathy
  3. Digital India – Presentation from DeiTY
  4. Understanding the India Stack – by Pramod Varma
  5. Rebooting India – by Nandan Nilekani, Viral Shah (book)
  6. Pipelines, Platforms, and the New Rules of Strategy – HBR
  7. Nandan Nilekani – Keynote Address at Fintech For Next 400M
  8. The Bedrock of Digital India
  9. An alternative view of the future – Nandan Nilekani
  10. Fortune at the Bottom of the Pyramid – CK Prahlad (book)
  11. Presentation by Gopal & Sayan on CK Prahlad’s book

Credits

  1. Online legal services aspirational story– concept credit to Swaroop Karunakara and Satya Vikram
  2. Nikhil (iSpirt) and Sid (Exotel) for helping me with ideas and for feedback.

[Also published on LinkedIn]

India Stack – What, Why, How?

Before delving into each of the APIs, it is important to understand the “Why” aspects of India Stack. The blog entry title “India Stack: Thoughts on unleashing the potential of Digital India”, is the first in the series of blogs to address exactly that. This blog, at a high level, talks about:

The underlying architecture of the India Stack

A couple of illustrated examples of the impact of India Stack on various domains

Some thoughts on building economically viable digital solutions for the bottom of the Indian pyramid

This blog has also has links to key videos and resources to help you get the essence of India Stack.

It is important to understand Aadhar – the foundation of India Stack API was envisioned to be more than just an identity solution. UIDAI has published a fantastic white paper titled “Aadhaar Enabled Service Delivery” (2012), explaining how Aadhaar (unique identity) can solve the problems of service delivery across various sectors and government functions. Efficient service delivery was one of the key tenets in the design of the India Stack.

Two videos, by Sanjay Jain and Pramod Varma respectively give you a great introduction to India Stack:

Connecting India to Grow – Sanjay Jain

Understanding the India Stack – by Pramod Varma

Enhancing the Developer Experience

A world-class developer experience and ecosystem are required to unleash innovation across the developer community. The important aspect to realize is that India Stack represents an Open ecosystem and best served with contributions from the community.

The developer strategy to provide this experience can be summarized into the following streams:

Platform Evangelism & Outreach: To harness the collective creativity of the developer ecosystem, there should be a strong community, both online and offline. This can be fostered through meetups, hackathons, roundtables, AMA sessions, workshops, developer conferences and programs (like Student Ambassador program etc.).

Libraries, Forums and SDKs: To productively leverage a set of APIs, it is important to have a SDKs and libraries available through a popular set of platforms like .NET, Java, Node.js, etc. Additionally, there should be a set of topic-based forums to post queries and get resolutions from community champions. Forums can also be a channel for feedback as well.

Quickstarts, References, Sample Apps and API documentation: Much like popular services like AWS, there needs to be a simple-to-use documentation, representative examples (simple apps which cover a majority of API usage scenarios) and other easy to use code samples (quickstarts).

To this end, OpenForge is a great government initiative to house such collaborative efforts. Today, many such samples and projects are already housed there and developers can use the source control, wiki’s and other resources that are already built in.

Developer Sandboxes: To test out solutions and apps, it is important to provide access to sandboxes which developers can easily use. Cloud-based sandboxes and access credentials will be provided through a closed group of partners. IndiaStack.org has listed several sandboxes for different sets of APIs (eMudra, Khosla labs, etc).

One stop shop – IndiaStack.org: To tie all of these together, a modern, responsive portal is required and IndiaStack.org does just that.

It is important to understand that the developer community involvement is central to this – a constant stream of contributions from the community would make this strategy successful. It is therefore a call to action for the developers to actively engage and contribute to each of the streams above.

 

If you would like to learn more about each of the India Stack APIs, you may go through the following pages:

Aadhaar Authentication: https://indiastack.org/aadhaar/

eKYC: https://indiastack.org/ekyc/

eSign: https://indiastack.org/esign/

Digital Locker: https://indiastack.org/digilocker/

UPI: https://indiastack.org/upi/

Bridging India’s financial divide – How startups can leverage India Stack’s limitless possibilities

 

Potential Vs. Action

Aadhaar, e-KYC, UPI and Digilocker are buzz words most Indian startups use liberally in their pitches to garner investor attention. But are they truly leveraging the power of India Stack? Perhaps yes, however there hasn’t been much action on-the-ground to prove this. While there are several startups that aim to use India Stack and some are even implementing it, I believe that its full potential to accelerate startups’ growth remains to be seen. Described as “Technology for 1.2 billion Indians”, India Stack which is backed by Aadhaar, the world’s largest identity database, offers Indian startups an opportunity to truly disrupt the way Indians pay, save, borrow, shop, work, communicate, store, trade…the possibilities are limitless.

India Stack – What lies within?

India Stack, as you may be aware, is an open Application Programming Interface (API) with Aadhaar as its base, providing a way to build an entire digital world around a uniquely identifiable individual.

 

 

What is India Stack all about?

Apps leveraging the stack can be designed for desktops, phones, wearables, pretty much any device you can think of. Each API within India Stack is owned by a separate entity, which owns the specifications and the governance of that API. While FinTech startups are the first that come to mind as users of India Stack, the platform finds application across diverse sectors- education, skilling, healthcare, and agriculture to name a few. At the core, any startup using technology can use elements of India Stack. Below are two conceivable scenarios for our select investees, that will help understand the potential of India Stack. We believe that there’s a high probability these scenarios will be a reality in the very near future.

How it could stack up in the future?  

Milaap, is India’s leading digital crowdfunding platform for personal and social causes, enabling individuals to raise funds online for causes such as medical expenses, education, housing, natural disasters, water and sanitation. Donors/lenders get onto the platform, choose their preferred campaign and donate/lend within seconds. Milaap is a ‘tech-for-good’ company and its beauty lies in the collective power of micro-funds; individuals can choose to donate small amounts, which when grouped together can be channelized to address a pressing need, often resulting in improved livelihoods. Sachin’s two-year old son, Rohit, was suffering from a rare disorder of Intestinal Malrotation, a congenital anomaly that required INR 15-20 lakhs to be treated. Rohit’s treatment required him to be in and out of the hospital and Sachin was struggling to keep pace with the piling bills. Sachin’s wife was a stay-at-home mother and the family survived on Sachin’s meagre salary as a salesman at a car showroom, leaving negligible savings at the end of each month. He heard about Milaap from someone at his workplace. Curious to learn more, he logged onto the platform through his mobile phone, keyed in his name, the amount he wished to raise, the cause and its details. He then provided his Aadhaar number and address proof through his Digilocker. As the hospital where Rohit was admitted was registered on the Milaap network, Sachin’s application was approved instantly. His Aadhaar-linked bank account was used to gather the funds. The Milaap team helped Sachin pen down his story and he went on to raise the requisite amount in less than a week from donors across India and internationally.

Another investee, DriveU is an app-based service that provides professional, verified drivers for your personal car. It’s a marketplace that matches demand from car owners at one end with a supply of professional drivers at the other end. Rajesh, who worked at his local grocery store as a sales boy, earned Rs. 10,000 a month. When he heard about DriveU from his neighbor, a registered driver with the company, he was excited at the possibility of making a living out of driving, an activity he enjoys thoroughly. Earlier, he worked as a full-time driver but lost his job abruptly when his employer relocated to Singapore. To bridge the gap, he took up the sales job but was keen to get back to driving. Rajesh walked into the DriveU office in Bangalore at 10 a.m. on a Friday morning,  met Ashok who heads operations for the company, and expressed his desire to join the platform. Rajesh then provided his Aadhaar number, which was verified in a few seconds. He gave DriveU access to his Digilocker through a one-time password, allowing them to retrieve his driving license and proof of address. He also provided references of his previous employers. Ashok made two quick calls and confirmed that all was good. Soon after, Ashok got someone from his team to accompany Rajesh for a test drive. He completed it effortlessly. Rajesh then used UPI to pay DriveU the initial deposit money, a requisite for all drivers, and voila! Rajesh was a driver on DriveU! All this was completed within an hour; driver onboarding earlier took 7 days for DriveU. The time difference speaks for itself, not to mention the savings on costs and efforts.

Limitless potential to leverage the Stack

The above scenarios are only a glimpse of the many applications of India Stack. High value low volume to low value high volume transactions; drastically lower customer acquisition and transaction costs resulting in inclusive growth; uniform lending rates to individual pricing of risk based on digital footprints; gamified products that learn people’s behaviors and enable goal oriented savings…. these are just a few examples of what India Stack can enable. Startups that integrate elements of the Stack to rapidly scale their business are what investors are increasingly seeking to back. We, at Unitus Seed Fund, are looking for those truly interested in leveraging India Stack to leapfrog their startup to the highest level of (unimaginable) growth.

 

This article is written by Sneha Rajan, Senior Associate at Unitus Seed Funda Bengaluru-based venture fund, investing in early-stage startups innovating for the masses.

See how PayTM is using Aadhaar eKYC to upgrade their wallet customers

For Paytm, E-KYC has had direct results on their ability to scale at an unprecedented rate to grow as the leader in Wallets category in India.

Problem:

Even before becoming a Payments Bank, PayTM confronted the issues of paper-based KYC for their high value Rs 1 Lakh wallet which requires a KYC as mandated by RBI. The issue with paper-based KYC is the familiar story of identity theft, scaling of backend operations and improper documentation from the field which lead to huge operational inefficiency.

Solution:

Till now, a lot of people in India had been kept out of the banking net because of the issues with documentation and verifiable identity. With Aadhaar available with more than 1 Billion Indians, all of this changed. And for Paytm, this was a boon.

“It is the most sanctified check. It gave us the ability to scale quickly and the ability to access authentic data”. For the company, an important consideration is that it solves the problem of identity and reliability in data quality.

Today, 87% of PayTM’s KYC’s are Aadhaar based. They’ve set up their systems to ensure KYC’s are done, both en masse and on request. They partner with vendors like Morpho and Mantratec, whose biometric devices are attached to the phone and given to agents to go into the field to do the KYC.

Companies and people can even request a KYC to be done and PayTM sends an agent right to them. Using the customer’s fingerprint, the authentication is immediate, and the individual is instantly Aadhaar verified, and their wallet is automatically upgraded to the INR 1 lac limit.

In the words of Aditi Sholapurkar from Paytm, the e-KYC is leading to some of the most “fantastic, exponential growth” in the onboarding of their future payment bank users.

India Stack – The Bedrock of a Digital India

 

In September 2010, India set out on an arduous journey. A journey to provide every one of its billion plus residents with a unique identification number. A journey that would prove to be the beginning of a FinTech revolution for the country.

The unique ID number came to be known as “Aadhaar” (or “Foundation” in Hindi). Its objective was to catapult India into an era where every resident has a permanent, unique, and secure digital identity. In September 2015, the government announced (to great fanfare) crossing the 1 billion mark, making Aadhaar the world’s largest national ID project.

At an initial glance, you may wonder what’s so special about Aadhaar – after all, it’s just an identification number. You may ask how is it any different than your driver’s license or PAN card or Voter ID?

In this post, we want to convince you that Aadhaar is much, much more than any other form of identification you might possess. It can help tackle some of India’s gravest problems such as corruption and financial inclusion and lay the foundation for a new digital era via the “India Stack”.

The vision behind Aadhaar and India Stack is revolutionary, the opportunities endless, and the potential for innovation profound. As iSPIRT volunteers, we feel privileged to have the opportunity to share our journey of discovery with you.

Introduction — Aadhaar and The India Stack

Aadhaar is the name given to the national identity number assigned to every resident of India. Similar to the process of procuring any other form of identification such as your PAN card, to get an Aadhaar number, one must provide the government with documents verifying the following demographic information: Name, Gender, Age and Address.

However, unlike any other form of identification, residents also provide biometric information in the form of fingerprints and iris scans for their Aadhaar card. The availability of biometric information has opened up a plethora of opportunities through the addition of an open technology platform.

Hold on… the addition of a what?

A technology platform is anything that serves as a foundation upon which other applications, processes, businesses and technologies can be developed. The platform essentially bears the “fixed costs” of developing certain functionality and opens up this functionality to the world so that people can innovate without the burden of massive upfront investments.

In today’s lingua franca, iOS & Android are the most talked about platforms, but both public and private sectors can build platforms, and history is littered with examples of how platforms fuel innovation.

-GPS is a government provided platform underpinning Google Maps, Uber and several other successful technologies

-Facebook is a private platform that allows development of applications such as Candy Crush and Messenger

-The Internet itself is a platform upon which the entire worldwide web was built

Funnily enough, even the ‘low-tech’ highway system was a platform built by the government as a public utility that anyone could access and build businesses around.

The Indian government is now building the digital equivalent of the highway system and calling it “The India Stack”. Through an open application programming interface (API) sitting atop the biometric-enabled Aadhaar system, the India Stack provides a way to build an entire digital world around a uniquely identifiable individual. The apps can be designed for desktops, phones, wearables, and pretty much any hardware you can conceive. This forward looking vision is central to India Stack’s philosophy.

The Vision for Tomorrow

Raj is about to join an MBA program, and wants to apply for a student loan. Even though he banks with Bank A, he believes that he will get better rates from Bank B. As part of the due diligence, Bank B needs to collect an official admission letter and Raj’s college transcript to see if he qualifies for the “good student” discount. Hence Raj opens his phone, navigates to his “digital locker”, and grants Bank B one-time access to these documents.

Bank B would also like to get a good sense for his credit-history and believes that asking Raj for his financial history will provide it with a better sense for his credit-worthiness (as opposed to looking only at publicly available records). Bank B thus requests Raj to provide it with one-time access to all his prior financial transactions. Bank B then runs this information through their machine-learning based credit scoring models.

A few clicks later, Raj shuts his laptop from the comfort of his bed. He got a fantastic deal from Bank B, signed all the documents, and got his loan approved in minutes! Time to go to sleep.

Sounds incredible! But how does a juiced-up ID card enable this kind of innovation?

Enter stack.

The India Stack is comprised of four layers that perform “basic” functions and operate independently.

i1

Figure 1: The India Stack

  1. Presence-less Layer:

Upon enrollment in the Aadhaar program, the demographic and biometric information provided by the enrollee is stored in a centralized government database, with the 12-digit Aadhaar serving as a unique identification key.

Everyday devices today can capture scans of fingerprints or the iris. When a third party service provider such as a bank or a hospital needs to verify the identity of their customer, all they need to do is use these devices to capture and send the customer’s Aadhaar number and biometric information to the centralized database for verification (see Figure 2).

The centralized database uses sophisticated fuzzy-lookup algorithms to match the received information with the stored information. The algorithm then returns “yes/no” information back to the requesting party.

In essence, Aadhaar eliminates the need for a customer to be physically present or even produce ID cards for proof.

 

i2

Figure 2: The Presence-less Layer

The ability to authenticate identity on demand without a paper ID or physical presence can remove a lot of tiny and big hassles. Imagine walking through the airport without your ID, but still being able to seamlessly check into and board your flight! While the presence-less layer is groundbreaking by itself, the true potential lies in how this layer interacts with the rest of the stack.

  1. Paperless Layer:

“Red tape” / “Form-ophobia” / “Paper pushing” / “Shuffling documents”

To overcome the drain on productivity that is everyday paperwork, the government has added a Paperless Layer to the India Stack. Sitting right atop the presence-less layer, the paperless layer consists of two simple components:

-Digital locker

-Digital signature

Digital locker: Each Aadhaar number is uniquely tied to a set of documents that live in a digital locker assigned to that number. As shown in figure 3, documents living in the locker can be issued by government agencies (e.g., land ownership records), third party organizations (e.g., college transcripts), or the individual himself (e.g., legacy paper documents). The individual can choose to share documents from his locker with any entity that requests the information (e.g., a hospital requesting his medical records).

i3

 

Figure 3: The Paperless Layer — Digital Locker

In order to meet the standards of the Digital Locker ecosystem, the documents need to contain a Document ID as well as a Digital Signature from the issuer. Since all documents in the locker are signed, the third parties accessing the documents can be assured of their accuracy. Meanwhile the individuals can use the locker portal to control who accesses their records and for how long.

This process eliminates fraud, reduces administrative burden, ensures anytime/anywhere document access and gives individuals control over what they wish to share.

Each of the players in the locker ecosystem (Directory, Gateway, Portal, etc.) can provide turnkey solutions. One such use case is a packaged “proof of address” document bundle. In fact, this bundle is so ubiquitously requested that the government already offers it under the banner “e-KYC” (electronic-Know your Customer). So telecom companies, for example, can request for this package, and approve a new account in seconds. Such solutions reduce customer acquisition costs, enabling financial inclusion for millions.

Digital signature: The digital signature capability (which is the second half of the paperless layer) allows individuals to electronically sign a contract with any entity without a paper or pen.

 

i4

Figure 4: The Paperless Layer — Digital Signature

To get a document signed, the requester (say, a bank) uses the ASP (see figure 4) to capture customer biometrics. The ASP then sends these details (along with the required document attributes) to a certifying authority for identity authentication. Upon authentication, the certifying authority returns a unique digital certificate which the ASP embeds into the original document.

This process allows individuals to securely sign information anywhere, anytime. When implemented together with the digital locker, it eliminates the need for any form of paper, and combined with the presence-less layer, it enables all business to be conducted digitally.

While banks, insurance companies and other entities may build their own ASPs, third party ASPs will emerge to provide tailored document management solutions for both businesses and retail customers.

  1. Cashless Layer

To reduce the costs of digital financial transactions, the government has built a Unified Payments Interface (UPI), Aadhaar Payments Bridge, Aadhaar enabled payments system & Bharat Bill Payments System. This interface forms the Cashless Layer of the India Stack.

Underpinning these APIs is a very complex, but simple to use technical architecture. The cashless layer of the India stack and its impact on the Indian financial system deserves its own post, so we will only give it lip-service in this write-up.

From a business / end user perspective, suffice to say that it acts as an instantaneous payments bridge between any two entities.

A quick aside, on what makes the UPI so powerful: Think back to pre-online banking times,when every non-cash financial transfer used to take several days. Indeed, even today,  transactions are not truly instantaneous. Bank provided apps provides today are cumbersome to use & get started with. They are closed systems and innovation takes a long time. This automatically puts a lot of people outside 

Why does this matter? Because one can simply cancel the transaction at any point before it truly takes place and your counterparty may never get the money. The reason for this delay is the complexity associated with authentication of payments sources, which is solved by the India Stack.

Imagine a world where all financial transactions take place instantaneously. The working capital implications for small businesses can be profound by using the “Collect Feature” of UPI. Governments can tansfer benefits directly to citizens by just sending money to an “Aadhaar Number”!

All transactions can also be dutifully logged and stored in the digital locker for future access. Recall that the locker allows you to share a summary / sanitized version of these transactions with a requesting party — say, a lender who wants to evaluate your creditworthiness.

Powerful stuff! The truly incredible thing is that UPI is a reality today.

  1. Consent Layer

 

i5

Figure 5: The Consent Layer

In addition to the existing infrastructure, the iSPIRT open API team is working on building an “electronic consent architecture”. The technical details of this architecture are still being ironed out, but the idea behind the architecture is to allow individuals to provide registered entities access to specific data about themselves from the India Stack layers. Access will be provided in the form of consent tokens that are time-bound and identity-verified.

This is where a majority of the power of the India Stack will be realized. By building a digital world around every individual and giving them the ability to determine how much of that world to share, the India Stack will enable rapid innovation in the financial services sector. 

The Coming Disruption in the Indian Financial Sector

Aadhaar is already being used heavily by a variety of government agencies for their respective programs. Aadhaar-based authentication has eliminated thousands of ‘duplicate accounts’ and saved government welfare programs billions of dollars.

Thanks to Aadhaar, a farmer no longer needs to stand in line for his monthly farming subsidy. Instead, the government can electronically authenticate his identity and directly transfer the subsidy over UPI to the farmer’s Aadhaar-linked bank account.

But beyond the government, the India Stack presents opportunities for private players to enable disruption. By taking down both the cost of customer acquisition and ongoing maintenance, it enables businesses to tap into customer segments previously out of reach.

Suddenly, we go from the world where a small street vendor does not even have a bank account to the world where the same vendor now conducts all his transactions digitally, uses the information to obtain credit, grows his business and even invests his savings profitably. In short, the India Stack will enable India to go from a data poor nation to a data rich nation! 

 

 

This post is adapted from a Medium post published by Wharton Fintech.

Using eKYC & eSign for a friction free telecom experience

Reliance Jio is the first mobile service provider to utilise eKYC & e-Sign as a way to cut down on new SIM card activation time by going completely paperless.

Previously, Jios activation time stood between 3-5 days. This was necessary for the convoluted and lengthy KYC process that is a staple of all new mobile number activation experiences. While this is a cumbersome process for the service providers themselves, it has a hugely detrimental effect on customer experience, which involves long waits, lengthy documentation requirements, and a delay in service.

 

vetlnwkdfr8xsazhkl2sovzgpzpuukohmtul53xnwswu8f4ekfmfybcwbzikxkmm4zhghxtle7ubo66mhary5k5qinaxrrge_inycu8b3l8apbkbic9xjcwexiud3fmzssfsl-cns40 lepdloqt93u3q_3sn_vo6lkyc4s_b4exfdx-n19wrfsw0exbiem7zf7dnbmaesxnvnrvg7n3ekkxgxpi-w2chzwhgzdaqux5jftwynz5vctp984k0qx-0kot8xzqbgz9qowfefonqfk

 

With the Aadhar card enabled e-KYC & e-Sign process, Jio transformed its verification process from a highly friction-filled pain point to a seamless, friction-free experience. One can walk in to a Reliance Jio Store, Enter their Aadhaar Number, Authorise eKYC & eSign using biometrics and Walk away with a SIM Card!

The use of Aadhaar in their core business process has enabled Jio to scale their onboarding and enabled them to acquire over 20M+ customers in 1 Month.

Aadhaar Auth for Verification

Babajob is a mobile service that connects job seekers to employers all over the country. Through its service it aims to reduce the disconnect between the connected and the unconnected, by providing access to a larger network of people and jobs.

In the beginning, Babajob used mobile phone numbers and email for verification. Later they added Facebook and Google Auth as part of that. But, given the temporary nature of mobile phone numbers especially among the migrant workers, adopting Aadhaar Auth was a strong step in reinforcing the system’s trust and accountability.

All registered workers who submit their Aadhaar number, receive an Aadhaar verified badge on their profiles, increasing trust as well as incentivising others to submit their Aadhaar details.

aadhaar-copy

 

search-candidates-desktop-web-copy

While it is not currently, mandatory, Babjob is mulling an experiment to make it so and look at the results of that.

“It sends a very powerful signal that Aadhaar is authenticated. It is an authentication layer that is unmatched. It is a unique identifier that stays with you for life and they (the employees and employers) value it very highly.

It is so crucial in our field especially, because Aadhaar Auth allows you to know who you are dealing with, build trust and reputational record”

Vir, Co-Founder of Babajobs