Moreover, subsidy transfers linked to Aadhaar has led the exchequer to save Rs 49,000 crore during the last two-and-half years.
According to Unique Identification Authority of India (UIDAI), there has been no incident of misuse of Aadhaar biometrics leading to identity theft and financial loss when more than 400 crore Aadhaar authenticated transactions took place during the last five years, it said.
UIDAI also said that it has carefully gone through various reports and would like to emphasise that there has been no breach to UIDAI database of Aadhaar in any manner whatsoever and personal data of individuals held by UIDAI is fully safe and secure.
With reference to an incident of misuse of biometrics reported in a newspaper, UIDAI said that it is an isolated case of an employee working with a bank's Business Correspondent's company making an attempt to misuse his own biometrics which was detected by UIDAI internal security system and subsequently actions under the Aadhaar Act were initiated.
More From This Section
Responding to media reports about on-boarding of the ecosystem partners, UIDAI said that the regulations under the Aadhaar Act strictly regulate the on-boarding, functioning including the data sharing restrictions imposed on the companies which want to use Aadhaar information.
It has enabled the government to do Direct Benefit Transfers under various schemes including LPG subsidy and has helped the exchequer save over Rs 49,000 crore during the last two and half years.
Aadhaar-based Public Distributions System is benefiting people by ensuring that their food grain entitlement are given only to the deserving beneficiaries and are not cornered by unscrupulous and corrupt elements, it said.
With reference to reports that there are no extant regulations available to prevent storage and misuse of e-KYC data, while citing instances like capturing IRIS from high resolution photograph, UIDAI said that there are stringent provisions in the Aadhaar (Authentication) Regulations governing the usage of e-KYC data including storage and sharing, resident consent being paramount in both the cases.
allegations that the e-KYC API is available in public domain, UIDAI said that e-KYC APIs are available only to authorised Authentication User Agencies (AUAs) and e-KYC User Agencies (KUAs) through authorised Authentication Service agencies (ASAs) which have established secured network connectivity for the purpose of authentication with the Central Identities Data Repository (CIDR).
The authorisation is in compliance with the Regulations, specifications, standards and technology architecture as prescribed, it said, adding, any violation would lead to penal action.
The statement said that news reports also speak of private agencies hired by mobile operators and banks for e-KYC leading to availability of these data in parallel database and the vulnerabilities in the scenario where there is no privacy law in the country.
Banks or mobile operators have to become UIDAI's AUA/ASAs to obtain e-KYC data of their customers from UIDAI.
The e-KYC data can be given by UIDAI to these agencies only after they obtain consent of their customers and can be used only for the purpose for which it was obtained.
Citing an example, it said, a telecom operator can obtain the e-KYC data of its subscribers and will keep them in their records without biometrics and use them only for the purpose of proving telecom services.
UIDAI uses one of world's most advanced encryption technologies in transmission and storage of data.
As a result, it said, that during the last 7 seven years, there has been no report of breach or leak of residents' data.
The authority is continuously updating its security parameters looking at the new threats in cyber space, the statement said, adding, it also undertakes security audits and ensures necessary steps to augment security features.