All important documents anywhere, anytime! Yes, that’s what DigiLocker is all about. It’s a safe and secure cloud-based digital locker that saves your original documents virtually. The documents are available for different purposes, including authentication, as per the user’s request. And, that’s where DigiLocker KYC comes into play.
Financial institutions like banks, fintechs, insurance companies, capital market players, etc. conduct customer KYC using documents from DigiLocker.
With a better uptime, DigiLocker has paved a quicker way for Aadhaar verification as compared to the traditional methods.
How do financial institutions complete KYC using DigiLocker?
They partner with a ‘requestor’.
A requestor is an authorised entity registered with the Digital Locker directory. It pulls out KYC documents such as Aadhaar & PAN from a user’s DigiLocker account, authenticates them, and uses them as Proofs of Identity & Address.
As per DigiLocker, it shall be used by the requester to––
(a) register on the Digital Locker directory;
(b) access documents uploaded by the subscriber on the Digital Locker portal;
(c) use authorised gateway providers to access these documents stored across repositories;
(d) access subscriber’s State or Central department or agency or body corporate issued documents based on the URI; and
(e) take consent from subscriber to access documents available in subscriber’s Digital Locker account
4 things to consider when looking for ‘requestor’ for DigiLocker KYC
1. Compliance with DigiLocker norms
A DigiLocker based KYC journey must follow certain rules as per the DigiLocker norms.
As per UIDAI, MeiTY & other regulators, the following aspects must happen for a compliant DigiLocker flow:
- Customer must be mandatorily redirected to the DigiLocker page
- Customers must enter their Aadhaar details, OTP, and captcha themselves
- Take consent from subscriber to access documents available in subscriber’s Digital Locker account
- The verification must be performed by a requesting partner who is registered with DigiLocker
2. Ability to create DigiLocker accounts on the fly
A customer may or may not have a pre-existing DigiLocker account. For such cases, your KYC partner must be able to create one for the customer on the go with their consent to be able to pull the relevant documents
3. Smooth customer experience
It’s no news that FIs face heavy competition when it comes to acquiring customers. Hence, when choosing a KYC partner, thinking about your customer’s journey is basic hygiene. A smooth customer onboarding experience sure gives you an edge over your competitors.
4. Ease of integration
IDfy’s DigiLocker services can be consumed as a DigiLocker KYC API which can be integrated with your existing KYC journey. Or, you may choose to adopt our profile gateway to conduct KYC using DigiLocker.
Is DigiLocker KYC safe?
1. The documents are authentic
Any document fetched from DigiLocker can be categorised as a ‘verified’ document as per the IT ACT, 2000. As, credible sources issue any document on DigiLocker. For eg., Aadhaar and PAN are issued into DigiLocker by the UIDAI and the Income Tax Department respectively. All the documents issued have a verifiable digital signature by these sources indicating that these documents are genuine
2. No risk of stolen IDs and ghost loans
The secure, 2-step login process based on the Aadhaar number ensures that no one, but only the user can log into their DigiLocker account.
A DigiLocker account is linked to the user’s Aadhaar number. Logging into a DigiLocker account is a two-step process. The user is asked for their Aadhaar number and an OTP (sent to an Aadhaar-linked phone number) for the same.
What if someone gains access to a user’s phone and Aadhaar number?
The chances of this happening are less, but not zero.
To safeguard yourself against such cases, you may use a live picture of a user and compare it with the picture on their Aadhaar.
This can be done in real-time using IDfy’s face compare technology.