What Is Aadhaar Masking?
Aadhaar Masking is a government regulation that requires businesses to protect the
privacy of Aadhaar holders. This regulation requires companies that collect Aadhaar
cards from customers to mask the first eight digits of the Aadhaar number before
storing them in their systems. The UIDAI is the
governing body for Aadhaar regulations.
They define Aadhaar masking as automatically
covering the first eight digits of the Aadhaar number, whether in physical or
digital form.
This means businesses must mask the first eight digits of the Aadhaar number
captured in customer acquisition forms and the Aadhaar card (physical or digital)
collected as part of the customer onboarding journey.
What Regulations Need To Be Followed For Aadhaar Masking?
The regulations for Aadhaar masking are outlined in circulars issued by the UIDAI,
the RBI, the IRDAI, and the SEBI. These circulars state that businesses must mask
Aadhaar numbers, preferably at the point of capture and certainly before storing
them permanently in downstream systems and databases. This includes masking the
Aadhaar number in videos, such as those used for video KYC or IPV/OSV/PIVC.
The regulations also state that businesses cannot store the full, unmasked
Aadhaar number in their databases. However, companies can use an Aadhaar Vault
system to keep the entire Aadhaar number in a secure location and use a surrogate
number in their downstream systems. This is similar to the solution adopted by the
industry for storing credit card numbers.
The regulations also require businesses to mask historical Aadhaar images,
regardless of the age of the Aadhaar Card holder. This means that any Aadhaar Card
captured in the past must be masked.
Technology And Usage In Aadhaar Masking
The use of technology is allowed for masking Aadhaar
numbers, and the RBI explicitly recommends using AI technologies for this task. This
technology can accurately detect and mask Aadhaar numbers from images and videos.
The technology supports various image formats, including PDF, JPG, PNG, TIFF, BMP,
and BASE 64. It can handle single and multiple pages, rotated images, photocopies,
color or greyscale images, and front and back images on the same page.
Businesses can use various methods for masking Aadhaar images, including
manual masking, automated masking using OCR technology, and a secure API. Manual
masking involves covering the first eight digits of the Aadhaar number with a black
box or another method. Automated masking uses OCR technology to detect and mask the
first eight digits of the Aadhaar number automatically. The secure API method
involves sending the images to a secure server where the Aadhaar numbers are
automatically detected and masked, and the images are then returned to the business.
Regardless of the industry, a business is in; it must comply with the
regulations for Aadhaar masking. This includes small start-ups that may only be
collecting Aadhaar numbers as proof of identity from employees.
Overall, the regulations for Aadhaar masking are in place to protect the
privacy of Aadhaar holders and ensure that their personal information is not accessed or
used without their consent. By adhering to these regulations, organizations can
ensure that they are protecting the sensitive information of their customers and
upholding the privacy laws of the country and its people.