"...all licencees shall implement the ....changes proposed by the UIDAI regarding use of Virtual ID as an alternative of Aadhaar number, UID tokens and limited KYC concept in their system/networks subject to the adherence of existing Aadhaar based eKYC processes for issuing new mobile connection to subscribers and re-verification of existing mobile subscribers," a notification by the Department of Telecom (DoT) has said.
It further said that licencees should "give the option to subscribers of feeding either Aadhaar number or Virtual ID" as per the individual's choice but the operators will be required to display the numbers in "masked form" at the point of sale terminal and ensure that none of these numbers are stored in their own system or database.
"The licencee (operator) shall then follow the eKYC process as per the existing instructions for new acquisition or re-verification....and after successful authentication of the subscribers, shall use a UID (Unique ID) token to ascertain the uniqueness of the subscribers and store the same alongwith other fields in the subscribers' database," it said.
The telcos will also be required to make necessary changes in their systems to replace the Aadhaar numbers of existing subscribers within the database with UID tokens.
Further, it has removed Aadhaar number from various parametres required to be included in the subscriber database and introduced the 72-character UID token as a line item.
The Unique Identification Authority of India (UIDAI), the Aadhaar issuing body, had earlier informed the Telecom Department that all operators will have access to "limited KYC" and that these service providers will not store Aadhaar number or Virtual ID of the customer while sending authentication or eKYC requests.
"For all eKYC requests by telecom service providers (TSP), UIDAI as part of limited KYC response will share demographic data that is name, gender, date of birth and address alongwith face photo and UID token. Aadhaar number will not be shared with the TSP by UIDAI as part of limited KYC response," the circular said.
Introduction of limited KYC (know your customer) will ensure that a verification request made does not return Aadhaar number and only provides agency-specific UID token to eliminate the situation of many entities storing Aadhaar number while still enabling paperless KYC.