RBI mandates KYC for inactive Aadhaar operators before resuming transactions
What's the story
The Reserve Bank of India (RBI) has issued a new directive, strengthening the due diligence process for onboarding Aadhaar Enabled Payment System Touchpoint Operators (ATOs). The move is aimed at fighting the increasing instances of fraud. According to the new rule, banks will have to conduct Know Your Customer (KYC) checks for ATOs that have been inactive for three months before they can resume their transaction activities. The guidelines will come into effect from January 1, 2026.
Fraud concerns
Measures to combat frauds in AePS
The RBI emphasized the need for these measures in a recent notification. The central bank said it has been witnessing fraud committed through the Aadhaar Enabled Payment System (AePS) due to identity theft or compromise of customer credentials. "To protect bank customers from such frauds, and to maintain trust and confidence in the safety and security of the system, a need is felt to enhance the robustness of AePS," RBI said.
Information
AePS v/s ATOs: Key details to know
The AePS, operated by the National Payments Corporation of India (NPCI), allows financial transactions using an Aadhaar number along with biometric or OTP authentication. AePS touchpoints are operated by ATOs, who are individuals appointed by the acquiring bank to facilitate these transactions.
Enhanced security
Banks should monitor ATO activities through transaction monitoring systems
The RBI also directed banks to keep a close watch on ATO activities through their transaction monitoring systems. The central bank said operational parameters should be set based on the business risk profile of these operators. Factors like location and type of ATO, volume and velocity of transactions, etc., should form part of the bank's fraud risk management framework.
Regular reviews
Periodic review of operational parameters regarding ATOs is essential
The RBI also stressed the need for periodic review of operational parameters regarding ATOs, in line with emerging fraud trends. If due diligence has already been done for these operators as business correspondents or sub-agents, the same can be adopted. This is part of RBI's wider effort to strengthen security and trust in the AePS transactions.