party model that is so important to
UPI’s success. In UPI, the payment-ad-dress-issuing entity is not necessarily
the same as the one providing the underlying bank account. This means a
user can use any app to send or receive
money directly from their bank account. They are no longer restricted to
just the app provided by their banking
service provider. This has increased
competitiveness to acquire users, and
as a result the responsiveness and performance of bank apps has improved
dramatically since the launch of UPI.
With over 800 million transactions
worth more than US$1.9 billion being
transacted monthly after approximately two years,l the Unified Payments
Interface (UPI) is the fastest-growing
open-loop digital payments platform
in the world.
Criticism and Evolution
As Aadhaar gained coverage, traction,
and the trust of service providers as a
unique and robust proof of identity,
it began to be requested (and sometimes mandated) as a foundational
document across a variety of public
and private services, in particular, for
government subsidies, banking, and
As a result, there was pushback from
media, civil society, and academics
around issues of privacy and security of
individual data, and the possibility of
exclusion from access to services due to
lack of an Aadhaar or due to authentication errors. Meaningful engagement
on all criticisms is not possible in this
article, the issues are wide ranging and
need detailed, nuanced discussions on
What we would like to highlight is
some of the outcomes from the critique of Aadhaar. The UIDAI was able
to see the increasingly vocal demand
for better privacy controls, resulting
in design changes to the program as
it evolved. Aadhaar has rolled out a
number of features to further enhance
the security, privacy, and inclusion of
the Aadhaar system.
Biometric capture devices are regis-
tered with the Aadhaar ecosystem and
all biometrics captured are signed and
encrypted at the capture device to pre-
l UPI Product Statistics; https://www.npci.org.
vent replay attacks. Residents can lock
and unlock (for short periods of time)
their biometrics using the multiple
channels such as the Aadhaar mobile
application or the Web portal.
Aadhaar introduced temporary vir-
tual IDs that allowed users to mask their
Aadhaar numbers during an authenti-
cation request. The means the Aadhaar
number does not need to be shared
with an authenticating agency. In the
digitally signed response, Aadhaar re-
turns agency-specific UID tokens, which
are unique and cannot be correlated
across agencies. In addition, residents
can lock their Aadhaar number and
authenticate using only the virtual ID.
Aadhaar has introduced the con-
cept of offline KYC verification, which
allows residents to directly share their
digitally signed KYC information
with a verification agency XML/QR
code formats. This allows residents
to share non-tamperable credentials
without direct involvement of the
Aadhaar system. Local validation of
the photograph through face match-
ing and mobile number are possible.
Sensitive data such mobile number is
stored using a one-way hash; the data
is revealed only if residents share the
data with the verification agency.
Problems with authentication using
fingerprints by manual laborers or
senior citizens were addressed through
the introduction of multiple biometric
modalities such as face and iris match-
ing. In addition, multiple modalities
can be combined through fusion to
further reduce rejections in the field.
Finally, exception processes are put in
place to ensure 100% of residents can
authenticate using the Aadhaar system.
Aadhaar’s open architecture meant
such a solution could be rolled out
quickly in response to public demand.
The criticism and civil society
movement also bought into the public
discourse India’s lack of a Data Privacy
Law, which is necessary whether or not
there is an Aadhaar. While trying the
Aadhaar case, the judges were forced
to ask if the constitution guarantees a
fundamental right to privacy. A nine-
judge bench found the answer was
A second Supreme Court judgment
m Justice K.S. Puttaswamy (Retd) vs Union of India,
Aug. 24, 2017.
declared Aadhaar did not intrinsically
violate an individual’s fundamental
right to privacy, but its mandated use
ought to be restricted only to govern-
ment-provided subsidies and benefits,
tax collection, and other proportional
use cases where permitted by law.n
While it may seem contentious
and politically charged, such con-
versations are a feature, not a bug,
of democracy. The executive, judi-
ciary, and UIDAI were responsive to
the public’s needs and evolved the
system based on what the people
wanted. Our experience underscores
the importance of stakeholder
conversations during the design and
implementation of the program.
India’s experience with creating
digital infrastructure platforms as
public goods offers multiple lessons
learned in technology, system, and
regulatory architecture. It demonstrates how multiple such systems
can be leveraged in concert—such
as the India Stack—for development objectives. Governments and
businesses alike are building for
diverse use cases on top of the stack.
By lowering the transaction costs of
serving the poor, we are achieving
Such digital infrastructure is
not a unique requirement in India.
It is estimated that approximately
161 countries currently have or are
building their own digital ID systems.
Many countries have local interbank
payment systems and are now looking to upgrade them for a mobile-first world. As various countries build
their own systems, the Indian experience with Aadhar serves as a real-world example to learn from. Even
if the systems may look different,
we believe the principles adopted in
their development would serve well
n Justice K.S. Puttaswamy (Retd) vs Union of India,
Aug 26, 2018.
Vivek Raghavan ( email@example.com) is Chief
Product Officer of UIDAI, Bangalore, India.
Sanjay Jain ( firstname.lastname@example.org) is Chief Innovation
Officer of CIIE, IIMA, Bangalore, India.
Pramod Varma ( email@example.com) is Chief
Architect at UIDAI, Bangalore, India.
© 2019 ACM 0001-0792/19/11