Introduction

The Aadhaar Enabled Payment System (AePS) is a bank-led model developed to promote financial inclusion by enabling basic banking transactions using Aadhaar-based biometric authentication. AePS allows customers to access services such as cash withdrawals, balance inquiries, and fund transfers at micro-ATMs operated by Business Correspondents (BCs). This system significantly improves access to banking services in underserved and rural areas.

Key Definitions

• Acquiring Bank: The bank responsible for onboarding AePS touchpoint operators.
• AePS Touchpoint: The terminal deployed by acquiring banks to facilitate AePS transactions using Aadhaar-based biometric or OTP authentication.
• AePS Touchpoint Operator: The agent appointed by the acquiring bank to operate the AePS touchpoint.

Overview of AePS Services

AePS enables both financial and non-financial transactions through Business Correspondents of any bank. Customers can conduct transactions such as:

• Financial Transactions: Cash deposit, balance enquiry, and Aadhaar-to-Aadhaar fund transfers.
• Non-Financial Transactions: Demographic authentication, Best Finger Detection (BFD), and e-KYC.

A unique feature of AePS is its reliance on biometric authentication in lieu of conventional credentials such as debit cards, credit cards, or OTPs. Customers are not required to disclose their bank account details to perform transactions. Biometric data is verified by the Unique Identification Authority of India (UIDAI), while the National Payments Corporation of India (NPCI) manages switching, clearing, and settlement.

Emerging Challenges and Need for Regulatory Measures

In light of recent frauds involving identity theft and compromise of customer credentials, there is an increasing need to strengthen the integrity and security of the AePS ecosystem. To address these risks and uphold public confidence, the Reserve Bank of India (RBI), in its Statement on Developmental and Regulatory Policies dated February 8, 2024, announced comprehensive directions aimed at streamlining the onboarding and monitoring of AePS touchpoint operators.

RBI Guidelines on Onboarding AePS Touchpoint Operators

1. Customer Due Diligence:
   Acquiring banks must perform due diligence on all AePS touchpoint operators in accordance with the Customer Due Diligence procedures for individuals outlined in Part I, Chapter VI of the Master Direction – Know Your Customer (KYC) Directions, 2016, as amended from time to time.
2. Inactive Operators:
   If an AePS touchpoint operator has not conducted any financial transactions for a continuous period of six months, the acquiring bank must update the operator’s KYC details before reactivating their transaction capability.
3. Single Bank Onboarding:
   NPCI and acquiring banks must ensure that each AePS touchpoint operator is onboarded by only one acquiring bank to maintain operational integrity and traceability.

Ongoing Due Diligence

Acquiring banks are required to continuously monitor AePS touchpoint operators, setting operational parameters based on the following principles:

• Transaction Limits: Must be established according to the risk profile of the operator.
• Geographical Consistency: Transactions should align with the operator’s location and risk profile.

Compliance with NPCI Guidelines

All system participants must strictly adhere to the rules and regulations governing the operation of AePS as prescribed by NPCI, the designated system provider.