Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Table of Contents
Table of Contents __________________________________________________________________________________ 1
List of Figures ______________________________________________________________________________________ 2
List of Tables _______________________________________________________________________________________ 2
Confidentiality and Copyright Notice __________________________________________________________ 2
Document Control _________________________________________________________________________________ 3
Chapter 1 Introduction ________________________________________________________________________ 4
1.1 Executive Summary_________________________________________________________________________ 4
1.2 Background __________________________________________________________________________________ 4
1.3 Scope __________________________________________________________________________________________ 4
1.4 Audience _____________________________________________________________________________________ 5
Chapter 2 E-KYC on NPCI Network ___________________________________________________________ 5
2.1 Architecture Diagram ______________________________________________________________________ 5
2.1.1 e-KYC with Biometric data - Transaction Flow ____________________________________________________6
2.1.2 e-KYC with OTP- Transaction Flow _________________________________________________________________6
List of Figures
Figure 1 e-KYC Architecture Diagram..................................................................................................................... 5
Figure 2 Message Flow .................................................................................................................................................. 7
List of Tables
Table 1 Version History___________________________________________________________________________________ 3
Table 2 e-KYC Request and Response ____________________________________________________________________ 8
Table 3 OTP Request and Response _____________________________________________________________________ 9
Document Control
Document name: NPCI e-KYC Interface Specification
Security classification: Confidential
Distribution list: Member banks
Version History:
Revision History
Chapter 1 Introduction
1.1 Executive Summary
National Payments Corporation of India (NPCI) is formed as an umbrella institution for all the retail
payments systems in the country. The core objective is to consolidate and integrate the multiple
systems with varying service levels into nation-wide uniform and standard business process for all
retail payment systems. The other objective was to facilitate an affordable payment mechanism to
benefit the common man across the country and help financial inclusion. Vision and formation of NPCI
is backed by the regulator and Indian Banks Association (IBA). NPCI has defined business lines to
process in country interbank transactions for ATM, POS, 24x7 Remittance, ACH and CTS.
Government of India has initiated Unique Identification Project for citizens of India. It is envisaged to
use the UID schema and infrastructure for the financial inclusion in India. To enable the customers to
use AADHAAR for the financial transaction across the payment networks in the country, NPCI proposes
to facilitate routing of transactions to the central id repository of UIDAI for user authentication
through a single interface.
The UIDAI also provides the service of online authentication of identity on the basis of demographic
and biometric data. Verification of the Proof of Identity (PoI) and Proof of Address (PoA) is a key
requirement for access to financial products. Today, customers provide physical PoI and PoA
documents. Aadhaar is already a valid PoI and PoA document for various services in the Financial,
Telecom, and Government domains.
1.2 Background
UIDAI now proposes to provide an e-KYC service, through which the KYC process can be performed
electronically. As part of the e-KYC process, the resident authorizes UIDAI (through Aadhaar
authentication) to provide their basic demographic data for PoI and PoA along with their photograph
(digitally signed) to service providers.
1.3 Scope
NPCI member banks and non-banking entities can provide a paperless KYC experience by using e-KYC
and avoid the cost of repeated KYC, the cost of paper handling and storage, and the risk of forged
documents. NPCI will access the Aadhaar e-KYC service from UIDAI through the e-KYC API.
NPCI will be providing an e-KYC service to its member banks and non-Banking entities as a KYC Service
Agency (KSA).
1.4 Audience
This document is a property of NPCI and should be not be circulated to external party without prior
approvals of NPCI management team.
This document will be circulated to NPCI management team, Technical Advisor Committee, Business
user group formed from member banks.
The below figure depicts detailed message flow from MicroATM to UIDAI e-KYC system
Note: Request and response in aadhaar_kyc_api_1_0_final.pdf released by UIDAI. KUA will receive
the response and decrypt the KycRes.
3.2 e-KYC
Following is the XML data format for e-KYC Request Message to NPCI.
1. If KUA send the e-KYC request with only Biometric Data. “otp” tag in Uses attribute will be “n”
and “bio” tag will be “y” and will contain encrypted Pid block in KYC Request.
2. If KUA send the only otp request “otp” tag in Uses attribute will be “y” and “bio” tag will be
“n” and will contain OTP which is also encrypted in Pid block in KYC Request.
3. If KUA send the e-KYC request with both Biometric and OTP. Both “otp” and “bio” tag in Uses
attribute will be “y” and will contain encrypted Pid block in KYC Request .
4. OTP is an independent request initiated by KUA to validate the Aadhaar number holder.
OTP Transaction
<OtpRequest> <OtpResponse>
<TransactionInfo> <TransactionInfo>
<Pan></Pan> <Pan></Pan>
<Proc_Code></Proc_Code> <Proc_Code></Proc_Code>
<Transm_Date_Time></Transm_Date_Time> < Transm_Date_Time ></Transm_Date_Time>
<Stan></Stan> <Stan></Stan>
<Local_Trans_Time></Local_Trans_Time> <Local_Trans_Time></Local_Trans_Time>
<Local_date></Local_date> <Local_date></Local_date>
<Mcc></Mcc> <AcqId></AcqId>
<Pos_entry_mode></Pos_entry_mode> <RRN></ RRN>
<Pos_code></Pos_code> <ResponseCode></ResponseCode>
<AcqId></AcqId> <ResponseMsg></ResponseMsg>
<RRN></ RRN> <CA_Tid></CA_Tid>
<CA_Tid></CA_Tid> <CA_ID></CA_ID>
<CA_ID></CA_ID> <CA_TA></CA_TA>
<CA_TA></CA_TA> </TransactionInfo>
</TransactionInfo> <OtpRes ret=”” code=”” txn=”” err=”” ts=”” />
<Otp uid=”” tid=”” ac=”” sa=”” ver=”” txn=”” lk=””> </OtpResponse>
<Opts ch=””/>
</Otp>
</OtpRequest>
TransactionInfo Secondary Root element of the input XML for e KYC request
(Mandatory)
Tags
Pan: Aadhaar Number of the resident (mandatory)
Format: LLVAR
Type n..19
PAN must be populated with the combination of Acquirer ID/IIN and the
resident Aadhaar number.
B B B B B B I U U U U U U U U U U U U
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
B – Acquirer ID/IIN
I – Indicator for UID – valid value “0”, pass zero for e-KYC
U – Unique Identification Number of customer issued by UIDAI
Note: As for non-banking entities IIN is not issued, acquirer ID must be populated
in the first 6 digit of PAN by these entities.
Elements Description
Elements Description
Elements Description
4 92 - No Routing at NPCI
5 91 - Unable to send request to UIDAI
6 K1 K-100 Resident authentication failed
7 K2 K-200 Resident data currently not available
8 K3 K-540 Invalid KYC XML
9 K4 K-541 Invalid e-KYC API version
Elements Description
10 K5 K-542 Invalid resident consent (“rc” attribute in
“Kyc” element)
11 K6 K-543 Invalid timestamp (“ts” attribute in “Kyc”
element)
12 K7 K-544 Invalid resident auth type (“ra” attribute
in “Kyc” element does
not match what is in PID block)
13 K8 K-545 Resident has opted-out of this service
14 K9 K-550 Invalid Uses Attribute
Elements Description
31 O5 520 Invalid device
32 O6 530 Invalid AUA code
33 O7 540 Invalid OTP XML version
34 O8 542 AUA not authorized for ASA. This error will
be returned if AUA and ASA do not have
linking in the portal
35 O9 543 Sub-AUA not associated with “AUA”. This
error will be returned if Sub-AUA specified
in “sa” attribute is not added as “Sub-AUA”
in portal
36 OA 565 AUA License key has expired or is invalid
37 OB 566 ASA license key has expired or is invalid
38 OC 569 Digital signature verification failed
39 OD 570 Invalid key info in digital signature (this
means that certificate used for signing the
OTP request is not valid – it is either
expired, or does not belong to the AUA or is
not created by a CA)
40 OE 940 Unauthorized ASA channel
41 OF 941 Unspecified ASA channel
42 OG 950 Could not generate and/or send OTP
43 OH 999 Unknown error
Note:
For all declines with RC UI, 20, 92, 91, only <ResponseCode> tag will be available.
Details:
(i) e-Kyc Transaction with Bio/OTP
<ResponseCode> tag will be present but <Resp>tag will be unavailable.
(ii) OTP
< ResponseCode> tag will be present but <OtpRes>tag will be unavailable.
Elements Description
CA_Tid : Terminal Identification (mandatory)
Format: Fixed
Type: n6
It should carry value “public” in the request for all transactions originated from
a device unregistered at UIDAI data base. For devices recognized by UIDAI, this
code will be allotted by UIDAI the data element is mandatory.
NOTE: ‘ public’ must be left padded with two spaces making it 8 digit value.
KycReqInfo Primary Root element of the input XML for e KYC request where all the e KYC
related Data will be passed
(mandatory) Detailed Description is referred from aadhaar_kyc_api_1_0_final.pdf
i. Acquirer shall not log the Biometric data on the switch or at any hop.
ii. Transaction and incoming message validation coming from Micro ATM/Originating
channel.
iii. Unique key management for the terminals.
iv. Acquirer banks have to store the e-KYC response data in encrypted formats as per PCI
guidelines.
v. Acquirer bank will connect to NPCI network on NPCINET.
vi. Acquirer Bank will be responsible for constructing and transmitting Finger print data
of the resident.
<ResponseMsg>Successful</ResponseMsg>
<CA_Tid> public</CA_Tid>
<CA_ID>UCO000000006000</CA_ID>
<CA_TA>CSB, NERUL MUMBAI MHIN</CA_TA>
</TransactionInfo>
<OtpRes ret=”y” code=”5b5b358eeda841178e6fc1767a8889c2” txn=”206661” ts=”2013-07-
29T17:52:58.416+05:30” />
</OtpResponse>
</KycRequest>
=========================================================================================
<KycResponse>
<TransactionInfo>
<Pan>2000020********2521</Pan>
<Proc_Code>130000</Proc_Code>
<Transm_Date_time>0726094813</Transm_Date_time>
<Stan>206661</Stan>
<Local_Trans_Time>151813</Local_Trans_Time>
<Local_date>0726</Local_date>
<AcqId>200002</AcqId>
<RRN>320715206661</ RRN>
<ResponseCode>00</ResponseCode>
<ResponseMsg>Successful</ResponseMsg>
<CA_Tid> public</CA_Tid>
<CA_ID>UCO000000006000</CA_ID>
<CA_TA>CSB, NERUL MUMBAI MHIN</CA_TA>
</TransactionInfo>
<Resp status=“0” ko=”” ret=”” code=”” txn=”” ts=”” err=””>7kU2tbcel+************1nT7y9</Resp> ---
encrypted & base64 encoded “KycRes” element
</KycResponse>