New Delhi: Karza Technologies Pvt. Ltd still faces a ban over know-your-customer, or KYC, violations on DigiLocker, almost a month after a probe was initiated against the e-KYC solutions provider, said two people in the know.
In October, DigiLocker sent a letter to partners saying there was a violation of DigiLocker terms of services and the Aadhaar Act by Karza, and one of its partner firms was found bypassing DigiLocker’s redirection signin-signup flow and capturing Aadhaar data directly on its user interface. Subsequently, the firm’s account was blocked on the portal pending investigation. Mint has reviewed a copy of the letter.
DigiLocker is now consulting with UIDAI and is awaiting its response before taking a call on Karza’s ban, one of the two people said seeking anonymity.
DigiLocker offers electronic storage of KYC documents and is an initiative of the electronics and IT ministry. It is also the de-facto Aadhaar verification interface for most e-KYC solutions. DigiLocker terms of services say the signin-signup process happens on the platform’s page and any user getting their KYC processed through DigiLocker or access their account must do it on the platform.
“Karza was required to log on to the Digilocker page to enter user information, but the firm created a blank page and asked users to key in their information on the page. Then it populated the data on the DigiLocker site, which is in complete violation of the terms,” he added. “Basically, Karza was in violation of the terms of services as it used automation to initiate Aadhaar consent on another web page, and not on DigiLocker directly, without the customers knowledge,” he added.
DigiLocker found Karza was also extending its services to other entities. “This is also in violation, as all entities must directly integrate with the DigiLocker portal for the services.”