Indian Kanoon - Search engine for Indian Law

6. Elaborating further, it is submitted by the learned counsel for the petitioners that during the online KYC process, the following methods are used to identify a customer:

(a) Clicking a selfie,

(b) Face recognition,

(c) Signing using pen and paper; or putting a signature on screen using a mouse,

(d) Printing and rescanning or clicking a photo of the filled in form,

(e) Verification of OTPs in 30 seconds, displaying documents or KYC form / signature in original, and

(f) Random question and response (e.g. flashing generic code/ text on screen for it to be read by the customer).

9.1.7 Furthermore, in Annexure 1 to the Rules, 2005, the Central Government has prescribed the process of Digital KYC, as per which, the following is mandated:

(a) The Reporting Entities shall develop an application for digital KYC process which shall be made available at customer touch points for undertaking KYC of their customers and the KYC process shall be undertaken only through this authenticated application of the Reporting Entities.

(b) The access of the Application shall be controlled by the RE and it should be ensured that the same is not used by unauthorized persons. The Application shall be accessed only through login-id and password or Live OTP or Time OTP controlled mechanism given by REs to its authorized officials.

(i) Once the above-mentioned process is completed, a One Time Password (OTP) message containing the text that ‘Please verify the details filled in form before sharing OTP’ shall be sent to customer’s own mobile number.

Upon successful validation of the OTP, it will be treated as customer signature on CAF. However, if the customer does not have his/her own mobile number, then mobile number of his/her family/relatives/known persons may be used for this purpose and be clearly mentioned in CAF. In any case, the mobile number of authorized officer registered with the Reporting Entities shall not be used for customer signature. The Reporting Entities must check that the mobile number used in customer signature shall not be the mobile number of the authorized officer.

(j) The authorized officer shall provide a declaration about the capturing of the live photograph of customer and the original document. For this purpose, the authorized official shall be verified with One Time Password (OTP) which will be sent to his mobile number registered with the Reporting Entities. Upon successful OTP validation, it shall be treated as authorized officer’s signature on the declaration. The live photograph of the authorized official shall also be captured in this authorized officer’s declaration.