Additional Identifiers for Account Discovery in the Account Aggregator Framework
In a strategic move to elevate account discovery success rates and refine user experiences, the Reserve Bank Information Technology Pvt Ltd (ReBIT) has recently issued a groundbreaking circular. Unveiled on November 8, 2023, this circular introduces pivotal changes for Account Aggregators (AAs) and Financial Information Providers (FIPs) by incorporating additional identifiers—such as Permanent Account Number (PAN) and Date of Birth (DOB)—into the account discovery process.
The essence of this transformation lies in the POST/Accounts/discover API of FIP API Specification, where AAs and FIPs are mandated to utilize the mobile number as the strong identifier. With this circular, additional identifiers such as PAN and DOB can be used alongside the strong identifier. This move is expected to significantly enhance the precision and security of account identification within the AA ecosystem.
The circular outlines essential compliance guidelines that underscore the meticulous implementation of these additional identifiers. Here’s a breakdown of the key directives:
- Sequential Priority: A meticulous sequence is to be followed when PAN and DOB are provided—prioritize the strong identifier (mobile number), followed by PAN, and ultimately DOB for account discovery.
- Data Security: The circular places a paramount emphasis on safeguarding sensitive information. PAN and DOB are to be logged in a masked format, ensuring an additional layer of security to protect consumer data.
- Purpose Limitation: PAN and DOB are strictly earmarked for account discovery. AAs and FIPs are explicitly instructed to refrain from utilizing this information for any other application, reinforcing the importance of purpose-specific data usage.
- Storage Limitation: Customer-provided PAN and DOB values must not be stored after the account discovery process. This stipulation aligns with the broader industry trend of limiting data retention to enhance overall data security.
These updated specifications signify a pivotal milestone for precise, secure account identification. By embracing these changes, AAs and FIPs are complying with regulatory mandates and contributing to an ecosystem that prioritizes user experience and data security.
In conclusion, the ReBIT circular sets the stage for a new era in account discovery within the financial technology landscape. It is a proactive step towards creating a robust and user-centric AA ecosystem, ensuring that consumers can engage with financial services seamlessly while their sensitive information remains safeguarded.
Access the complete ReBIT circular here: