In response to increasing fraud through Aadhaar-based financial services, the Reserve Bank of India (RBI) has issued new guidelines to strengthen the Aadhaar Enabled Payment System (AePS). These rules aim to improve the security, monitoring, and accountability of touchpoint operators and banks using AePS for digital financial inclusion.
Strengthening onboarding and compliance
Effective January 1, 2026, the new RBI guidelines mandate a more rigorous onboarding process for AePS operators. Banks must conduct proper due diligence before onboarding these agents and are now required to periodically update their Know Your Customer (KYC) information. If an operator remains inactive for three consecutive months, re-verification via KYC will be mandatory before they are allowed to transact again.
The move is intended to prevent identity theft and unauthorized access, which have plagued AePS platforms in recent years. The AePS infrastructure, operated by the National Payments Corporation of India (NPCI), enables interoperable digital transactions via biometric authentication linked to Aadhaar.
Transaction monitoring and risk control
The RBI has also directed banks to enhance real-time monitoring of AePS transactions. This includes implementing parameters based on the risk profiles of operators, such as their geographical location, transaction type, volume, and frequency. Banks will also need to set fraud risk benchmarks and adjust controls dynamically based on evolving threats.
Also read: Govt, UPI Apps Join Hands to Tackle Payment Fraud
Technological safeguards will be strengthened. All integrations, including APIs, must now be used exclusively for AePS-related operations. This measure is meant to contain the growing misuse of shared technology infrastructures across unrelated platforms.
A critical step amid growing scams
The update follows a noticeable rise in frauds involving Aadhaar-based authentication, where compromised credentials or spoofed identities have resulted in losses. In July 2024, the RBI released draft guidelines, which were followed by public consultation and review before being finalized.
By tightening these rules, the RBI seeks to maintain public trust in AePS while supporting its role as a financial inclusion enabler in semi-urban and rural regions. Banks will now have a larger role to play in both onboarding and continuous oversight of their AePS networks.
