KYC masking mandatory from January 20: What changes for you
The Central KYC Records Registry (CKYCRR) has extended the date of implementation for masking KYC identifiers to January 20, 2025. The move is aimed at improving data security and preventing misuse of sensitive information like Aadhaar, Voter ID, PAN, and Driving License numbers in its system. The new method will only show the last four digits of these identifiers.
Masked KYC: A step toward data security
The masked KYC procedure would involve hiding sensitive details in customer records shared through CKYCRR. The new system will protect the privacy of individuals and reduce the chances of unauthorized access. Reporting entities would still have access to complete KYC records with a unique CKYC Reference ID assigned to each record.
CKYC extends implementation timeline
Previously, the launch date for this initiative was December 16, 2024. However, CKYC has pushed the deadline after requests from several reporting entities. The additional time is meant to give these entities a chance to update their systems and comply with the new regulations. CKYC has clarified that no further extensions will be given beyond this revised deadline.
New regulations for accessing KYC records
The new regulations mandate that only last four digits of KYC identifiers will be displayed in search responses and match confirmations. Entities will have to use this new unique identifier to download complete KYC records. Accessing these records will require authentication factors and unique IP addresses, adding another layer of data security.
Impact on CKYC processes and future plans
The masking of KYC identifiers will impact all CKYC processes, such as search requests, responses, bulk file uploads, and more. Entities have been advised to test these changes in the CKYCRR test environment and update their systems ahead of the new deadline. From January 20, 2025 onward, CKYC will function under this masked KYC framework as part of broader government efforts to bolster customer data security and prevent misuse by unauthorized entities.