RBI Issues New Guidelines for Aadhaar Enabled Payment System (AePS)

Scan your thumb, and bank transaction will be done in seconds; RBI’s AePS will make this possible

Banking has entered a new era of convenience: now, account-holders simply scan their thumb, and funds can be transferred instantly. An Aadhaar Enabled Payment System can make this possible. That’s why the RBI has released a directive for the implementation of AePS.

In this article, we explore how the system works, what the RBI has mandated, the role of operators, and emerging fraud risks, all enriched by insights from recent regulatory releases.

What is Aadhaar Enabled Payment System?

AePS is a bank-led, interoperable payment mechanism developed by the National Payments Corporation of India (NPCI). It allows customers to conduct basic banking operations, such as cash withdrawals, deposits, balance enquiries, mini-statements, and Aadhaar-to-Aadhaar fund transfers, just by using an Aadhaar Number and biometric (or OTP) authentication.

AePS can reach all the bank account holders through micro-ATMs. These micro-ATMs are operated by Business Correspondents or Touchpoint Operators.

The primary objective of using an AePS system is to promote financial inclusion. This means that individuals in rural or underbanked areas can now access banking services without visiting a branch. AePS also supports government program disbursements like pensions and social security payments.

What is an ATO (AePS Touchpoint Operator)?

An AePS Touchpoint Operator (ATO) is the frontline person, who is often a Business Correspondent or sub-agent. An AePS Operator is employed by an acquiring bank to manage AePS-enabled micro-ATM terminals, either fixed or mobile. They facilitate customer transactions using biometric or OTP-based Aadhaar authentication.

These operators serve as vital intermediaries in areas where branches of banks have not yet reached. These micro-ATMs, assisted by an AePS Operator, can turn a simple thumb scan into a mini-bank branch operation.

What are the Key Objectives of the RBI’s AePS Directive?

Directives are critical for preserving public trust in digital financial services. In light of rising AePS misuse through cloned biometrics and compromised credentials, RBI has mandated a renewed compliance framework to bolster security across the system.

The directive, issued on 27 June 2025, comes into force from 1 January 2026 and applies to acquiring banks and NPCI.

Below is a table summarising the key objectives of this directive, introduced by a few lines to frame its purpose. After the table, a concise wrap-up follows.

Key Objectives of RBI’s AePS Directive
 

This directive elevates operational accountability for banks by weaving in robust KYC, technological controls, grievance management, and advanced fraud detection into everyday AePS operations.

How can Frauds Happen Using AePS?

While AePS brings convenience, it also exposes vulnerabilities when not guarded properly.

Biometric spoofing or fingerprint cloning remains a principal risk. Fraudsters can create replicas or fake identities to perform unauthorised withdrawals through AePS touchpoints.

Other avenues include false positives or negatives in biometric matching, misuse of credentials by Business Correspondents, and misreporting transaction failures. Hardware failures of fingerprint scanners and mismatches in banking systems can further disrupt correct validation and remediations.

Data privacy and Aadhaar data management errors—especially in poorly regulated underbanked areas—can lead to breaches, misuse of biometric data, or unauthorised access.

Conclusion

The Aadhaar Enabled Payment System simplifies banking to a thumb scan but brings intrinsic risks tied to its accessibility and scale. The RBI’s directive, effective from 1 January 2026, is a timely and necessary regulatory intervention designed to ensure that security, accountability, and trust remain at the core of AePS operations.

By enforcing robust KYC, API safeguards, grievance redressal, and intrusion detection frameworks, the RBI equips banks and operators to fortify this inclusive payment infrastructure. As AePS continues to expand India’s banking footprint, these measures lay the groundwork for a more resilient, trusted system, marrying convenience with compliance in one seamless thumb-scan.

Apply for Loans Fast and Hassle-Free

Apply Now

About the Author

LoansJagat Team

We are a team of writers, editors, and proofreaders with 15+ years of experience in the finance field. We are your personal finance gurus! But, we will explain everything in simplified language. Our aim is to make personal and business finance easier for you. While we help you upgrade your financial knowledge, why don't you read some of our blogs?