Digital KYC Explained: What Happens to Your Aadhaar When You Apply for a Loan

When you apply for a business loan through an app or website, you will be asked to verify your identity using your Aadhaar number or PAN card. This process, called Know Your Customer (KYC), is a legal requirement for all financial institutions in India.

Many borrowers are nervous about sharing Aadhaar details online. The concern is understandable. This article explains exactly what happens to your information, what protections are in place, and what you should watch out for.

What is KYC and why is it required?

KYC rules are set by the Reserve Bank of India (RBI) and the Prevention of Money Laundering Act. Every lender, whether a bank or an NBFC, must verify the identity and address of each borrower before disbursing a loan. Without KYC, a lender cannot legally issue credit.

For in-person loans, this traditionally meant visiting a branch and submitting physical copies of documents. Digital KYC allows the same verification to happen on your phone in a few minutes.

The two most common methods

1. OTP-based Aadhaar eKYC

The lender’s app requests your Aadhaar number. The Unique Identification Authority of India (UIDAI) sends a one-time password to the mobile number linked to your Aadhaar. Once you enter the OTP, the UIDAI confirms your name, date of birth, address, and photograph to the lender.

The lender does not see or store your full Aadhaar number. They receive only the verified data (name, address, photo) along with a tokenised reference. UIDAI retains no record of which lender accessed your data.

2. DigiLocker document fetch

DigiLocker is a government-run digital document vault operated by the Ministry of Electronics and Information Technology. Your Aadhaar card, PAN card, and other government-issued documents are stored there as verified digital originals.

When you grant a lender permission through DigiLocker, they can pull the document directly from the vault. They receive a certified digital copy with a unique verification code. Again, you control when access is granted and can revoke it at any time.

What lenders are allowed to do with your data

Under the DPDP Act (Digital Personal Data Protection Act, 2023), lenders must:

• Use your data only for the purpose you consented to (credit assessment and loan management)
• Not share your data with third parties without explicit consent
• Delete your data when it is no longer required for legal or regulatory purposes
• Provide you with access to the data they hold on request

What lenders cannot do

• They cannot store a copy of your Aadhaar number in their own systems (UIDAI rules prohibit this)
• They cannot use your KYC data for marketing purposes without a separate consent
• They cannot pass your data to a parent company, affiliate, or data broker without your consent

Red flags to watch out for

• Any app that asks you to upload a photo or scan of your Aadhaar card directly (rather than using the UIDAI’s official OTP flow) is not following regulations
• Requests for your full 12-digit Aadhaar number in a form field rather than the masked version
• Apps that ask for Aadhaar details on pages that do not have a padlock (HTTPS) in the address bar
• Any service that asks for your Aadhaar without explaining why it is needed

If something feels off, stop the process and contact the lender directly to verify their KYC method before proceeding.

PehchanPe’s approach

When you use PehchanPe Pulse for your application, identity verification happens through the official UIDAI eKYC gateway and DigiLocker. Your Aadhaar number is never stored in our systems. The data shared with lender partners is limited to what is needed for credit assessment, and all transfers happen over encrypted connections.

You can view the data we hold on your account and request deletion at any time by contacting support@pehchanpe.com.