The Indian government in an effort to combat corruption and tax fraud, is enabling banking institutions to authenticate certain transactions that surpass a specific annual amount using face recognition technology and, in some circumstances, an iris scan, according to three sources who spoke to Reuters.

Some few major both public and private banking institutions have started utilising the opportunity, said one of the people, a banker who refused to identify the banks. The recommendation permitting the validation is indeed not public and hasn't been publicised previously.

The validation is optional and is meant for situations in which the Permanent Account Number (PAN) card, which is required for tax reasons, is not disclosed to banks. Privacy experts are worried about the possibility of banks utilising facial recognition technology.

'This poses significant privacy issues, particularly given India's lack of a specific law on privacy protection, cybersecurity, and facial recognition,' said Pavan Duggal, a lawyer and cyber law specialist.

The government has stated that it aims to have a new privacy law approved by the legislature by the beginning of 2023.

The additional regulations can also be used to confirm the identity of individuals attempting to make withdrawals and deposits surpassing 2 million rupees ($24,478.61) in a fiscal year, in which the Aadhaar identification card is shared as identification, according to two government officials who requested anonymity because the knowledge is not public.

The Aadhaar card carries a unique number that corresponds to a person's fingerprints, face, and eye scans.

In December, India's finance minister instructed banks to take 'required steps' in response to a letter from the Unique Identification Authority of India (UIDAI), which proposed facial recognition and iris scanning should be used for verification when fingerprint authentication failures.

The letter from the UIDAI, which is in charge of Aadhaar card distribution, makes no mention of a consent framework for authentication. Neither does it state that banks are permitted to take action if a consumer refuses.

In response to Reuters' inquiries, a UIDAI spokesperson stated that Aadhaar verification and authentication occur only after the user's express consent. Using biometric security based on Aadhaar helps prevent potential abuse, he said.

'UIDAI routinely recommends all authentication and verification organisations to implement face or iris authentications for residents whose fingerprint recognition fails.' He added that verification and validation are not synonymous with data storage.

The newest update follows a government order issued earlier this year that required the use of an Aadhaar card or PAN number for transactions exceeding 2 million rupees in a fiscal year. The ministry of federal finances did not respond to inquiries for comment.