Aadhaar Biometric: Fingerprints, Iris Scan, and How Biometric Data Is Used

India has built the world’s biggest Aadhaar biometric identification system. It is a digital identity platform that supports all of an individual’s digital interactions, whether you withdraw cash from a village Automated Teller Machine (ATM) or have your loan application verified in seconds. Most individuals engage with it every day and give no further consideration.

Fewer still know what data is collected by it, how this data will be stored, and when it fails. In this blog, you will learn how Aadhaar works, what data it collects, how it is stored and secured, where it is used, and what happens when authentication does not go as expected.

What is Aadhaar Biometric Authentication?

The process of using Aadhaar to verify an individual’s identity by matching their biological characteristics against pre-stored encrypted templates in the Unique Identification Authority of India (UIDAI) database is called Aadhaar biometric authentication.

Unlike a password, a biometric cannot be guessed or forgotten. But unlike a password, it also cannot be changed if compromised. This difference matters. That is why UIDAI has implemented several protective measures for this type of biometric. We will go over these measures next.

Currently, there are four types of authentication methods available under Aadhaar:

• Finger Print: The largest number of users have been enrolled using fingerprint as a method of authentication.
• Iris Scan: Contactless technology with high accuracy.
• Facial Recognition: AI/ML-based and the fastest-growing method.
• One-Time Password (OTP): Non-biometric and used when all other methods are unavailable.

Fingerprint Authentication: What Really Gets Captured

Your fingerprint is not photographed when you use an Aadhaar biometric scanner. The scanner captures a ‘minutiae’ map (a mathematical description) of the unique characteristics of your fingerprint, including the ends of ridges and the places where they split in two. The template is then encrypted and sent to the UIDAI server for comparison, not the actual picture of your fingerprint.

The process that happens next:

• Your live fingerprint is captured by the Aadhaar biometricscanner.
• The scanner encrypts the fingerprint as a template.
• The encrypted template is sent over a secure internet connection.
• UIDAI looks at the encrypted template you are trying to match with one that has been taken during enrollment.
• UIDAI provides a yes/no answer on whether your templates match. No raw data is ever left on UIDAI servers.

Real-World Example: When an account holder withdraws money from a point-of-sale terminal through a business correspondent agent, the point-of-sale (POS) terminal sends a fingerprint template to the UIDAI for confirmation before releasing the payment in a matter of seconds.

A Known Limitation: Manual labourers, elderly individuals, and farmers with worn ridges frequently face authentication failures.

Field reports from Rajasthan and Jharkhand document cases where decades of physical work had smoothed fingerprints to the point of being unreadable by scanners. UIDAI’s guidelines require agencies to offer exception-handling mechanisms in such cases, though access remains uneven.

Iris Scan: The More Reliable But Less-Used Modality

The iris, the coloured ring around the pupil, contains over 200 unique identifying features per eye. Like fingerprints, Iris patterns remain unchanged throughout a person’s lifetime and are not affected by physical labour or ageing.

The process of how an iris scanner functions:

• Generates high-intensity near infrared (IR) light that cannot be seen by the naked eye.
• Uses a high-resolution camera to capture the fine details of the iris’s texture.
• Converts the image of the iris into an encrypted Iris code template.
• UIDAI compares the iris code with the previously registered template.

Feature	Fingerprint	Iris Scan
Contact required	Yes	No
Affected by ageing/labour	Yes	No
False acceptance rate	Moderate	Very low
Deployment scale	Very high	Limited
Ideal use case	General banking, Public Distribution System (PDS)	Hospitals, the elderly, and high-security

Iris scanners are most beneficial when fingerprints are unreliable, such as in hospitals, elderly care, and colder climates, where one’s hands are either dry or gloved. For example, Delhi ration shops have utilised iris scanners as an alternative for those unable to enrol due to fingerprint degradation.

Face Authentication: The Fastest-Growing Modality

In March 2025 alone, UIDAI’s AI/ML-powered face authentication processed over 15 crore transactions. By mid-2025, the total number of transactions crossed 200 crore (2 billion). Over 100 entities are using face authentication technology for service delivery across the government and private sectors.

Face authentication operates differently from iris and fingerprint:

• A live selfie is taken with a smartphone or a kiosk camera.
• AI algorithms authenticate that the selfie is a live person and not an image of a person (photograph), or a deepfake.
• The face template is compared with UIDAI’s registered image.
• The result is provided instantaneously.

UIDAI was awarded the Prime Minister’s Award for Excellence in Public Administration in the innovation category, specifically for face authentication technology, in April.

How Aadhaar Biometric Data is Stored and Protected

This is when nearly all blogs fall short. The following outlines the actual fate of your Aadhaar biometric information:

• Stored in encrypted form as templates, not images. UIDAI doesn’t retain an image of your fingerprint or iris; it retains only the mathematical representations of your biometric information.
• Never sent to anyone else. Only a “yes” or “no” response is given to authentication agencies. Your biometric information never leaves UIDAI’s servers.
• UIDAI uses the provisions of the Aadhaar Act, 2016, to govern the unauthorised use of your Aadhaar biometric information (i.e., unauthorised use is a crime).
• UIDAI is currently developing liveness detection and contactless fingerprint capabilities to prevent deepfake-based spoofing and injection attacks.

The Biometric Lock Feature: A Tool Most People Don’t Use

UIDAI provides a “Biometric Lock” option, which is used by a small number of Aadhaar holders. When this is turned “on”, no authentication entity, whether it be a bank, telecom company, government entity, etc., will ever be able to use either your fingerprints, iris, or facial image to verify your identity.

To lock your biometrics:

• Go to the myAadhaar website or download the mAadhaar app.
• Click on the “Lock/Unlock Biometrics” tab.
• Input your 12-digit Aadhaar number or Virtual ID (VID).
• Confirm your request through an OTP sent to your registered phone.
• Click on “Lock”. Your biometrics will be disabled right away.

You can temporarily unlock for one-time use (for example, to complete a single transaction) or permanently disable the lock. The Aadhaar biometric lock function may also be helpful in those cases where you have received an unauthorised biometric authentication alert from UIDAI on your registered mobile.

When Biometrics Fail and What to Do

Aadhaar biometric failures occur more often than reported in government statistics. The most well-documented reasons for this are:

• Fingerprints worn off through labour-intensive work, ageing, or other health issues.
• Eye problems from cataract removals, eye surgeries, etc., that affect the scanner’s ability to read iris patterns.
• Low-quality scanners are available at many rural banking locations and fair price shops.
• Mobile numbers are unlinked/deactivated, preventing the OTP fallback option.

Steps to Take When There is a Failure of Biometric Authentication:

• If OTP based authentication is available, use it instead.
• Go to an Aadhaar Seva Kendra (ASK) to have your biometrics re-enrolled.
• Contact the agency’s grievance officer. UIDAI has mandated exception handling.

Aadhaar Biometric and the Road Ahead

UIDAI has invested in upgrading two of its technologies.

• UIDAI has also implemented advanced contactless fingerprint capture. This technology will eliminate physical contact, increase hygiene, and increase accuracy when dealing with fingerprints that have deteriorated over time.
• In addition, UIDAI has upgraded its liveness detection technology. This new version is designed to target spoofing and injection attacks based on deep fake biometrics, which are becoming increasingly sophisticated as artificial intelligence-generated biometrics continue to evolve.

All of these new technologies are being developed by domestic vendors. This aligns with the Government of India’s “Make in India” initiative to build critical digital infrastructure in India.

Aadhaar is moving from only fingerprint use to a smarter system that also includes face and iris verification. This multi-modal approach makes identity checks more reliable and reduces errors. As Aadhaar authentication improves, its role in financial services is also growing. Banks, lenders, and fintech companies are building faster and safer digital processes using this system.

FAQs – Aadhaar Biometric

1. What does Aadhaar biometric data include?
   Aadhaar biometric data consists of fingerprints (all ten fingers), iris scans of both eyes, and a facial photograph. These are used to uniquely identify individuals.
   
   
2. Why does Aadhaar collect both fingerprints and iris scans?
   Using multiple biometrics improves accuracy and reliability, especially in cases where fingerprints may fade due to age or manual work.
   
   
3. How is biometric data used during authentication?
   When you request a service, your biometric data is matched with records stored by UIDAI to confirm your identity in real time.
   
   
4. Where is Aadhaar biometric authentication commonly used?
   It is widely used in banking, telecom verification, government subsidies, pension disbursement, and digital KYC processes.
   
   
5. Is Aadhaar biometric data stored by service providers?
   No, biometric data is securely stored by UIDAI and is not shared or stored by banks, telecom companies, or other service providers.
   
   
6. What security measures protect Aadhaar biometric data?
   The data is encrypted, stored in secure databases, and accessed only through authorised authentication systems under strict regulations.
   
   
7. What should you do if biometric authentication fails?
   You can try alternative methods such as iris scan, face authentication, or OTP-based verification linked to your registered mobile number.
   
   
8. Can Aadhaar biometric data be updated or re-captured?
   Yes, individuals can update their biometrics at Aadhaar centres, especially in cases of ageing, injuries, or poor initial capture quality.
   
   
9. Can you temporarily lock your Aadhaar biometrics?
   Yes, UIDAI allows users to lock and unlock their biometric data to prevent unauthorised use.
   
   
10. How is biometric data used in financial services?
    Banks and fintech companies use Aadhaar-based biometric authentication to enable quick onboarding, eKYC verification, and secure transactions.