Enhanced Security Measures to Safeguard National Pension System (NPS) Accounts
In response to the escalating instances of online deceit across the country, the Pension Fund Regulatory and Development Authority (PFRDA) is poised to overhaul the current login protocol for National Pension System (NPS) accounts by April 1, 2024.
Recently, the pension regulatory authority unveiled an upgraded security framework. They have instituted a two-factor authentication process using Aadhaar, mandating this heightened security for all users accessing the Central Recordkeeping Agency (CRA) system of the NPS from April 1, 2024.
The PFRDA notification asserted, “In order to augment the security measures in accessing the CRA system and ensure the protection of subscribers’ and stakeholders’ interests, it has been determined to introduce additional security features via Aadhaar-based authentication for CRA system login.”
“The integration of Aadhaar-based login authentication will be synchronized with the present user ID and password-based login process to facilitate CRA system access through 2 Factor Authentication,” the notification elaborated.
Under this upgraded security paradigm, NPS subscribers will only be able to access their accounts after Aadhaar-based authentication and inputting the OTP dispatched to their registered mobile number.
Understanding the Two-Factor Aadhaar Authentication System
The two-factor Aadhaar authentication mechanism serves as supplementary checks to validate the authenticity of fingerprints and further diminish attempts at spoofing, thereby bolstering the security and resilience of Aadhaar-authenticated transactions.
Advantages of the Two-Factor Authentication Feature
The incorporation of Aadhaar-based login authentication aims to reinforce the overall authentication and login framework of the NPS CRA system. According to the PFRDA statement dated March 15, 2024, the new security setup will furnish (i) heightened security and (ii) augmented protection. The two-factor approach substantially mitigates the risk of unauthorized access to the CRA system, remarked the PFRDA, highlighting that this additional layer fortifies NPS transactions and safeguards the interests of subscribers and stakeholders alike.
New Login Mechanism
As outlined in the PFRDA circular, Aadhaar-based login authentication will be assimilated with the current User ID and Password-based login procedure, facilitating 2-Factor Authentication for CRA system access.
Aadhaar Mapping
According to the PFRDA circular, “User IDs of Nodal offices under the Government Sector (Central/State/CAB/SAB) shall be permitted to log in to the CRA system (CRA & NPSCAN) using 2-Factor Authentication through Aadhaar OTP (One-time password). The Oversight Office (PrAO/DTA) must initially link their Aadhaar with their respective CRA User ID, enabling underlying users to initiate Aadhaar Mapping. Similarly, PAO/DTO must link their Aadhaar with their respective CRA User ID, allowing underlying DDOs to initiate Aadhaar linking.”
Account Lockdown Protocol
Under the new two-factor Aadhaar authentication system, the NPS CRA will restrict access to an account if the user submits an incorrect password for five consecutive attempts, resulting in account lockdown. Nonetheless, users will retain the option to reset their password by providing the answer to the secret question even after account lockdown.
“As a precautionary measure against unauthorized access, the account will be locked following five consecutive incorrect password entries. Users can still reset the password by providing the answer to the secret question even after the account is locked. In the event that the user cannot recall the answer to the secret question and is unsuccessful in resetting the password, the user must submit a request for the reissue of I-Pin,” stipulated the PFRDA circular dated February 20, 2024.
The PFRDA has also mandated all Government Sector offices and Autonomous Bodies to implement the requisite framework for the additional features of Aadhaar-based login and authentication in the CRA system to facilitate all NPS-related operations before April 1.
