Essential Compliance Checklist for AePS at Customer Service Points

byPaytm Editorial TeamLast Updated: May 7, 2026
Operating AePS at your customer service point requires strict compliance to ensure secure, reliable financial services. This article provides an essential checklist covering setup, transaction rules, record-keeping, security, and grievance procedures. Adhering to these guidelines protects customers’ sensitive data, safeguards your business, and maintains operational integrity, ensuring you stay updated with regulatory requirements to avoid penalties.

Operating an Aadhaar-Enabled Payment System (AePS) at your customer service point is a vital way to serve your community, but it comes with specific compliance requirements. Following these rules ensures you offer secure and reliable financial services to your customers.

This article will provide you with a clear, actionable checklist to meet all essential AePS compliance responsibilities. You will learn how to protect your customers, safeguard your business, and maintain the integrity of India’s financial system.

Understanding Aadhaar-Enabled Payment System (AePS)

AePS is a payment service allowing bank customers to use their Aadhaar number and biometric authentication for basic banking transactions. This system makes financial services accessible even in remote areas, promoting financial inclusion across India.

Through AePS, customers can perform cash withdrawals, balance enquiries, mini statements, and Aadhaar-to-Aadhaar fund transfers. These services are processed by a business correspondent at a customer service point, eliminating the need for a physical bank branch or debit card.

Adhering to AePS rules is crucial for building trust and ensuring security for both your customers and your business. Compliance protects sensitive customer data and prevents fraudulent activities, safeguarding your operational integrity. According to NPCI (2026), strict adherence to guidelines is foundational for the continued growth of digital payments.

Common AePS services you can offer:

  • Cash Withdrawal
  • Balance Enquiry
  • Mini Statement
  • Aadhaar to Aadhaar Fund Transfer

Quick Context: Role of AePS

AePS significantly expands banking access, especially for underserved populations, by using Aadhaar for secure authentication. It empowers individuals to manage their finances locally, bridging the gap between rural communities and formal banking channels.

Getting Ready for AePS: Your Setup Checklist

Before offering AePS services, you must ensure your customer service point is properly equipped and secure. This includes using only biometric devices that are approved and certified by the relevant authorities. Regularly check that all your software is updated to the latest versions to protect against security threats.

Your computer systems and network connections must also be secure, protected by up-to-date antivirus software and firewalls. This robust digital security infrastructure is essential to prevent unauthorised access and data breaches. According to RBI guidelines (2026), all systems handling sensitive financial data must meet specified security standards.

Transparency is key, so you should clearly display notices at your customer service point for customers. These notices must inform them about the types of AePS services offered and any applicable service charges. Additionally, daily transaction limits and the customer helpline number for complaints or queries should be prominently visible.

Your physical location also requires security measures to protect both staff and customers. Installing CCTV cameras to monitor transactions and deter suspicious activities is a recommended practice. Ensure your staff are well-trained in security procedures and know how to handle cash safely and discreetly.

Common Confusion: Certified Devices

Misconception: Any biometric device works for AePS. Correction: Only STQC-certified biometric devices are compliant and approved for AePS transactions, ensuring data integrity and security.

Serving Customers: The AePS Transaction Rules

For every AePS transaction, you must correctly verify the customer’s identity to prevent fraud. This involves asking for their Aadhaar number and then using the biometric device to match their fingerprint or iris scan with the information linked to their Aadhaar. This two-step verification process ensures that only the rightful account holder can access their funds.

Before starting any transaction, you should clearly explain each step to the customer. This helps them understand what is happening and builds their confidence in your service. Make sure they clearly know the amount involved and the purpose of the transaction.

It is absolutely essential to get the customer’s explicit consent before processing any transaction. This means they must agree to the transaction details, including the amount, before they provide their biometric authentication.

Never proceed without their clear understanding and agreement. Vimala, a startup founder, always ensures her customers verbally confirm the transaction details before proceeding.

After every successful AePS transaction, you must provide the customer with a proper transaction receipt. This receipt should include details such as the transaction ID, date, time, amount, and the type of service performed. This serves as proof of the transaction for the customer and for your internal records.

Pro Tip: Clear Communication

Actionable tip: Before any transaction, verbally confirm the service type, amount, and any charges with the customer. Have them acknowledge understanding before proceeding with biometric authentication.

Step 1: Request customer’s Aadhaar number and confirm their desired service.

Step 2: Explain the transaction steps, including the amount and any applicable charges.

Step 3: Obtain explicit customer consent for the transaction details.

Step 4: Capture the customer’s biometric authentication using an STQC-certified device.

Step 5: Process the transaction and provide a printed receipt with full details.

How to Transfer Money
1
Request customer’s Aadhaar number
2
Explain the transaction steps
3
Obtain explicit customer consent
4
Capture the customer’s biometric
5
Process the transaction and
1
Step 1: Request customer’s Aadhaar number

Request customer’s Aadhaar number and confirm their desired service.

Click a step · Hover to preview

Keeping Good Records: Your Documentation Checklist

Maintaining accurate and complete records is a fundamental part of AePS compliance and crucial for accountability. You must keep detailed records of all AePS transactions, including transaction IDs, dates, times, amounts, and transaction outcomes. These records should be stored securely, either digitally with strong encryption or physically in a locked cabinet.

Customer Aadhaar details, though used for authentication, must only be stored in a secure, masked format if absolutely necessary for record-keeping, as per NPCI guidelines (2026). Ensure these records are retained for the period required by regulators, typically several years. This practice aids in dispute resolution and audit trails.

Any complaint received from a customer, no matter how minor, must be meticulously recorded. Document the date of the complaint, the nature of the issue, the customer’s details, and all steps taken to resolve it. This comprehensive record helps in tracking issues, improving service quality, and demonstrates your commitment to customer satisfaction.

Regulators and your partner bank may conduct regular checks or audits of your operations. Having organised and complete records will make these processes smooth and demonstrate your commitment to compliance. Be prepared to present these documents upon request to avoid penalties.

Quick Context: Record Retention

Financial regulators mandate specific periods for retaining transaction records to ensure transparency and provide evidence for audits or disputes. Always follow the longest retention period specified by any applicable authority.

Step 1: Log all transaction details immediately after completion, including ID, date, time, amount, and outcome.

Step 2: Securely store digital records with encryption and physical records in a locked, controlled environment.

Step 3: Maintain a separate, detailed log for all customer complaints, including resolution steps.

Step 4: Regularly back up digital records to an offsite location to prevent data loss.

Step 5: Review and organise records periodically to ensure readiness for compliance audits.

How to Transfer Money
1
Log all transaction details immediately
2
Securely store digital records
3
Maintain a separate
4
Regularly back up digital
5
Review and organise records periodically
1
Step 1: Log all transaction details immediately

Log all transaction details immediately after completion, including ID, date, time, amount, and outcome.

Click a step · Hover to preview

Protecting Everyone: Security and Privacy Rules

You must treat customer Aadhaar numbers and biometric information with the highest level of care. This sensitive data should never be stored on your local systems or shared with anyone after the transaction is complete. It is used only for real-time authentication during a transaction and then securely discarded from your temporary memory.

Ensure your systems are designed to prevent any data leakage, employing encryption for data in transit and at rest. Implement robust security measures for all your digital systems, including using strong, unique passwords for all accounts. Regularly update security software and be vigilant against phishing attempts or malware.

Regularly back up your data to prevent loss in case of a system failure or cyber-attack. Always adhere to the data protection guidelines issued by the government and financial regulators. This means ensuring that all customer information is handled legally, fairly, and transparently, respecting their privacy rights at all times.

Common Confusion: Biometric Data Storage

Misconception: You need to store customer fingerprints for faster future transactions. Correction: Biometric data is used only for real-time authentication with UIDAI and must never be stored locally on your systems.

  • Implement strong, unique passwords for all system access.
  • Regularly update all operating systems, applications, and antivirus software.
  • Use firewalls and intrusion detection systems to protect your network.
  • Encrypt all data, both when it is being sent and when it is stored.
  • Train staff on identifying and reporting phishing attempts and social engineering tactics.
  • Conduct regular security audits and vulnerability assessments.

Handling Problems: Your Grievance Checklist

Even with the best practices, problems can sometimes arise, and having a clear process for handling complaints is vital. Establish a clear, easy-to-understand process for customers to raise complaints, ensuring it is prominently displayed. Your staff should be trained to listen carefully, empathise, and try to resolve issues at the first point of contact.

Aim to resolve complaints fairly and as quickly as possible, keeping the customer informed throughout the process. If a complaint cannot be resolved at your customer service point, you must have a clear escalation process. This means knowing exactly who to contact at your partner bank or the relevant regulatory body, such as NPCI, to get further assistance.

Provide the customer with the necessary contact details for these higher authorities, ensuring they know the next steps. Maintain a detailed log of every complaint, including how it was handled, the steps taken, and the final resolution. This record is essential for internal review, audit purposes, and for learning from past issues to prevent future ones.

Pro Tip: Complaint Resolution

Actionable tip: Empower your front-line staff with basic troubleshooting steps and clear escalation paths to resolve customer issues efficiently and maintain trust.

Step 1: Receive the customer complaint and log all relevant details immediately.

Step 2: Attempt to resolve the complaint at your customer service point promptly and fairly.

Step 3: If unresolved, escalate the issue to your partner bank or NPCI as per established protocols.

Step 4: Provide the customer with the escalation contact details and a complaint reference number.

Step 5: Document the entire resolution process, including the final outcome and customer feedback.

Essential Compliance Checklist for AePS at Customer Service Points — Steps
1
Receive the customer complaint
2
Attempt to resolve the
3
If unresolved
4
Provide the customer with
5
Document the entire resolution process
1
Step 1: Receive the customer complaint

Receive the customer complaint and log all relevant details immediately.

Click a step · Hover to preview

Staying Updated: Ongoing Compliance Responsibilities

The rules and technologies surrounding AePS can change, making regular staff training crucial. Therefore, it is essential to provide regular training to all your staff members who handle AePS transactions. This ensures they are always up-to-date with the latest procedures, security protocols, and compliance requirements.

Stay informed about any new guidelines, circulars, or updates issued by the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI). These bodies regularly review and update regulations to enhance security and efficiency. You must promptly implement any changes to your operations to remain compliant.

It is important to understand the serious consequences of non-compliance with AePS rules. Failing to follow these guidelines can lead to severe penalties, including hefty fines and the suspension of your services. It can also result in the permanent loss of your authorisation to offer AePS, severely damaging your reputation and customer trust.

Quick Context: Regulatory Landscape

The Indian digital payments landscape is dynamic, with RBI and NPCI continuously issuing updates to ensure security, efficiency, and consumer protection. Regular monitoring of their official communications is non-negotiable for compliance.

Conclusion

By diligently adhering to this essential AePS compliance checklist, you safeguard your operations and build unwavering trust with every customer at your service points. Following these guidelines ensures not only regulatory compliance but also a secure, efficient, and reliable transaction experience for all.

FAQs

How do I start offering AePS services at my customer service point?

To begin offering AePS services, you need to follow a comprehensive setup checklist. This involves ensuring your customer service point is properly equipped and secure. You must use only biometric devices that are approved and STQC-certified, and regularly update all software to the latest versions. Your computer systems and network connections require robust digital security, including up-to-date antivirus software and firewalls, as per RBI guidelines (2026). For instance, a small shop in a rural Indian village setting up AePS must invest in an STQC-certified fingerprint scanner and ensure their internet connection is secure with a firewall. Clearly display notices about services offered, charges, daily limits, and a customer helpline number.

What types of banking transactions can customers perform using AePS at my service point?

Customers can perform several basic banking transactions using AePS at your service point. AePS enables bank customers to access essential financial services by using their Aadhaar number and biometric authentication. This system is designed to promote financial inclusion, especially in remote areas where traditional banking infrastructure is limited. Common services include cash withdrawals, balance enquiries, mini statements, and Aadhaar-to-Aadhaar fund transfers. For example, a farmer in Uttar Pradesh can check their account balance or withdraw cash without needing a debit card or visiting a bank branch. Clearly display a list of all available AePS services at your customer service point to inform customers and manage their expectations.

Can I store customer Aadhaar or biometric data on my system for faster future AePS transactions?

No, you absolutely must not store customer Aadhaar numbers or biometric information on your local systems. This sensitive data is only to be used for real-time authentication with UIDAI during a transaction and must be securely discarded from your temporary memory immediately afterwards. Storing such data locally is a serious breach of privacy and security protocols, and goes against NPCI guidelines (2026). Imagine a customer in Chennai completing an AePS withdrawal; their fingerprint data is used once for that specific transaction and then purged, never saved on the service point's computer. Ensure your systems are designed to prevent any data leakage, employing encryption for data in transit and at rest, and regularly train staff on this critical privacy rule.

Why is it critical to use only STQC-certified biometric devices for AePS transactions?

It is absolutely critical to use only STQC-certified biometric devices for AePS transactions to ensure data integrity, security, and compliance. STQC certification guarantees that the device meets stringent quality and security standards set by UIDAI. Non-certified devices may be susceptible to tampering, inaccurate readings, or security vulnerabilities, potentially leading to fraudulent transactions or data breaches. This protection is vital for safeguarding sensitive customer information. Using a non-certified device could lead to a situation where a customer's fingerprint is misread or compromised, potentially allowing unauthorised access to their bank account, which is a major concern for rural customers in Karnataka. Always verify the STQC certification of any biometric device before purchase and periodically check for updated compliance requirements from UIDAI or NPCI.

What are the main differences between managing digital and physical records for AePS compliance?

Both digital and physical records are crucial for AePS compliance, but they differ significantly in their storage, security, and management requirements. Digital records, such as transaction logs, offer ease of backup, searchability, and can be stored offsite, but require strong encryption, firewalls, and regular software updates to prevent cyber-attacks. Physical records, like printed receipts or complaint registers, need secure, locked storage to prevent theft or damage, but are less susceptible to cyber threats. Regulators mandate retention for specific periods for both. A service point in Delhi might keep digital transaction logs encrypted on a server, while customer complaint forms are stored in a locked cabinet. Implement a hybrid record-keeping strategy: encrypt digital records and back them up regularly, while securing physical documents in a controlled environment, ensuring both meet regulatory retention periods.

Is it safe to operate an AePS customer service point, and what are the key security measures I should implement?

Yes, operating an AePS customer service point can be very safe, provided you diligently implement robust security measures and adhere to all compliance guidelines. Key measures include using only STQC-certified biometric devices, securing all computer systems and networks with up-to-date antivirus software and firewalls, and never storing sensitive customer Aadhaar or biometric data. Physical security, such as CCTV cameras and safe cash handling, is also crucial. These combined efforts protect against fraud and data breaches. A service point in Ahmedabad would protect its digital systems with strong passwords and encryption, while also having CCTV to monitor cash transactions and deter suspicious activity. Conduct regular security audits, provide ongoing staff training on security protocols, and stay informed about the latest security directives from RBI and NPCI to maintain a secure environment.

What should I do if a customer complains about an AePS transaction at my service point?

You must have a clear and efficient process for handling customer complaints to maintain trust and compliance. First, listen carefully and log all details of the complaint immediately, including the date, nature of the issue, and customer information. Attempt to resolve the issue fairly and promptly at your service point. If you cannot resolve it, you must escalate the complaint to your partner bank or the relevant regulatory body, such as NPCI, providing the customer with their contact details and a reference number. If a customer in Pune reports a failed cash withdrawal despite a debit alert, log it, attempt to troubleshoot, and if needed, escalate to your partner bank, giving the customer the bank's helpline number. Empower your front-line staff with basic troubleshooting steps and clear escalation paths, and maintain a detailed log of every complaint and its resolution for internal review and audit purposes.

How can I ensure my staff are always compliant with the latest AePS regulations and security protocols?

Ensuring ongoing staff compliance with AePS regulations and security protocols requires a commitment to continuous training and staying informed. You must provide regular training sessions to all staff members involved in AePS transactions. This ensures they are up-to-date with the latest operational procedures, security measures, data privacy rules, and grievance handling processes. Additionally, actively monitor and implement new guidelines or circulars issued by the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) as soon as they are released. A service point manager in Chennai could schedule monthly refreshers on new NPCI circulars and conduct mock scenarios for handling sensitive data or customer complaints. Create a system for distributing and confirming understanding of new regulatory updates, and conduct periodic internal audits to assess staff adherence to compliance standards.

Author

Paytm Editorial Team

The Paytm Editorial Team is a collaborative group of writers, editors, and industry experts. We're dedicated to bringing you the latest insights, news, and guides on digital payments, financial services, and the technology that's shaping India's economy. We offer easy-to-follow guides and insights to help you explore Paytm’s products, features, and services. Our goal is to provide clear, reliable, and helpful information to empower you on your financial journey.

something

You May Also Like