Cybercriminals take advantage of gaps in the Aadhaar-enabled Payment System (AePS)

  • Scammers are operating biometric POS machines and ATMs with silicone thumbs, emptying victims’ bank accounts.
  • There have been reports of Aadhaar-linked fingerprint abuse and unauthorised withdrawals.
  • AePS data breaches have been reported, although UIDAI denies that Aadhaar data has been compromised.
  • Information Breach: Criminals can gain Aadhaar numbers through photocopies and soft copies and utilise Aadhaar-enabled payment systems to compromise user data.

Securing Aadhaar

  • Regulation: The UIDAI has proposed restrictions to ban the unredacted sharing of Aadhaar details.
  • New two-factor authentication: For fingerprint liveness, this combines finger minutiae and image capture.
  • Aadhaar can be locked online via the UIDAI website or the myAadhaar app. Locking generates a 16-digit VID code, which is required for unlocking.
  • Customers are entitled to zero liability if unauthorised transactions are notified to the bank within three working days.

Way ahead

  • If suspect behaviour is detected, immediately lock Aadhaar biometric information.
  • Inform banks and authorities as soon as possible so that relevant actions can be taken.
  • Timely notification ensures that money transferred fraudulently can be returned.
  • Check bank accounts on a regular basis for any unusual activity and instantly notify the banking institution.
And get notified everytime we publish a new blog post.