The Aadhaar-enabled payments system (AePS) has been prone to frauds, which have robbed many people of their hard earned savings. Here’s how it works:
To withdraw money using AePS, only three inputs are needed- bank name, Aadhaar number seeded in the account, and fingerprint verification. But if you follow safe digital practices, you can avoid these kinds of scams.
1. Unauthorised cash withdrawals from bank accounts
You may have heard of a few instances where people have been tricked into withdrawing their own money from their bank accounts through Aadhaar-enabled payment system (AePS). AePS is an initiative by UIDAI that allows you to carry out point of sale transactions and make ATM withdrawals without the need for OTPs or any other form of authentication.
It’s been reported that cyber criminals are exploiting the AePS system to steal money from innocent people. They use cloned fingerprints to authenticate AePS transactions and access the victim’s funds. This type of fraud is primarily committed by people who work at Aadhaar service centres, and victims are often unaware of the scams until it’s too late.
The government has now taken a proactive step to address the issue of AePS frauds by introducing a new verification process for transactions on BHIM. NPCI has mandated that all acquirer banks require a biometric authentication of business correspondents and agents before they can initiate AePS transactions on their behalf. This will help prevent scammers from using silicone-based fake fingers to syphon off money from unsuspecting victims.
This move should help curb the number of fraudulent AePS transactions, but it’s not a foolproof solution. The best thing you can do to protect yourself from such frauds is to keep a limited amount of money in your savings account, and only use UPI/AEPS for purchases that you can’t make with a credit or debit card. Also, don’t install any apps on your phone that haven’t been downloaded from the official Play Store.
2. Cloned fingerprints
Aadhaar-enabled payments is a bank-led model that allows customers to carry out Point of Sale (PoS) and micro ATM transactions using only their bank name, Aadhaar number, and biometrics captured during enrolment. It eliminates the need for OTPs and other financial information, making it an easy target for cybercriminals.
Several cases of people getting their fingerprints cloned by scammers have been reported. For instance, a gang that operated in Andhra Pradesh’s Kurnool district was accused of taking money from victims by fraudulently cloning their fingerprints. The gang would scan the thumb prints of Aadhaar holders and enhance its quality with photoshop. The cloned thumbprints were then used to withdraw cash from the victim’s Aadhaar-enabled payment transaction.
The Unique Identification Authority of India (UIDAI) has been working to limit the cases of frauds using cloned fingerprints by developing technology that can detect the use of fake fingers. It rolled out an in-house artificial intelligence/machine learning technology that uses a combination of finger minutiae and fingerprint image to check for the liveness of the scanned finger, The Hindu reports.
The payments body also stepped in to prevent these scams by asking acquirer banks to allow interoperable AePS cash withdrawal transactions only after Aadhaar-based biometric authentication of business correspondents and agents. It also asked them to monitor daily to identify and halt any misuse of the AePS system.
3. Aadhaar service centres
Aadhaar service centres are the hubs for any changes, corrections or updates you wish to make in your Aadhaar data. From updating your address to submitting biometric details like your thumbprint or iris scan, you can do it all at these locations. To check if an Aadhaar centre is authentic and working, the Unique Identification Authority of India (UIDAI) maintains a list of active and genuine centres online.
The UIDAI website also has a feature where one can lock their Aadhaar details and ensure that only they have access to them. This will prevent nefarious entities from accessing one’s biometric data, which can be used to commit various crimes including cloning fingerprints and siphoning money from bank accounts.
Keeping your Aadhaar number and details secure is important. This includes never sharing them on social media or with strangers. It’s also advisable to only use your Aadhaar card for establishing identity when necessary, and only share the masked version which hides your full name and other personal details.
Moreover, always use a two-factor authentication system when making payments and only link it to your bank account after verifying the credentials. Lastly, report any suspicious transactions or suspected fraud immediately to the authorities. For added protection, install the mAadhaar app, which can help safeguard your information and enable you to lock your biometric data from any unauthorized access.
4. Identity theft
If you have a bank account, consider yourself auto enrolled in the Aadhaar-enabled payments system (AePS). It allows people to pay and withdraw money using their Aadhaar number, biometrics, and the bank name where their account is opened.
Essentially, it acts as a mini-ATM without requiring OTPs or bank details and eliminates the need for a physical card. The transactions are carried out by business correspondents (BCs) who have access to a Point of Sale (PoS) or Micro ATM machine. It has led to a surge in fraudulent transactions as criminals are able to clone a person’s fingerprint or IRIS using silicon fingerprint devices and then use that information to steal money.
For instance, a senior citizen from a state capital was shocked to find that cash worth Rs 25,000 had been withdrawn from her account through AePS. The senior had two accounts in different banks and linked her Aadhaar with both of them. However, when she went to the bank to close her account, she found that funds had been withdrawn from the account she had not linked her Aadhaar with.
This is because the AePS system takes into account only the bank account that has been linked with the Aadhaar. It doesn’t take into account other accounts that the individual may have or even other devices such as mobile phones which contain the Aadhaar number and other personal details. Hence, it’s important for people to safeguard their Aadhaar numbers and personal information. They can lock their Aadhaar data using the m-Aadhaar app or the UIDAI website.