Amid concerns that cyber fraudsters are stealing biometric information from Aadhaar cards to defraud people of money locked presumably safely in their bank accounts, Rakesh Sharma (name changed), a customer of a reputed private bank and a software developer, has revealed on social media that he has fallen victim to such a fraud and lost Rs 10,000.
“Within last 1 year I haven’t done any AADHAAR based KYC. That transaction details is showing location as BAGACHRA, BENIPUR, MURSHIDABAD, West Bengal,” Sharma Seth wrote on social media. The young professional also wrote that cyber criminals tried to access his bank account repeatedly over the past few days.
“I found out from my friend that best way to prevent this is to lock Biometric in Unique Identification Authority of India (UIDAI) portal. After locking it when I checked Aadhaar Authentication by Biometric history from the last 6 months, I noticed from the last Sunday (17th Sep), there has been multiple successful and failed Authentication of my other Banks (no money has been deducted though due to low balance),” he wrote.
Following the theft, Sharma raised a complaint to the National Payments Corporation Of India (NPCI) and National Cyber Crime Reporting Portal.
A few days ago, amid the swirling allegations of rising Aadhaar frauds Kolkata Police Commissioner Vineet Goyal said these could be prevented only by raising awareness among the people. He urged people to approach the nearest police station or cyber cell within 24 hours if they suspect fraud has been committed against them.
“People must lock their biometric impression by installing the M-Adhaar application,” said the Kolkata Police chief. Another officer of the cyber cell of Kolkata Police told the Indian Express, “A series of recent scams have exposed the vulnerabilities of the Aadhaar Enabled Payment System (AEPS) and how cyber criminals are exploiting loopholes in the system to defraud unsuspecting customers.”
There have been allegations that fraudsters are stealing data and biometric details such as fingerprints from land registry offices on the West Bengal Government’s land records website. Kolkata Police officials have also reportedly confirmed that some of the victims have recently carried out dealings related to properties.
In 2022, Telangana Police had issued advisories amid allegations of misuse of Aadhaars to defraud people.
Aggrieved Sharma raised a few points that appear pertinent in the minds of the common man, who are at risk to such attempts of fraud.
“I haven’t received a single notification from the past authentications from Unique Identification Authority of India (UIDAI). Usually it should block multiple random failure attempts and or atleast send any e-mail or SMS.”
“The bank and National Payments Corporation Of India (NPCI) could have also blocked this transaction provided it is in a unusual time and location completely out of pattern. It’s 2023, how is it allowed to transact without a two-factor authentication?”
“If Government is forcing all financial entities to be linked to AADHAAR, it should take responsibility to safe-guard such critical biometric data. It’s not just a Phone Number or Account Number that I can change, IT’S A BIOMETRIC data including Fingerprints and Iris. Not sure in future how these can be used to commit fraud,” wrote Sharma on LinkedIn.
UIDAI advisory
Incidentally, faced with such abuse of the Aadhaar, last year the Unique Identification Authority of India’s (UIDAI) issued a press release and forbade Aadhaar holders to refrain from sharing photocopies of their cards lest they be misused.
“Unlicensed private entities like hotels or film halls are not permitted to collect or keep copies of Aadhaar card. It is an offence under the Aadhaar Act 2016. If a private entity demands to see your Aadhaar card, or seeks a photocopy of your Aadhaar card, please verify that they have valid User License from the UIDAI,” the release said.
The UIDAI also urged people to use the masked Aadhaar alternative that displays the last four digits of one’s Aadhaar number.
Earlier, the UIDAI authority had emphasised that the mere knowledge of the Aadhaar number could not be used to access the bank account.