Lack of live authentication led to Aadhaar-enabled Payment System fraud in Karnataka
The Hindu
Karnataka reports frauds using Aadhaar numbers & thumb impressions from public domain. Fraudsters used non-live authentication process to draw money from AePS. UIDAI wrote to States in Feb. to switch to live authentication from March 1. Banks warned customers of AePS frauds & asked to lock biometric data. UIDAI, NCPI yet to respond on Karnataka-related issue. Govt. masks first 8 digits of Aadhaar & curtails certified copy to one page. Centre discussed issue with Stamps & Registration Dept. officials.
As Karnataka reported cases of fraudulent financial transactions using Aadhaar numbers and thumb impressions downloaded from the public domain recently, it has now emerged that the transactions took place over the non-live fingerprint authentication that led to multiple frauds in the Aadhaar-enabled Payment System (AePS). This is despite the Unique Identification Authority of India (UIDAI) in February stating that the live authentication will be rolled out from March 1.
While such frauds by Bihar- and Jharkand-based gangs have been reported in several States across the country before, the frauds that came to light recently is the first in Karnataka, and the modus operandi here is also new, the police said. “Fraudsters have used different modus operandi elsewhere in a non-live authentication process. There have been similar cases in the MGNREGA system in other places,” a senior Bengaluru police official said.
The fraudsters used Aadhaar numbers and thumb impressions from the property registration documents that were available in the domain of the Stamps and Registration Department in Karnataka and created 3D images of the fingerprints. They then used them to draw money through non-live fingerprint authentication in Aaadhar-enabled Payment System (AePS). The police said that masking of the first eight digits had been mandated before, but had not been taken seriously.
In February 2023, the Unique Identification Authority of India (UIDAI) wrote to the States about technological solutions against possible spoofing attempts and informed them of its decision to switch over to the new modality of FMR-FIR fingerprint authentication with effect from March 1, 2023. The UIDAI said this would block any attempted non-live fingerprint authentication. In contrast to non-live authentication, in live authentication, the person has to be physically present to authenticate. It also asked removal of the Aaadhar number and thumb impressions from websites.
Sources in the Police Department confirmed that the current fraud had taken place over non-live fingerprint authentication as victims were unaware of the transactions. Though the live authentication process has been rolled out in the country, the UIDAI did not respond to The Hindu’s request to comment on the Karnataka-related issue. While a detailed questionnaire was sent to multiple authorised email IDs in the UIDAI on November 13, followed by a couple of reminders, The Hindu did not receive a response.
In India, about 70 million authentication transactions take place daily and so far over 100 billion authentication transactions have taken place.
Interestingly, weeks after the non-live transaction frauds came to light in Karnataka, a top bank in the country, in a newspaper advertisement warned customers of possible AePS frauds, and asked the customers to lock biometric data on the Aadhaar (UIDAI) website as per usage.
The Opposition Congress demanded that the government open the Gandhi Vatika Museum, depicting Mahatma Gandhi’s legacy and freedom struggle, built at a cost of ₹85 crore in Jaipur’s Central Park last year, during the Congress-led regime in Rajasthan. The museum has not been opened to the public, reportedly because of the administration’s engagements with the State Assembly and Lok Sabha elections.
Almaya Munnettam (Lay People to the Fore), group in the Ernakulam-Angamaly Archdiocese of the Syro-Malabar Church opposed to the synod-recommended Mass, rejected a circular issued by Major Archbishop Raphael Thattil and apostolic administrator Bosco Puthur on June 9 to implement the unified Mass in the archdiocese from July 3.
Pakistan coach Gary Kirsten stated that “not so great decision making” contributed to his side’s defeat to India in the Group-A T20 World Cup clash here on Sunday. The batting unit came apart in the chase, after being well placed at 72 for two. With 48 runs needed from eight overs, Pakistan found a way to panic and lose. “Maybe not so great decision making,” Kirsten said at the post-match press conference, when asked to explain the loss.