Fraud Alert: Aadhaar Menace Also Hitting Banks, Lenders
Yogesh Sapkale | 19 August 2022
Share
0
Since its inception in 2010 as a unique identification (ID) for those (poor) without any identity proof, Aadhaar and its proponents have been working to force its linkage with other ID systems, compromising privacy and mismatch due to variations in spelling and various data points. Fin-tech companies looking for rapid on-boarding of customers have lobbied hard for such linkages. As several experts had warned (and Moneylife has written extensively on this), the dependence on a flawed Aadhaar system causes difficulties in the financial sector too.
One such example is that of HDFC Bank Ltd. During a scrutiny of suspicious bank accounts, HDFC bank discovered that 33 savings accounts were opened with the photographs of just two individuals, while the name in each account was different. The Bank filed a complaint with the IFSO (Intelligence Fusion and Strategic Operations) unit of Delhi police, which busted a gang engaged in creating fake documents, especially Aadhaar cards and opening bank accounts.
The police have arrested Navneet Prajapati and Somnath Prajapati, who ran an Aadhaar updation centre using the ID of some other agent who was actually authorised by the Unique Identification Authority of India (UIDAI).
According to the police, the fraudsters used silicon fingerprints and printouts of the iris scan of the authorised agent to log in to the UIDAI database. "Whenever any illiterate came to them for any Aadhaar updation, Navneet Prajapati captured the biometrics of that person but updated the photograph and address as suitable to him."
After COVID, when everything went online, they started opening bank accounts online, in which the account holder's credentials were verified through the API (application programming interface) integrated with the Aadhaar database.
According to a report from the Times of India, Delhi police plan to approach the court to get details of the agent ID and details of centres being used by the gang from UIDAI.
The police also seized eight 'silicone fingerprints' from the accused, indicating that more than one facility was being used by them to make fake Aadhaar cards. The copy of the fingerprints was made with silicone, rubber, paper and gel. The silicone fingerprint, along with a high-resolution printout of the agent's iris, was used for logging into the centre," the report says.
"They had already updated the photograph and address in the database fraudulently. When the Bank's API verifies the details provided by them, the details match, and the account gets opened without any physical verification or intervention," the official told IANS.
According to privacy researcher V Anand, biometrics are easy to fool and have several examples, but no one seems to have cared. He says, "They (Prajapatis) seem to have mastered quite a few things here. Editing database directly with third-party photographs to defeat video know-your-customer (KYC) and with the permanent account number (PAN) linked to Aadhaar, loans taken then will hit credit score. We can finally see ghost loans, ghost bank accounts and chimaeras with different fingerprints, iris scans and photographs in action."
We can finally see ghost loans, ghost bank accounts and chimeras w/ different finger prints, iris scans and photographs in action.
— V. Anand | ??. ?????? (@iam_anandv) August 15, 2022
Some part of this was covered in the Cyber crime paper we wrote in @DeepStrat_LLP .
What comes next is a multi-decade effort.
#
This brings us to the main issue of the Aadhaar menace that is making lives difficult for many people. As the comptroller and auditor general (CAG) pointed out, a few reasons for this include faulty biometrics and unpaired documents in the UIDAI database. Plus, the success rate of Aadhaar fingerprint authentication transactions remained a cause of dissatisfaction among the users due to biometric authentication failures.
"During 2018-19, more than 73% of the total 3.04 crore biometric updates were voluntary updates done by residents for faulty biometrics after payment of charges. The huge volume of voluntary updates indicated that the quality of data captured to issue initial Aadhaar was not good enough to establish the uniqueness of identity," the CAG says in its performance audit report.
Interestingly, UIDAI and the Union government have been promoting Aadhaar as a unique ID all these years. However, the CAG report discards this as, during the performance audit, it found flaws in the de-duplication process and issue of Aadhaars on faulty biometrics and documents.
Highlighting the generation of multiple Aadhaar numbers, the CAG says, UIDAI's de-duplication process remained vulnerable to generating multiple Aadhaar numbers and manual interventions had to be done to resolve the problem. (Read: Aadhaar Database Continues To Have Faulty Biometrics, Unpaired Documents: CAG)
In February 2020, a report by the NITI Aayog revealed that one in three Aadhaar-based payments for the Pradhan Mantri Matru Vandana Yojana (PMMVY) was credited to wrong bank accounts, which are even untraceable by beneficiaries and field functionaries. (Read: 1 in 3 Aadhaar-based Payments for PM Matru Vandana Yojana Credited to Wrong, Untraceable Bank Accounts, Says NITI Aayog Report)
Over the years, Moneylife has constantly been highlighting risks associated with Aadhaar-based payment solutions and how it can be used to propagate money laundering—make money transfers un-auditable, propagate money laundering and financial fraud. (Read: How Aadhaar linkage can destroy banks). We also pointed out how Jan Dhan accounts, which were opened with a simple Aadhaar number, had deposits as high as Rs93.82 crore! (Read: Rs93.82 Crore Was Deposited in a Single Jan Dhan Account, Reveals RTI)
Later in September 2018, we found out a single account opened in United Bank of India, under the Pradhan Mantri Jan Dhan Yojana (PMJDY), or the 'no frills' or basic savings bank deposit account (BSBDA), had a whopping Rs93.82 crore deposited. This was revealed in a Right to Information (RTI) Act query. (Read: Rs93.82 Crore Was Deposited in a Single Jan Dhan Account, Reveals RTI)
Before guiding about how you can protect your Aadhaar, let me remind you of the nightmare faced by Mumbai-based Ameya Dhapre, whose life has turned upside-down ever since someone posted a copy of his Aadhaar on the web. Scamsters have used Mr Dhapre's Aadhaar number for obtaining SIM cards, opening bank accounts, and even creating seller accounts on e-commerce portals for duping people. Everyday, someone or other lands up at his door seeking 'refund' of his/her money, of which Mr Dhapre had no idea. (Read: Aadhaar Nightmares Coming True. How Ameya Dhapre Is Enduring 'Living Hell' with His Aadhaar: Report)
How do you protect Aadhaar from misuse?
1. Never share your 12-digit Aadhaar number or 16-digit virtual Aadhaar number with any unknown or unauthorised entity.
2. Never share a copy of your Aadhaar with anyone without mentioning the purpose and date written on it (it can be done while self-attesting the photocopy)
3. Lock your Aadhaar (you will have to visit https://myaadhaar.uidai.gov.in/lock-unlock-aadhaar and first create a 16-digit virtual ID before locking/unlocking your Aadhaar number)
4. Register your mobile number or email ID with UIDAI, if not already done (this will help you to receive an alert in case someone uses your Aadhaar for identification purposes and is trying to verify it).
5. For making changes in your demographic details like name, address, date of birth, gender, mobile number, and email, visit only an authorised Aadhaar enrolment centre.
Dear Investor,
In case of any grievance / complaint :
In case of any grievance / complaint :
- Please contact Compliance Officer Pankaj Raheja at [email protected] and Phone No. - 91-22-35131664.
- You may also approach CEO Debashis Basu at email- id [email protected] and Phone No. - 91-22-35131664.