Concerns over Aadhaar Data Breach and Frauds Prompt Civil Society Forum to Call for Banking Safeguards
Moneylife Digital Team 03 November 2023
In a recent development that has sent shockwaves through the banking and financial sectors, the Bank Bachao Desh Bachao Manch, a civil society forum, has penned a letter to the Reserve Bank of India (RBI) governor, Shaktikanta Das, expressing serious concerns about the reported Aadhaar data breach and the potential for exponential growth in fraudulent activities across the nation through the Aadhaar enabled payment system (AEPS). 
The forum, whose primary aim is to protect the interests of various stakeholders in the banking system and mobilise public opinion against government plans to privatise banks, has demanded a range of measures to safeguard depositors' interests and protect their hard-earned savings.
This letter follows two previous communications from the forum in September and October voicing concerns about the surge in fraud incidents nationwide. These fraudulent activities involve unscrupulous individuals cloning customers' fingerprints to commit fraud through the AEPS from customer service points.
Recently, media reports have surfaced suggesting that sensitive information of 815mn (million) has allegedly been made available on the dark web, marking a significant data breach. The stolen data includes Aadhaar and passport details, names, phone numbers and temporary and permanent addresses of millions of citizens. While the authenticity of these reports remains in question, the prevalence of numerous fraudulent activities using the AEPS system has raised concerns about the security of funds held in various banks and financial institutions nationwide. Moreover, these incidents have eroded the trust depositors and account-holders have in banks as custodians of their hard-earned money and have raised questions about whether banks are fulfilling their fiduciary responsibilities, the letter says.
The AEPS platform, operated by the National Payment Corporation of India (NCPI), has come under scrutiny for its role in facilitating fraudulent transactions. It's worth noting that the Unique Identification Authority of India (UIDAI) has issued clear instructions that linking Aadhaar numbers to bank accounts is not mandatory and is optional, along with other valid KYC (know-your-customer) documents prescribed by RBI.
Despite the forum's repeated appeals, there has been a notable absence of substantial information on the implementation of security measures by banks and financial institutions to curb these fraudulent activities. 
The Manch, therefore, reiterates its previous recommendations, which, if promptly adopted, could significantly reduce fraud:
Banks should be instructed not to compel customers to submit their Aadhaar during the account opening process, as this is not mandatory, as per existing regulations.
Banks should not discourage customers from delinking their Aadhaar numbers from their accounts but instead facilitate such requests efficiently.
The e-KYC account opening system, directly linked to the submission of Aadhaar details, should be discontinued immediately and banks should return to the standard account opening procedure using alternative KYC documents like voter ID, electricity bill and landline phone.
AEPS cash withdrawal should not be available by default and banks should ensure that customers must explicitly opt for AEPS for this feature to be activated.
Separate flags for AEPS should be enabled for accounts opened at customer service points (CSPs) for customers who require AEPS for cash withdrawals or to access direct benefit transfers (DBT).
Checkpoints should be established at various customer service points to monitor withdrawals and identify potential soft targets where fraudsters could gain access to fingerprints, such as registrar offices, mobile SIM vending outlets and ration shops.
The forum urges the RBI governor to consider these recommendations seriously and to initiate appropriate measures to protect the interests of the common depositors who place their utmost faith in the security and safety of the banking system.
The concerns raised by the Bank Bachao Desh Bachao Manch highlight the critical need for data security and the protection of depositors in India's banking system. It is a call to action for regulatory bodies and financial institutions to prioritise safeguarding customer information and financial assets.
4 months ago
Aadhaar can be blocked to prevent any misuse, apart from VID facility, masked Aadhaar are all security features being overlooked.
The main reason is probably different.People are afraid of getting caught and Aadhaar will "lock all doors of escape" which could wipe out black money quests!
This is a reason why, SSN of the US is not as robust as Aadhaar!
5 months ago
Allow AEPS with explicit permission only.
Free Helpline
Legal Credit