Ever since the Unique Identification Authority of India (UIDAI) created Aadhaar as a unique biometric identity for residents of India, it has dismissed all doubts and queries by being in permanent 'denial mode'. Moneylife has been reporting, analysing and highlighting issues with Aadhaar through hundreds of articles, even before its formal launch as the brainchild of tech-czar Nandan Nilekani. But, supported by both the United Progressive Alliance (UPA) and then through the about-turn on the issue by the National Democratic Alliance (NDA), Aadhaar continues to march on with some patchwork course corrections and band-aid protection offered to hapless Indians who have been forced to acquire the identification.
Every day, there are reports about police arresting one or the other gang for crimes committed using the Aadhaar information of individuals. In most cases, the criminals have successfully created rubber or silicone fingerprints of the original Aadhaar-holder to withdraw money from bank accounts linked with the 12-digit number.
You may be shocked to learn that misuse of Aadhaar is not merely affecting individuals; banks
and the tax authorities have also fallen prey to Aadhaar fraud.
Aadhaar Rampage Continues
The Uttar Pradesh (UP) police, in coordination with the cyber cell department, has busted an inter-state cybercriminal gang from the Bhadohi district and recovered 194 'thumb clones' from their possession. These thumb clones were tagged with the Aadhaar number and account number of many bank customers.
UP police arrested Rishi Raj Singh from Saraon in Prayagraj and Rohit Kumar from Mau, who are alleged members of an inter-state gang of cybercriminals, says a report from News18
Rajesh Bharti, additional superintendent of police (SP), told the portal that the duo had been found cloning thumb impressions from sale deeds available on various websites and siphoning money from bank accounts linked with Aadhaar numbers through point of sale (PoS) machines. "It was also found that the fraudsters withdrew money by forging biometric thumb impressions and abusing the Aadhaar-enabled payment system (AePS). They copy thumb impressions on butter paper from various websites to create duplicate silicon thumbs," Mr Bharti says.
According to the records, more than 6,000 cyber fraud cases have been registered so far in UP. "Cases of Aadhaar-enabled payment system -AePS are on the rise. It has been observed that people, especially in the rural pockets, are soft targets to these cyber 'thug' gangs, who make clones of the thumb impressions of the target to make withdrawals from their accounts using AePS. There are more than 100 such cases that have been reported from Uttar Pradesh. We often carry out random checks of the 'Jan Suvidha Kendra' and create awareness programmes in the rural pockets to create awareness among the people," Dr Triveni Singh, SP, cybercrime, told News18.
AePS enables a person to withdraw money from their bank account using a local business correspondent anywhere in the country, and this also makes it easy to cheat people.
The over-dependence on a flawed Aadhaar system continues to cause difficulties for people. In March, even the national cybercrime reporting portal of the Union ministry of home affairs (MHA) warned about online financial fraud using the AePS without needing a one-time passcode (OTP).
As if frauds related to AePS were not enough, criminals have used the Aadhaar data of unsuspecting people to fraudulently obtain goods and service tax (GST) registrations in their name. Investigators have found that at least 25% of the estimated Rs20,000 crore of fake billing occurred in Gujarat.
A report from Times of India (ToI)
says, Mohammad Tata, the alleged kingpin of another fake billing scam worth Rs739 crore involving Madhav Copper Ltd, has been shifted from Sabarmati jail in Ahmedabad to Bhavnagar, to probe his involvement in the Aadhaar-GST fake billing scam. "This adds credence to the claims of top state GST (SGST) officials who say Bhavnagar was the epicentre of major bogus billing scams taking place across the state and across the country."
"The investigators made a breakthrough after detecting a new modus operandi: fudging Aadhaar data to obtain permanent account number (PAN) cards and GST registrations. GST registrations obtained using fudged Aadhaar data have been found in all major states," a source told the newspaper.
So far, at least 24 persons have been arrested in connection with the case.
Over the years, Moneylife
has constantly been highlighting risks associated with Aadhaar-based payment solutions and how they can be used to propagate money laundering—make money transfers unauditable, propagate money laundering and financial fraud. (Read: How Aadhaar linkage can destroy banks
According to privacy researcher V Anand, biometrics are easy to fool and have several examples, but no one seems to have cared. "We can finally see ghost loans, ghost bank accounts and chimaeras with different fingerprints, iris scans and photographs in action."
Commenting on the Aadhaar-GST fraud, he says it appears to be a job of scammers who invented the 'fraud stack', an innovative and shadow stake, which is a mirror image of the 'India Stack'.
According to the ToI report, the Indian Cyber Crime Coordination Centre (I4C) — the MHA's nodal agency to tackle matters related to cybercrime — asked the state and Union territories (UT) governments to direct their revenue and registration departments to 'mask' fingerprints on documents while uploading them on the registry websites. I4C says cybercriminals are 'cloning' the biometric data of Aadhaar users uploaded on states' registry websites that host sale deeds and agreements, intending to carry out unauthorised withdrawals through AePS.
This brings us to the main question: How will an individual Aadhaar holder protect him/ herself from such frauds taking place without their knowledge? You can't. Because there is simply no system that can help you find out how many places your Aadhaar has been used (with or without your knowledge).
While there is no solution to the misuse of your Aadhaar number by criminals, with or without your knowledge, you can follow a few steps to lock the 12-digit number to prevent its misuse.
How Do you Protect Aadhaar from Misuse?
1. Never share your 12-digit Aadhaar number or 16-digit virtual Aadhaar number with any unknown or unauthorised entity.
2. Never share a copy of your Aadhaar with anyone without mentioning the purpose and date written on it (it can be done while self-attesting the photocopy)
3. Lock your Aadhaar (you will have to visit https://myaadhaar.uidai.gov.in/lock-unlock-aadhaar and first create a 16-digit virtual ID before locking/ unlocking your Aadhaar number)
4. Register your mobile number or email ID with UIDAI, if not already done (this will help you to receive an alert in case someone uses your Aadhaar for identification purposes and is trying to verify it).
5. For making changes in your demographic details like name, address, date of birth, gender, mobile number, and email, visit only an authorised Aadhaar enrolment centre.
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in
or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.