“UIDAI has apprised that no incident of cloning of Aadhaar data has been reported,” the Minister of State (MoS) for Finance Dr Bhagwat Karad stated in the Parliament on July 31 in response to questions on rising instances of financial frauds associated with the Aadhaar enabled Payment Systems (AePS) across several states. The claim made by UIDAI is in sharp contradiction to the investigation details revealed in the cases related to AePS-frauds reported from Andhra Pradesh, Uttar Pradesh, Madhya Pradesh and Haryana.
Data on AePS-related complaints: In a written response to the Parliament questions, the MoS also informed that the Reserve Bank of India had established an Ombudsman related to AePS under the Reserve Bank Integrated Ombudsman Scheme 2021, which came into effect from November 12, 2021. According to RBI data, 293 complaints were recorded in the period of five months between November 2021 and March 2022. The number of complaints rose to 1,829 between January 2022 to March 2023. The MoS did not provide details on the nature of these complaints.
Incidentally, in March MediaNama had filed an RTI with the Unique Identification Authority of India (UIDAI) asking whether the authority had set up a grievance registration system for complaints regarding AePS transactions and the number of complaints received from January 2022 to March 2023. The UIDAI conveniently chose to leave the questions unanswered.
Article continues below ⬇, you might also want to read:
- India’s ID Authority Cites New ‘Security Mechanism’ When Asked About Aadhaar-Based Payment Frauds
- UIDAI Does Not Wish To Answer Questions About Its New Initiatives On Tackling Aadhaar-Based Payment Frauds
- Parliament Member John Brittas Writes To PM Modi, Flags Concerns About Rising Aadhaar-Enabled Payment Frauds
- Andhra Pradesh: Gang Uses Cloned Aadhaar-Linked Fingerprints To Steal Money From Bank Accounts
- Haryana Police Bust Gang Stealing Money From Bank Accounts Using Aadhaar Enabled Payment System
Questions raised in Lok Sabha: Lok Sabha MPs TN Prathapan, Brijendra Singh, K Muraleedharan, Kumbakudi Sudhakaran, Dr Amar Singh, Anto Antony, Dean Kuriakose, and Dr Mohammad Jawed asked the Ministry of Finance:
- Whether the government has taken note of the increasing cases of online frauds using silicon thumb in Aadhaar-enabled Payment Services (AePS)? If so, the details thereof and the steps taken/ proposed to be taken by the Government to deal with such frauds.
- The total number of cases that have been reported pertaining to cyber frauds related to AePS, particularly in Haryana.
- Whether this is occurring through the process of cloning Aadhaar data and if so, the details thereof.
- Whether the government has a concrete plan to prevent security concerns that arise out of this concern, if so, the details thereof and if not, the reasons therefor?
Why it matters:
Incidences of Aadhaar-Enabled Payment System (AePS) frauds have only increased and in the past two years, a concern often flagged by Parliamentarians as well as the Home Ministry. The UIDAI and the Finance Ministry, however, have failed to publicly acknowledge the recurring instances and to present a detailed plan for addressing the issue. With cursory announcements, the UIDAI undertook two initiatives in 2023 to restrict Aadhaar spoofing attempts, both of which lacked details on how the new system will fix the biometric leaks. The unwillingness to provide details even through RTI responses further indicated a lack of transparency and accountability in the UIDAI’s operations. While the Finance Ministry has cited UIDAI’s denial of incidents wherein Aadhaar-linked fingerprints were cloned, it is worth questioning if the Finance Ministry has assessed the AePS-related complaints received by the RBI in the last one and a half year.
Does the government have a plan to tackle AePS frauds?
In its reply, the MoS for Finance stated that the UIDAI has rolled out an AI-based Finger Minutiae Record-Finger Image Record technology, which can check liveness of a fingerprint and detect a spoofed fingerprint during fingerprint-based Aadhaar authentication. The UIDAI launched the system in February this year at a time when multiple reports of an inter-state gang involved in cloning Aadhaar-linked fingerprints to siphon off money from people’s bank accounts surfaced in the public domain.
Additionally, the Parliament reply also noted that in order to secure AePS transactions the National Payments Corporation of India has developed a Fraud Risk Management (FRM) system, which is said to enable a real-time fraud monitoring solution. “FRM facilitates setting of rules and limits for the entire ecosystem. As the digital transaction platform, including AePS, is a Pan India platform with a facility of ‘anytime anywhere’ banking, the data is captured only at the National level,” the reply stated.
The Finance Ministry did not provide any information on the AePS frauds conducted using silicon thumb fingerprints or cloned biometric data. The reply also does not indicate that the government has a concrete plan to tackle AePS frauds specifically.
STAY ON TOP OF TECH POLICY: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!