Previously, we discussed the revolutionary system that empowers rural India’s unbanked and underbanked population – the Aadhaar Enabled Payment System (AePS).
While AePS and the use of Micro-ATMs and BCs have shown tremendous promise, some challenges remain on the path to complete financial inclusion. Technological awareness, infrastructure and connectivity, and security concerns are among the top challenges.
And in this post, we will focus on what are the security concerns related to AePS? What are the data leaks and scams we were mumbling about in our previous post? Can these data leaks and scams affect you? If yes, how to protect yourself? Let’s discuss.
Estimated read time: 3 minutes and 19 seconds
Was this blog shared with you? You can subscribe to our personal finance newsletter to receive such insightful articles directly to your inbox!
Buckle up. Here we go!
Did you know in the past few months, AePS has successfully completed over 400 Mn transactions every month? And this number keeps growing.
However, in recent months, transaction failure rates have also gone up between 10% to 15% or even higher. We can trace this sudden increase in transaction failure rates to banks as they set up additional barriers to prevent fraud.
Some banks have made it mandatory for customers to have a mobile number linked to their account for using AePS, and others are not allowing their customers to withdraw funds from BCs of other banks.
But why are these banks adding extra barriers to AePS now? Because of scams. A lot of scams.
AePS related scams
How would you feel when, all of a sudden, your bank balance turns zero, and you don’t receive any message from your bank? Sounds terrible, right?
This happened with a famous YouTuber, Mr Pushpendra Singh’s mother. Her bank account turned zero through Aadhaar-linked payments. The bank passed no information about the transaction to her. The scam got revealed when she went for her passbook update.
Not just this, last year, in Hyderabad, a gang of cybercriminals were arrested for accessing documents from Andhra Pradesh Registration and Stamps Department’s official website to fraudulently withdraw ₹14.64 lakhs from 149 customers.
Authorities seized 2,500 cloned fingerprints, along with pen drives and other gadgets used to run the above scam.
A quick Google search will reveal similar incidents reported in many parts of our country.
But how are these fraudsters able to use AePS to scam people? The most significant explanation is data leaks and privacy breaches.
Aadhaar biometric data leak
With biometric information being the key to AePS transactions, the theft or mishandling of this data could lead to identity theft and fraudulent activities.
And India’s national auditor said earlier that Aadhaar, the national identity database and one of the world’s largest, is not finding and plugging leaks as it should. That leads to rising frauds, hacks, data breaches and other misuses.
Data breaches in Aadhaar have been reported in 2018, 2019, and 2022. But UIDAI has denied that any Aadhaar data was breached. In response to media reports, UIDAI said that Aadhaar data, including biometric information, is fully safe and secure.
We can’t blame the data breaches entirely on UIDAI because it’s not the only location where data can be leaked.
In many places, fraudsters act as BCs and collect biometrics. In the past, they have used silicone to trick Micro-ATM devices into initiating transactions.
And, yes, there is no guarantee that you are safe from these data leaks and breaches.
How to protect yourself from AePS-related security threats?
Now that you understand the risk, let’s explore practical ways to safeguard yourselves from AePS-related security threats.
1. Keep your Aadhaar safe
Do not share your Aadhaar number or biometric data with anyone except authorized personnel at banks or government offices. Even when updating your Aadhaar data, don’t share your data with any random agent in nearby shops. Visit the UIDAI website to check for authentic update centres.
2. Be cautious of phishing attempts
Beware of unsolicited emails, messages or phone calls asking for your Aadhaar details. Always verify the authenticity of such requests before sharing any information.
3. Use strong authentication
Enable two-factor authentication whenever possible, and regularly update your passwords, PINs, mobile number and email ID with Aadhaar and your bank.
4. Monitor your bank statements
Frequently review your bank statements and transaction history for any suspicious activity. Report discrepancies or unauthorized transactions immediately to your bank.
Also, you are entitled to zero liability when you notify the bank about any unauthorized transaction within three working days of receiving a communication from the bank.
5. Enable Aadhaar biometric lock
You can lock your Aadhaar biometrics through the UIDAI website or MyAadhaar mobile apps. This helps in preventing unauthorized access to your biometric data. When required, you can unlock the biometrics for some time.
Remember to share these insights with your buddies.
Still Curious?
If you are like us, who likes to analyse a little more or check out content in different formats, well you are in luck. Below you can find some suitable content we found.
MoneyLife – Fraud Alert: Beware of Aadhaar-enabled Payment System Frauds and Fake Apps
The Hindu – Explained | Gaps in Aadhaar-enabled Payment System (AePS) abused by cybercriminals
Economic Times – AePS users in a fix as banks set up guardrails to reduce fraud
Note: We don’t have any affiliation with them. We are sharing links only for educational purposes. The opinions expressed by them belong solely to them and do not reflect the views of Vrid.