Indian SIM vendor fraud busted by Aadhaar security as virtual ID support goes live
A vendor in Hyderabad has been arrested for fraudulently activating SIM cards through Aadhaar’s eKYC system after the activity was identified and traced by the system’s internal security mechanisms, the Unique Identification Authority of India (UIDAI) said, as reported by ETCIO.
The UIDAI was contacted by Aadhaar holders who had been provided automatic notification through email or other means that their credentials had been used to activate SIM cards. The citizens complained that they had not provided authentication for the SIM cards, allowing UIDAI to trace the offender “within few hours” and have him arrested, according to a statement by the UIDAI.
“Aadhaar not only prevents frauds but in case where frauds are attempted, it is able to trace such activities quickly and bring the culprits to the book,” the UIDAI said.
The UIDAI has previously come under fire for perceived gaps in Aadhaar’s privacy and security protection.
The arrest comes just ahead of the implementation deadline for the new Aadhaar virtual ID (VID), a 16-digit alternative that consumers can use to providing their Aadhaar number for SIM registration and other services. NDTV reports that the UIDAI has declared the VID system operational, and informed authentication user agencies (AUAs) that they have one month to implement the new system without incurring financial penalties.
Telecom companies will be charged 20 paise (US$0.0029) per transaction made with APIs prior to version 2.5, which introduces VID support, unless they upgrade to API 2.5 and eKYC API 2.5 by July 31. Banks and other service providers have until August 31 to migrate to the new APIs. The UIDAI pushed back the original June 1 deadline for AUAs to support VID authentication to give service providers more time, and the Department of Telecommunications recently made clear to mobile connection vendors that the deadline would not be further extended for them.