FB pixel

India pushes liveness detection to biometric devices to cut payments fraud

India pushes liveness detection to biometric devices to cut payments fraud
 

The growing wave of fraud perpetrated against the Aadhaar-enabled Payments System (AePS), the widely-used last mile payments platform in India, has prompted responses from government authorities as well as banking institutions that support the service. A software update is being pushed to all fingerprint biometric devices from the Unique Identification Authority of India (UIDAI) to protect against fraud with liveness detection.

The AePS fraud has also pushed the police in the State of West Bengal to urge state services to take measures aimed at protecting the biometric data available on documents on some government websites, according to reports cited by Medianama.

Also, there has been a call on the Indian Cyber Crime Coordination Center (I4C) to ask states to guard against AePS fraud on the websites of their respective Land and Revenue services.

The “Finger Minutiae Record-Finger Image Record” biometric liveness software from the UIDAI was unveiled before India’s Parliament in March, the Economic Times of India reports (subscription required).

The software’s deployment is expected to be completed “very soon,” a bank official told the publication. In the meantime, Economic Times reports that chargeback claims have declined, though a reduced amount of fraud is continuing. The system is intended to improve in effectiveness with continued training as it rolls out.

These actions come after investigations by the police in Kolkota, the West Bengal capital, revealed that fraudsters have been downloading land deeds from property websites and stealing fingerprint biometric data as well as Aadhaar numbers from them. They steal the data once they have access to at least one Application Identification Number (AIN), a number through which genuine users can access digital copies of their land deeds.

Fintechs also told the Economic Times that the lack of audits of AePS agents contributes to the problem.

The stolen biometric information is then used to steal money from bank accounts using the AePS, which is run by the National Payments Corporation of India (NPCI).

Doing a transaction using the AePS only requires the bank name, Aadhaar number and a check of the biometric data linked to the account, but there have been calls for the setting up of a multi-factor authentication system on the platform.

Medianama quotes a researcher, Sourajeet Majumder, who confirmed that his findings showed an Insecure Direct Object References (IDOR) vulnerability on the West Bengal property website. Majumder said the vulnerability was reported to the relevant government officials, who later said they fixed the problem on September 27.

In the past, there have been many reports of fraudsters using cloned Aadhaar fingerprint biometrics to have unauthorized access to people’s bank accounts using the AePS. This has even prompted a petition from a member of parliament, John Brittas, calling on the government to take a closer look at the situation.

The AePS is a widely used payment system in India, with the UIDAI reporting more than 200 million transactions on the platform in April.

Meanwhile, as part of the fight against the rising AePS fraud, some banks offering the service, plan to rely on an AI-driven software which is being updated the by the UIDAI for liveness checks, the Economic Times reports.

The system began rolling out a few months ago following an uptick in fraud complaints.

The outlet cites an unnamed bank official as expressing optimism that chances of using compromised biometrics to steal from the AePS will significantly reduce once the biometric liveness detection feature has been added to the software.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Malaysia’s prime minister loses it with MyDigital ID’s slow progress

Malaysia’s leader has voiced deep frustration with the slow progress in two key national digital initiatives. This week it was…

 

IDVerse acquired by LexisNexis to boost biometric fraud protection

LexisNexis Risk Solutions has struck a deal to acquire IDVerse adding biometric fraud protection to its portfolio of analytics and…

 

Intellicheck to provide identity validation for Accio Data

Intellicheck, Inc. has announced an integration with Accio Data to streamline background screening checks for job applicants. A release from…

 

UK digital age assurance receives support from stakeholders: Reports

UK’s attempts to legalize digital age assurance technology are likely to be successful, according to media reports. In January, the…

 

Ghana unveils biometric border management system, e-gates at main airport

Ghana has upgraded its border management capabilities with the introduction of a biometric-based system to facilitate immigration controls. The launch…

 

Tender for fingerprint scanners from Ukraine cites Thales, Dermalog

Ukraine’s Ministry of Foreign Affairs has issued a Request for Quotation (RFQ) for biometric fingerprint scanners. Tender 4200772976 calls for…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

DIGITAL ID for ALL NEWS

Featured Company

ID for ALL FEATURE REPORTS

BIOMETRICS WHITE PAPERS

BIOMETRICS EVENTS

EXPLAINING BIOMETRICS