India envisages additional measures against growing Aadhaar-enabled payments fraud

The Reserve Bank of India (RBI) is planning additional fraud risk management measures after the Ministry of Home Affairs (MHA) warned recently that Aadhaar-enabled Payment System (AePS) fraud via cloned fingerprints has taken a dangerous upward tick.

In an exchange with Parliament’s standing committee on communications and information technology recently, the ministry said fraudsters were using “dummy fingers or rubber fingers” to illegally withdraw money from AePS accounts, according to Hindustan Times.

AePS is a payments system getting increasingly popular in India especially in rural settings. It allows users to access their bank accounts using their Aadhaar biometrics, but without two-factor authentication.

The ministry assured that in collaboration with authorities of Aadhaar and those of the National Payments Corporation of India (NPCI), steps were being taken to ensure that the phenomenon sees a drop.

The explanation to lawmakers comes after the parliamentary committee had sought information from the Ministry of Electronics and Information Technology (MeitY) on any possible Aadhaar data leakages on the AePS and response measures that had been put in place, if any.

The committee was reminded of the Unique Identification Authority of India (UIDAI’s) assurances in the past that no data in the Central Identities Data Repository (CIDR) had been compromised, and that as part of efforts to curb fingerprint cloning fraud on AePS, banks and other financial institutions had been called upon to implement firmer requirements for onboarding Business Correspondent agents. The UIDAI has also committed to introducing biometric liveness detection to AePS to reduce fraud, but its lack was clearly demonstrated by a series of incidents reported late last year.

Per Hindustan Times, the parliamentary committee also quizzed MeitY over reports that the biometric data of more than 800 million Indians was in a compromising situation, a report the UIDAI denied saying the source of the said data is not linked to the Aadhaar database. However, MeitY said an incident analysis process was underway in collaboration with other concerned parties, apparently to shed more light on the situation.

RBI to tighten onboarding measures relating to AePS

As a way of tackling the fraud problem, India’s central bank has come up with a proposal to revise the onboarding process for Aadhaar service providers, Economic Times of India reports.

The RBI is quoted as saying in a regulatory policy statement from its Monetary Policy Committee released recently that the additional measures, to be announced shortly, will include “streamlining the onboarding process, including mandatory due diligence, for AePS touchpoint operators.”

It is important to ensure the safety of the system given its growing popularity in rural areas of India, RBI deputy Governor T Rabi Sankar said.

In a similar vein, the RBI is also looking at using an authenticator app as a replacement for OTPs currently used for AePS authentication. This proposed authentication system will still require the use of a smartphone, writes Economic Times of India in another article.

Some stakeholders in the banking sector have hailed the RBI’s move to introduce additional safety and security measures for AePS service onboarding.

In the face of the rising AePS fraud, authorities have been pushing for the use of fingerprint liveness detection systems for payments authentication.

Article Topics

Aadhaar  |  biometric authentication  |  biometric payments  |  fraud prevention  |  India  |  India Stack