Cybercriminals Continue to Target Aadhaar System, Indian Government Implements Enhanced Security Measures
In recent years, the Aadhaar system in India has faced increasing threats from cybercriminals looking to exploit its vulnerabilities for financial gain. The Aadhaar system is a unique identification program that links individuals to a range of financial services. However, concerns have arisen that hackers may gain unauthorized access to bank accounts and other services if they possess an individual’s Aadhaar number.
Despite these concerns, experts have reassured the public that it is not possible to hack into a bank account and withdraw funds simply by knowing someone’s Aadhaar number. Strong security protocols implemented by banks and the Unique Identification Authority of India (UIDAI) make it extremely difficult for cybercriminals to carry out such attacks.
However, recent reports have highlighted instances where cybercriminals were able to copy fingerprints from property registrar documents and use the Aadhaar-enabled payment system (AePS) to withdraw large sums of money from victims’ bank accounts. This incident occurred in December 2022 when the Tehsil office at Palwal, south Haryana, became the target of cybercriminals seeking Aadhaar numbers and fingerprints.
In response to these incidents, the Indian government has taken immediate action to enhance security measures related to the Aadhaar system. Dr. Bhagawat Karad, the Minister of State in the Ministry of Finance, addressed this issue in a reply to a question in Lok Sabha on July 31, 2023. He stated that the UIDAI has introduced an Artificial Intelligence/Machine Learning technology-based Finger Minutiae Record – Finger Image Record (FMR-FIR) modality to prevent AePS frauds.
The FMR-FIR technology works by authenticating all AePS transactions using biometrics linked to Aadhaar. This includes the use of fingerprints, face ID, and iris scanners. By combining finger minutiae and finger images, the technology ensures the liveness of the captured fingerprint, thereby preventing fraudsters from creating fake fingerprints using silicone.
Additionally, the National Payments Corporation of India (NPCI) has recently introduced another security protocol called Fraud Risk Management (FRM). This real-time fraud monitoring solution is provided to banks free of cost and allows them to set rules and limits for the entire AePS ecosystem. These measures aim to strengthen the security and integrity of the Aadhaar system, protecting individuals from unauthorized access and fraud.
To ensure the utmost privacy and confidentiality of residents’ biometrics, Aadhaar number holders who have registered their mobile numbers can now lock their biometric information. This feature prevents authentication attempts using locked biometrics, displaying an error code on the authentication device. To unlock the biometric information, individuals can visit the UIDAI website, enrolment centers, Aadhaar Seva Kendra (ASK), or unlock it through the m-Aadhaar mobile application.
It is worth noting that individuals must have their mobile numbers registered with Aadhaar to use this biometric locking service. If the mobile number is not updated with Aadhaar, they will need to visit the nearest Aadhaar enrolment center.
While the government has implemented stronger security measures, it is essential for individuals to remain vigilant and take precautions to protect their personal information. It is advised never to share OTPs or use biometric authentication on unauthorized devices or scanners. By practicing good cyber hygiene and staying informed about the latest security protocols, individuals can safeguard their financial assets and personal data.
In conclusion, the Indian government’s swift response to cybercriminal activities targeting the Aadhaar system demonstrates their commitment to securing the financial well-being and privacy of individuals. The introduction of technologies like FMR-FIR and the implementation of the FRM system by NPCI are significant steps toward countering cyber threats. By working collaboratively with banks, the UIDAI, and citizens, India aims to foster a safe and secure digital ecosystem for all.
