Five customer accounts belonging to Andhra Bank and Syndicate Bank were subjected to fraudulent withdrawals using the customer’s Aadhaar data, government data indicated.
Four of the five Aadhaar fraud cases took place in Andhra Bank, while the remaining one took place in Syndicate bank.
The four account holders of Andhra Bank lost a total of 4.2 lakh rupees, while the Syndicate bank customer lost Rs 1.22 lakh.
The amounts were withdrawn from their account by faking the customers’ Aadhaar data. The account holders were subsequently compensated by the banks for their losses.
Aadhaar is India’s single number identification system for all residents, and is similar to the social security number of the US.
The government has, in recent months, introduced Aadhaar Enabled Payment System or AEPS. Using AEPS, anyone can transfer or pay money by pressing their fingerprint against an AEPS terminal or ATM after entering their Aadhaar number.
It was not immediately clear how the system was ‘hacked’, but likely methods include making a fake ‘finger cover’ with the victim’s finger prints.
A criminal can wear the fake skin over his or her finger and use it to authenticate a money transfer transaction after entering the victim’s Aadhaar number.
The technology behind such attacks is not very new, and there are even videos on the topic on the Internet.
A second, less-likely method is to hack the fingerprint terminal and send non-genuine data onward for verification.
The Aadhaar system, administered by the Unique Identification Authority of India, works by using fingerpints and iris scans to authenticate users.
In most cases, such as payments using the AEPS, only a single fingerprint is used.
However, iris scans can also be faked by using contact lens that mimic the characteristics of the victim’s eye.
Privacy advocates have expressed concerns about the potential for hacking or misuse of the Aadhaar database.
While some have warned about mimicking of fingerprints and iris-scans, others have expressed worries that hackers may gain access to the central database and substitute their data in place of genuine records.
This would then help hackers to successfully authenticate as other people using their own fingerprints and eye scans.
One of the easiest ways to prevent others from misusing Aadhaar data is to keep one’s unique number private, and not share it unnecessarily.