Consumer Issues
Aadhaar-linked Digital Wallets: Loophole allows loot by scamsters

While the government is busy patting itself on high enrolment for Aadhaar identities, there seems to be a lack of focus on validation of the database. This is providing fraudsters a quick new opportunity to loot Aadhaar-linked users of new age payment wallets

 

Micro payment systems and digital wallets have proliferated thanks to active support and encouragement from the central government. Most of these tout their simplicity and ease of usage through Aadhaar linked bank accounts that have minimal identification requirements. As is inevitable in India, where financial literacy is abysmal, scamsters are taking advantage of loopholes in digital wallets and lack of verification and authentication in the Aadhaar enrolment process. 
 
A chilling report from a report from Trak.in, describes how five students of engineering from Kolkata were able to siphon off Rs8.6 crore using a simple loophole in one of the digital wallets launched by a private bank. "Last December, one of the prominent private banks launched their own digital wallets, and enabled wallet-to-wallet cash transfer facility for their customers. However, the bank was not aware of a security loophole in this whole process. In case the recipient’s Internet connection is switched off, then the money is not debited from the sender’s bank account; but the bank pays the money. This major security flaw was caught by an engineering student called Jewel Rana, who formed a gang of five other students, and then started exploiting it for quick cash. Within four months, Rs8.6 crore were robbed from the bank," the report says.
 
What is more shocking in this case is that the gang procured thousands of pre-activated mobile SIM cards that were seeded with the bank accounts. The report says, "From the border district of Murshidabad, Jewel (Rana-the gang leader, who found out the loophole) and his gang were able to get thousands of pre-activated SIM cards, which were used to open 2,000 bank accounts, and which in turn were used to open 18,000 digital wallets. These wallets were then used to siphon off money from the bank. Innocent villagers from the nearby cities were given incentives to open bank account using the fake SIM numbers (seeding the mobile number with their accounts); and these formed the base of the whole scam."
 
Here both the mobile service providers and the bank appear to have clearly failed to follow the know-your-customer (KYC) norms as well as property verification of the customers. One of the reasons for banks could be the usage of Aadhaar number for opening accounts. In fact, for opening a basic Jan Dhan bank account, just a signature of the applicant across her photo before the bank officials is enough. Add to this, an Aadhaar number and there are no questions asked for KYC norms.
 
The possibility of loopholes in digital wallets coupled with bank accounts opened with Aadhaar numbers gives on a golden platter, a huge opportunity to scamsters to siphon off money.
 
According to other report from Trak.in, new breed of online fraudsters are fostering on the vulnerabilities of Aadhaar (as identification tool), and siphoning off the hard earned money via illegal methods. Citing a report from Times of India, it says, "...it was revealed that Hyderabad alone is getting 20 cases a day, related to Aadhaar card frauds. 40%-50% of those who are scammed are not even aware of this new cheating mode."
 
As the investigative officials have discovered, there are two different ways these fraudsters are attacking Aadhaar number holders. "In the first case, a tele-caller will call you up with this script: 'Hello, sir/ madam, the bank has decided to link your Aadhaar number with debit card for better customer service'. Gullible customers will happily provide them with the details they are asking; and very smartly, the fraudsters will extract details of CVV number and expiry dates (which are only known to the customer). Immediately, these fraudsters will generate an OTP, which is received by the victim instantly. Now, the OTP will act as a further trust factor for the victim, especially the ones who have never done OTP based transactions, and they will share that as well. They think that the OTP will be used for linking their bank accounts with Aadhaar number. Once OTP is generated and shared, the fraudsters use various ecommerce portals to purchase as many products as that five to 15 minute window of OTP validation provides. By the time, the victims understand this, his/ her bank account is debited with thousands of rupees. The other way to trick bank customers is to ask their alternate number; and an OTP is sent to that in order to make the victim believe that indeed their bank accounts and Aadhaar number is being linked," the report says.
 
According to the report, Freecharge, Paytm and Oxigen have been using Aadhaar number based verification since past several months.
 
What is more alarming in this situation is there is a huge number of newcomers into banking channel, however, neither the government nor the banks are interested in spreading financial literacy. Add to this, the lack of financial literacy is not limited to poor or illiterate people. According to Standard & Poor's Global Financial Literacy Survey, 76% of Indian adults do not understand key financial concepts including risk diversification, inflation and compound interest. Interestingly, the difference in the level of financial literacy between the richest (26%) and poorest (20%) is only six percentage points. 
 
Having identified a huge problem, it is the duty of the government and its regulators to ensure that people get the best possible protection and redress. Else, the number of fraud cases through new payment instruments and the so-called 'all-in-one' identification proof are bound to grow exponentially.  

User

COMMENTS

Mukesh kamath

1 year ago

Even me taken for a ride... It happens all the time. HDFC bank and ICICI bank keep calling me to ask if i have a loan in their bank. If i say no they change tack and ask why not? Unscrupulous people may get hold of our e-Aadhaar card and create a fake documentation and get loans sanctioned. Banks also don't do enough due diligence.

jaideep shirali

1 year ago

They say a chain is as strong as its weakest link. I am amazed that banks have been so casual on the security aspects of such transactions

Wife of NIA officer Tanzil Ahmad dead

Farzana succumbed to injuries at the intensive care unit of the All India Institute of Medical Sciences (AIIMS) trauma centre at 10.45 a.m.

 

The wife of slain NIA officer Tanzil Ahmad succumbed to her bullet injuries at the AIIMS here on Wednesday -- 10 days after unidentified assailants waylaid the couple and pumped bullets into them in Uttar Pradesh's Bijnor district.
 
Ahmad received 21 bullet injuries in the dastardly attack on April 3, while his wife Farzana Khatoon was shot at four times. The couple was returning from a wedding in Bijnor district post-midnight when they were waylaid and shot.
 
Farzana succumbed to injuries at the intensive care unit of the All India Institute of Medical Sciences (AIIMS) trauma centre here at 10.45 a.m., a National Investigation Agency (NIA) officer said.
 
"She was battling for life following the bullet injuries. Her last rites will be held at Jamia Milia Campus Burial Ground at 6.30 p.m.," the officer added.
 
Farzana was initially admitted to Fortis Hospital in Noida and later shifted to AIIMS.
 
Ahmad, an assistant commandant in the Border Security Force (BSF), was on deputation with the NIA as an inspector since 2010. 
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

Can smartphone apps diagnose illnesses? No, say experts

An Australia-based digital health solution provider recently launched an app called ResApp that claims to diagnose respiratory diseases like pneumonia, croup and asthma with high accuracy through a cough into a smartphone

 

With a barrage of smartphone health apps being launched globally -- claiming to go beyond fitness or calorie checkers and spot mental illnesses or respiratory diseases -- health experts stress that such digital applications can never be a replacement for a qualified, well-trained health service provider.
 
An Australia-based digital health solution provider recently launched an app called ResApp that claims to diagnose respiratory diseases like pneumonia, croup and asthma with high accuracy through a cough into a smartphone.
 
Go to Apple App Store and you will find a plethora of apps claiming to diagnose depression, anxiety, schizophrenia and post-traumatic stress disorder (PTSD). There are nearly 1,500 depression-checking apps out there but according to experts, apps can at best give information or help monitor diet and health parameters but if these claim to diagnose an illness, there are serious medico-legal issues in making such a claim.
 
"Apps may guide a patient to consult an appropriate doctor. However, an app by itself is not adequate to make a diagnosis. Diagnosis of a medical condition is made by detailed history and examination followed by investigations. This expertise is gained after several years of training and a digital app is not a replacement at all," emphasises Dr. Vipul Gupta, head, (neurovascular intervention centre) at Medanta-The Medicity.
 
Gupta is soon going to launch an app called "Stroke and Neurointervention" -- being developed with the non-profit Stroke and Neurovascular Intervention Foundation where he is one of the founder members.
 
The app will provide information to people about stroke awareness, prevention and treatment options. "The app will also have an emergency number to call. It will regularly update doctors about current treatments, latest advances and protocols and provide expert opinion on medical cases," Dr Gupta told IANS.
 
When it comes to health apps, experts say that trust in health care cannot be created by answering merely a set of questions and getting an instant diagnosis as the variables are too high to be included in a single app.
 
The key questions are: Is the app accredited by an agency or has the process been standardised by any council? Have double-blind clinical trials been performed on these apps for approval and do these prepare users for emergency situations? Are the people behind the apps are health care providers or mere IT geeks who wish to monetise their efforts?
 
"There is not enough evidence that such queries have been addressed when it comes to health apps. On the contrary, there is always an agreement clause which the user is made to click prior to use, absolving the app creator of any medical mishaps," Dr Amitabh Parti, unit head (internal medicine) at Fortis Medical research Institute in Gurgaon, told IANS.
 
Dr Parti has come across many such tall claiming apps and found those misleading.
 
"The efficacy of an app need to be subjected to multi-centric clinical trials and need to be assessed in varying clinical settings including individuals with many co-morbidities (more than one disease). We must realise there is no room for a redo in healthcare when it is a human life we are interfering with," emphasises Dr Parti.
 
Dr Rajeev Rathi, cardiologist at Max Super Specialty Hospital in the capital, recently devised and launched an app to help a person find if he or she is suffering from a heart disease or not.
 
"Heart App" seeks answers to a set of seven basic questions which a physician will ask in case of chest discomfort. An analysis of answers indicates the possibility of a heart attack via app which is available in Google Play Store and Apple App Store. But the app limits itself to this and does not claim to go into deeper clinical diagnosis like a doctor will do.
 
Diagnosis in the field of mental health is largely clinical and questionnaires and apps at best can help with screening to help provide suggestions but not diagnosis.
 
"It is important that applications are used for education and screening purpose and not for more and should aid in reaching experts to a larger population and make accessibility easier," elaborates Dr Samir Parikh, director, department of mental health and behavioural sciences, at Fortis Healthcare.
 
According to Dr Aditya Ingle, consultant pathologist at tele-health venture LiveHealth, an app which is associated with a healthcare provider such as pathology labs can store and provide past results to you and your doctor with just a click of a button.
 
"If it can remind to perform certain tests depending on your clinical condition, then such apps will be of great help to the people," Dr Ingle told IANS.
 
According to experts, health startups must get their apps accredited by a certified healthcare agency. "The health ministry must include these and other guidelines prior to permitting such apps to be launched for fear of an adverse event. Remember that the doctor learns by experience and apps earns by experience," stresses Dr Parti.
 
In a recent report in the scientific journal Nature, psychiatrist John Torous who chairs the American Psychiatric Association's Smartphone App Evaluation Task Force, said: "Right now, it [apps] almost feels like the Wild West of health care."
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Magazine
Fiercely independent and pro-consumer information on personal finance
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
MAS: Complete Online Financial Advisory
(Includes Moneylife Magazine and Lion Stockletter)