Until a few years ago, online scamsters had to hire 'experts' to make fake identity cards for a fee. But making a bogus Aadhaar or PAN card is just a mouse click away. Any person with some basic knowledge of the dark web can easily prepare a fake identity card for anybody using some websites and applications. The soft copy of the ID card can be printed and used practically for any purpose, says a report.
In the report, quoting an official from a cybercrime cell,
Times of India (ToI) says, "One such website has recorded over 10 lakh downloads of Aadhaar and PAN card templates in the last couple of years, and many of them were done from Gujarat."
All these bogus cards are used for committing crimes, including bank loan fraud and online cheating. It happens because there is no real-time verification or authentication of the ID proof submitted by anyone. This is the harsh reality of Aadhaar, which is now mandatorily being linked with the PAN card.
According to a
November 2022 report from The Hindu, fraudsters from Vishakhapatnam created an Aadhaar using all original details, except the photo, matching with the database of Unique Identification Authority of India (UIDAI) to record a land registration deal. It was detected timely, as the victim had received an alert on her mobile phone.
Interestingly, the UIDAI and the Union government have been promoting Aadhaar as a unique ID all these years. However, the newspaper reporter obtained a fake Aadhaar prepared with his own photograph, the name of another person, and the address of a famous Bollywood actor.
It took five minutes to make the bogus Aadhaar card, which is very similar to the original, the report says, adding the police stumbled on these websites while interrogating a fraudster.
"He revealed how he had learned to make duplicate Aadhaar cards to execute a loan scam. Fraudsters use some websites to make fake ID cards within minutes," a cybercrime official told ToI.
Cyber experts told the newspaper that gangs access such websites and apps through the dark web by using Android package kits (APK). "Such apps have ready templates of Aadhaar cards, PAN cards, and driving licences. One just has to feed the name, photo, and address, and the fake ID card pops up on your screen. This is a security concern as such fake cards can be used for booking hotel rooms or buying SIM cards," Mayur Bhusawalkar, a Vadodara-based cyber expert, told ToI.
For criminals, Aadhaar is the easiest tool to cheat or dupe anyone, including lenders and individuals. With Aadhaar, anyone can easily get a SIM card, open a bank account, and obtain various things. The reason is there are no real-time checks when one submits Aadhaar as ID proof. For example, all mobile service providers insist on providing an Aadhaar number for issuing a new SIM. However, except for some fingerprint scanning (done on low-cost devices), there is hardly any verification regarding whether the Aadhaar number belongs to the same person.
In fact, earlier this month, the Union government admitted that nearly 6%, or more than 60mn (million) dead people, still hold their Aadhaar numbers since there is no provision to delete or deactivate these numbers.
According to the data shared by the government, nine states and UTs have assigned more Aadhaar numbers than their projected population till 2022. These states with saturation percentage of more than 100% include Delhi (108.66%), Goa (103.79%), Haryana (101.22%), Himachal Pradesh (104.61%), Kerala (105.06%), Lakshadweep (108.84%), Punjab (102.56%), Telangana (101.78%) and Uttarakhand at 100.85%. (
Read: Nearly 6 Crore Dead People Still Have Aadhaar Numbers: Govt)
This is the state of Aadhaar cards issued officially by UIDAI. Add to this the bogus and fake Aadhaar cards being created and circulating in the system and you would realise the dangerous implications of it.
In January this year, UIDAI, the agency tasked with Aadhaar, issued a set of guidelines for offline verification-seeking entities (OVSEs) highlighting several usage hygiene issues. "Any Aadhaar can be verified using the QR code available on all forms of Aadhaar (Aadhaar letter, e-Aadhaar, Aadhaar PVC card, and m-Aadhaar) using mAadhaar app, or Aadhaar QR code Scanner. Tampering of Aadhaar documents can be detected by offline verification, and tampering is a punishable offence and liable for penalties under Section 35 of the Aadhaar Act," UIDAI had said.
Last year in April, the comptroller and auditor general (CAG) pointed out several issues like faulty biometrics and unpaired documents in the UIDAI database. In its performance audit report, the CAG says, "All Aadhaar numbers were not paired with the documents relating to personal information of their holders, and even after nearly ten years, the UIDAI could not identify the exact extent of mismatch. Though with the introduction of inline scanning in July 2016, the personal information documents were stored in the central identities data repository (CIDR), the existence of unpaired biometric data of earlier period indicated deficient data management."
As the CAG report pointed out and was revealed by ToI report, UIDAI simply has no mechanism to check uniqueness of Aadhaar, whether issued by itself or created illegally by fraudsters. "There were instances of issue of Aadhaars with the same biometric data to different residents indicating flaws in the de-duplication process and issues of Aadhaars on faulty biometrics and documents. Though UIDAI has taken action to improve the quality of the biometrics and has also introduced iris-based authentication features for enrolment for Aadhaar, the database continued to have faulty Aadhaars, which were already issued," CAG says.
The auditor-general also expressed doubt about the collection of documents from residents and their management. It says, "All the Aadhaar numbers stored in the UIDAI database were not supported with documents on the demographic information of the resident, causing doubts about the correctness and completeness of resident's data collected and stored by UIDAI prior to 2016." (
Read: Aadhaar Database Continues To Have Faulty Biometrics, Unpaired Documents: CAG)
