Since its inception in 2010 as a unique identification (ID) for those (poor) without any identity proof, Aadhaar and its proponents have been working to force its linkage with other ID systems, compromising privacy and mismatch due to variations in spelling and various data points. Fin-tech companies looking for rapid on-boarding of customers have lobbied hard for such linkages. As several experts had warned (and Moneylife has written extensively on this
), the dependence on a flawed Aadhaar system causes difficulties in the financial sector too.
The police have arrested Navneet Prajapati and Somnath Prajapati, who ran an Aadhaar updation centre using the ID of some other agent who was actually authorised by the Unique Identification Authority of India (UIDAI).
According to the police, the fraudsters used silicon fingerprints and printouts of the iris scan of the authorised agent to log in to the UIDAI database. "Whenever any illiterate came to them for any Aadhaar updation, Navneet Prajapati captured the biometrics of that person but updated the photograph and address as suitable to him."
After COVID, when everything went online, they started opening bank accounts online, in which the account holder's credentials were verified through the API (application programming interface) integrated with the Aadhaar database.
According to a report from the Times of India
, Delhi police plan to approach the court to get details of the agent ID and details of centres being used by the gang from UIDAI.
The police also seized eight 'silicone fingerprints' from the accused, indicating that more than one facility was being used by them to make fake Aadhaar cards. The copy of the fingerprints was made with silicone, rubber, paper and gel. The silicone fingerprint, along with a high-resolution printout of the agent's iris, was used for logging into the centre," the report says.
"They had already updated the photograph and address in the database fraudulently. When the Bank's API verifies the details provided by them, the details match, and the account gets opened without any physical verification or intervention," the official told IANS
According to privacy researcher V Anand, biometrics are easy to fool and have several examples, but no one seems to have cared. He says, "They (Prajapatis) seem to have mastered quite a few things here. Editing database directly with third-party photographs to defeat video know-your-customer (KYC) and with the permanent account number (PAN) linked to Aadhaar, loans taken then will hit credit score. We can finally see ghost loans, ghost bank accounts and chimaeras with different fingerprints, iris scans and photographs in action."
This brings us to the main issue of the Aadhaar menace that is making lives difficult for many people. As the comptroller and auditor general (CAG) pointed out, a few reasons for this include faulty biometrics and unpaired documents in the UIDAI database. Plus, the success rate of Aadhaar fingerprint authentication transactions remained a cause of dissatisfaction among the users due to biometric authentication failures.
"During 2018-19, more than 73% of the total 3.04 crore biometric updates were voluntary updates done by residents for faulty biometrics after payment of charges. The huge volume of voluntary updates indicated that the quality of data captured to issue initial Aadhaar was not good enough to establish the uniqueness of identity," the CAG says in its performance audit report.
Interestingly, UIDAI and the Union government have been promoting Aadhaar as a unique ID all these years. However, the CAG report discards this as, during the performance audit, it found flaws in the de-duplication process and issue of Aadhaars on faulty biometrics and documents.
Later in September 2018, we found out a single account opened in United Bank of India, under the Pradhan Mantri Jan Dhan Yojana (PMJDY), or the 'no frills' or basic savings bank deposit account (BSBDA), had a whopping Rs93.82 crore deposited. This was revealed in a Right to Information (RTI) Act query. (Read: Rs93.82 Crore Was Deposited in a Single Jan Dhan Account, Reveals RTI
Before guiding about how you can protect your Aadhaar, let me remind you of the nightmare faced by Mumbai-based Ameya Dhapre, whose life has turned upside-down ever since someone posted a copy of his Aadhaar on the web. Scamsters have used Mr Dhapre's Aadhaar number for obtaining SIM cards, opening bank accounts, and even creating seller accounts on e-commerce portals for duping people. Everyday, someone or other lands up at his door seeking 'refund' of his/her money, of which Mr Dhapre had no idea. (Read: Aadhaar Nightmares Coming True. How Ameya Dhapre Is Enduring 'Living Hell' with His Aadhaar: Report
How do you protect Aadhaar from misuse?
1. Never share your 12-digit Aadhaar number or 16-digit virtual Aadhaar number with any unknown or unauthorised entity.
2. Never share a copy of your Aadhaar with anyone without mentioning the purpose and date written on it (it can be done while self-attesting the photocopy)
4. Register your mobile number or email ID with UIDAI, if not already done (this will help you to receive an alert in case someone uses your Aadhaar for identification purposes and is trying to verify it).
5. For making changes in your demographic details like name, address, date of birth, gender, mobile number, and email, visit only an authorised Aadhaar enrolment centre.