Senior bank officers have warned that there are a number of cases coming to light every day where bank customers are being duped when they share their Aadhaar number linked to their bank account. Fraudsters are also using unified payments interface (UPI) to siphon money from customers' accounts. This is because 'Pay to Aadhaar' (number) is an additional functionality in UPI and allows withdrawals through this route as well. This only underlines the need for people to urgently de-link Aadhaar number from the bank accounts—especially those who are less tech-savvy or financially literate.
In fact, this warning comes from none other than D Thomas Franco, former general secretary of All India Bank Officers Confederations (AIBOC), which is the largest bank officers' union in India. Mr Franco narrates this story in a bank WhatsApp group on a new way to dupe hapless people. "On 21st December, Dr Lalmohan was asked to give his Aadhaar number from a caller posing as a manager of State Bank of India (SBI). Within a few minutes, his account was debited online for Rs5,000 and Rs20,000. He immediately called customer care and got his account blocked. However, further withdrawals took place all through UPI and the entire balance in his account, except for Rs200 vanished. He had not shared his password. The bank says there was a hold (block) on his account but these withdrawals still took place online. Aadhaar seems to be the culprit."
He goes on to narrate another example: “A similar call was received by another friend of mine, but he refused to share his Aadhaar number. A third friend of mine, a lady, says she received a similar call saying her credit card has expired and the caller wanted her details to reactivate her card. She refused to share any detail over phone. So, we need to alert everyone about such frauds. Also we need to immediately ask our bank to delink the Aadhaar linked with the account. Do not share your Aadhaar number, password or any banking details to anyone over phone," Mr Franco adds.
In March 2017, a bug in UPI cost Bank of Maharashtra about Rs25 crore. The Pune-based Bank had procured an UPI solution from a vendor (reported to be city-based InfrasoftTech), which had a bug that resulted in the fund moving out of the accounts without the sender's account having the necessary funds. (Read: UPI bug costs Bank of Maharashtra about Rs25 crore
was the first to raise this issue in September 2014. It was followed up with the prime minister’s Office (PMO) with a meeting and through filing a complaint on their portal. However, the PMO portal closed the complaint in October 2017 citing insufficient information. (Read: How Aadhaar linkage can destroy banks
Lakhs of people linked their bank accounts to their Aadhaar number under threat from banks that their accounts and banking services would be frozen. This is no longer mandatory after the Supreme Court judgement on this issue.
Earlier in July 2018, National Payments Corp of India (NPCI), which developed and promotes UPI and Bharat interface for money application (BHIM), had asked banks to discontinue Aadhaar-based payments through the UPI and immediate payment system (IMPS) channels. Pay to Aadhaar is an additional functionality in UPI and IMPS where the payer can transfer funds to the beneficiary using an Aadhaar number.
"Aadhaar number is a sensitive information and the revised framework about its usage in the payment landscape is still evolving. With this background, we proposed removal of ‘Pay to Aadhaar’ functionality in both UPI and IMPS before the steering committee (meeting held on 5 July 2018). The proposal of removing the Aadhaar number functionality was approved by the steering committee,” NPCI had said in a circular issued on 17 July 2018.
Later in September this year, the Supreme Court declared Section 57 of the Aadhaar Act as unconstitutional. This means bank account-holders, e-wallet or mobile wallet users and mobile subscribers are no longer required to use their Aadhaar number.
Following the judgement, the department of telecommunication (DoT), on 26th October directed all unified license holders to discontinue use of Aadhaar eKYC for issuing new SIM and re-verification of existing subscribers before 5 November 2018.
"...the use of Aadhaar authentication is not permissible for eKYC for verification of telecom subscribers not for issuing new mobile connections. In compliance to the judgement of the Supreme Court, all licensees are to discontinue the use of Aadhaar eKYC service of Unique Identification Authority of India (UIDAI) both for verification as well as for issuing new mobile connections. All telecom services providers (TSPs) shall ensure its implementation across the country in a time bound manner and compliance in this regard be submitted by 5 November 2018," the telecom department said in the circular.
Post the judgement from the apex court, All India Bank Employees Association (AIBEA), demanded that banks should stop issuing Aadhaar numbers as it was not a banking activity. In a statement in September 2018, AIBEA's general secretary CH Venkatachalam had said, "The compulsory linking has resulted in lots of frauds by third party agents who canvas for loans. There are instances where with the same Aadhaar card number several loan accounts were created by the loan processing agents of banks to meet their targets."
He said designated bank branches were issuing Aadhaar, which should be stopped as it was in no way connected to banking activity.
In fact, before the Supreme Court judgement, bankers were found to be given targets by UIDAI for Aadhaar enrolment. Banks had been given a target of logging 16 enrolments daily at 10% of their branches. From 1 July 2018, this has been reduced to eight a day, a report from Press Trust of India (PTI) says quoting a circular issued by the UIDAI
. It also said that banks, which achieve the fresh targets for July will not have to face 'financial disincentives' up to that month.
Dr Anupam Saraph, one of the petitioners in the Aadhaar case in the Supreme Court, and an expert in sustainable systems design, also found the target setting by UIDAI as funny if not devastating. "Who are they enrolling if 121 crore have been enrolled? They do not trust the bank account that were opened during the past over 70 years, but now want the same bankers to generate new data and benami accounts in the process?... (The) drive for enrolment is sufficient to expose that either the 121 crore person's enrolled number is suspect or the data of those 'enrolled' is suspect. All evidence suggests the most likely answer is both of the above," he had said.
Banking regulator, Reserve Bank of India (RBI) has, however, had kept mum, even when UIDAI was encroaching upon its regulatory authority.
After the story was published, RBI came out with a 'clarification' over the weekend that banks should follow the (Prevention of Money Laundering Act or PMLA) Rules, which have statutory force. Whether it is linking of Aadhaar with bank account or mobile numbers, the strange part is how the Central government is issuing direct orders by side lining sectoral regulator under one pretext or the other. The government is also ignoring orders issued by the Supreme Court to restrict use of Aadhaar that too purely on a voluntary basis. (Read: Bank Aadhaar linking: RBI never issued any order, reveals RTI
While RBI was quick to fall in line with the finance ministry in issuing master directions for Aadhaar, post the SC order, it has not issued any notification in this regards or asked banks to de-link Aadhaar number of account holders.
Earlier on 20 April 2018, while issuing master direction on know-your-customer (KYC) norms, the central bank had clearly stated, "The revised Master Direction is in accordance with the changes carried out in the PML Rules vide Gazette Notification GSR 538 (E) dated 1 June 2017 and thereafter and is subject to the final judgment of the Hon’ble Supreme Court in the case of Justice KS Puttaswamy (Retd.) & Anr. V. Union of India, W.P. (Civil) 494/2012 etc. (Aadhaar cases)."
Despite the Supreme Court ruling linking of Aadhaar with bank accounts or mobile number as invalid, the banking regulator has yet to issue a notification for this. It is time for bank account-holders to de-link Aadhaar number, if linked, from their accounts and also not to share the number and any details related with their bank account with anyone, especially over phone or email.
You may also want to read…