Aadhaar-Enabled Payment System Fraud

Money drained from city youth’s bank account

Many people are falling victim to Aadhaar-enabled Payment System (AePS) where the bank accounts are exploited by cyber criminals, resulting in unauthorised access to funds.

Scammers have utilised leaked biometric details to circumvent the need for One-Time Passwords (OTPs), facilitating the draining of funds from unsuspecting victims. A spate of recent scams has laid bare the vulnerabilities of AePS, exposing how cyber criminals exploit loopholes in the system to defraud unsuspecting customers.

In Mysuru, cyber criminals have become active, employing deceptive tactics that have left account holders in the city facing an alarming scenario — receiving sudden notifications of fund withdrawals on their mobile phones. Disturbed by these alarming notifications, individuals hastily rush to their respective bank branches. Over the past month, approximately 15 to 20 cases have been reported, as per investigations by the Cyber Economic and Narcotics (CEN) Crime Police Station.

K. Pavan Kumar, a resident of the city for instance, received a notification last Tuesday at 3.34 pm, indicating a withdrawal of Rs. 7,500 from his account. Fearful of potential threats, he promptly visited the SBI Bank branch in Chamundipuram, seeking answers regarding these suspicious transactions.

An inquiry revealed that cyber fraudsters had exploited the AePS to carry out this unauthorised transaction. The AePS links an individual’s bank account with their Aadhaar account, allowing transactions and withdrawals to be executed using biometric authentication. In this case, cyber criminals utilised Pavan Kumar’s biometrics to illicitly access funds through AePS technology.

Concerned about potential misuse, Pavan Kumar immediately visited the bank, updated his Aadhaar details and blocked his Aadhaar number to prevent further unauthorised transactions.

How to prevent AePS fraud?

Contact the bank helpline number and report the fraud. Every bank has a dedicated hotline number to report fraudulent transactions. In case you face any AePS fraud, block your bank account immediately just when you notice the first transaction. For security purposes, change your PIN, internet banking password, or any other relevant passwords associated with your account, immediately. To prevent such fraud or misuse of Aadhaar data, you must lock the biometrics using the m-Aadhaar app or the Unique Identification Authority of India (UIDAI) website.

Notably, AePS has per-day and amount-specific limits for transactions. Currently, the maximum limit for a single transaction is Rs. 10,000 with a maximum of five transactions per day. So, a total of Rs. 50,000 can be withdrawn in a day.

Additional Information:

Gaps in Aadhaar-enabled Payment System (AePS) are being abused by cybercriminals

What is AePS and how does it remove the need for an OTP?

• AePS is a bank-led model which allows online financial transactions at Point-of-Sale (PoS) and Micro ATMs through the business correspondent of any bank using Aadhaar authentication.
• The model removes the need for OTPs, bank account details, and other financial details.
• It allows fund transfers using only the bank name, Aadhaar number, and fingerprint captured during Aadhaar enrolment, according to the National Payments Corporation of India (NCPI).
• For AePs, these are the only inputs required for certain types of transactions, including cash deposit, cash withdrawal, balance inquiry, mini statement, Aadhaar to Aadhaar fund transfer, authentication, and BHIM Aadhaar pay.

Are AePS transactions enabled by default?

• Neither Unique Identification Authority of India (UIDAI) nor NPCI mentions clearly whether AePS is enabled by default. Cashless India, a website managed and run by MeitY, says the service does not require any activation, with the only requirement being that the user’s bank account should be linked with their Aadhaar number.
• Users who wish to receive any benefit or subsidy under schemes notified under section 7 of the Aadhaar Act, have to mandatorily submit their Aadhaar number to the banking service provider, according to UIDAI. Aadhaar is also the preferred method of KYC for banking institutions, thus enabling AePS by default for most bank account holders.

Aadhaar Enabled Payment System (AePS) is a secure and convenient payment mechanism that leverages the Aadhaar infrastructure to enable financial transactions. It allows individuals to use their Aadhaar number and biometric authentication to access various banking services, including cash withdrawals, balance inquiries, fund transfers, and more. 

This article provides a comprehensive overview of the Aadhaar Enabled Payment System, covering its features, benefits, usage, and the role it plays in promoting financial inclusion and digital payments in India.

What is AePS?

AePS, or Aadhaar-enabled payment system, is a service developed by the National Payments Corporation of India. It allows users to conduct transactions on a micro-ATM by providing their Aadhaar number and biometric information. Here are the key features of AePS:

• Aadhaar-linked transactions: AePS enables Aadhaar card holders to make transactions through their Aadhaar-linked bank accounts, similar to debit/credit card transactions.
• Biometric authentication: Transactions are completed by submitting the Aadhaar number and biometric details (iris or fingerprint scan) at Points of Sale (PoS) or micro ATMs, using Aadhaar authentication.
• Bank account privacy: Users are not required to share their bank account details during the transaction, enhancing privacy and security.
• Fund transfers: AePS allows users to transfer funds between bank accounts, providing a convenient way to send and receive money.
• Secure transactions: AePS transactions are considered safe and secure as they require biometric authentication, ensuring the identity of the user.

By leveraging the Aadhaar infrastructure, AePS simplifies and secures financial transactions, making it accessible to a wide range of individuals, particularly those who may not have access to traditional banking services.

Features of AePS

The AePS facility exhibits the following primary characteristics:

• Account deduction: The transaction amount is deducted directly from the Aadhaar-linked bank account of the user, ensuring a seamless and straightforward transaction process.
• Basic banking transactions: AePS allows Aadhaar card holders to perform various basic banking transactions, including cash deposits, interbank and intrabank fund transfers, cash withdrawals, balance inquiries, and obtaining mini bank statements. These transactions can be conducted through a banking correspondent.

How Does AePS Work?

Access to crucial financial services can be obtained by simply recalling the 12-digit Aadhaar number, which is linked to your bank account. To verify a transaction or utilize the AePS (Aadhaar-enabled Payment System) facility, your fingerprint must be authenticated with your Aadhaar. The transaction will be processed by the bank only after the UIDAI (Unique Identification Authority of India) verifies your fingerprint. 

Let’s consider a scenario where an individual, claiming to be Anvay, presents an Aadhaar number associated with Anvay’s name. In order to complete a transaction and pay for his purchases from a merchant, Anvay needs to provide his fingerprint for verification. If the fingerprint matches, the bank will proceed with the transaction. Consequently, a significant number of entities are involved in facilitating such transactions:

1. The individual wishing to carry out the transaction.
2. The intermediary, which could be a merchant or store owner, or a banking correspondent, through whom the transaction is conducted.
3. The Aadhaar-enabled bank.
4. UIDAI, responsible for fingerprint authentication.
5. NPCI (National Payments Corporation of India), responsible for transaction settlement.

Aadhaar ATM

Who could have thought, a few years back, that your Aadhar could be used as a medium for withdrawing money from your nearby Kirana stores! Now with the Pay1 merchant app, you can help your customers perform basic bank transactions like withdrawal and deposit. These transactions can be easily done with the help of a safe and secure biometric scanner available at your nearest Pay1 retailer outlet.

Understanding AEPS Apps

Aadhaar number is a unique identification number issued by the Unique Identification Authority of India (UIDAI) to citizens of India to avail several benefits. The AePS apps and payment services is a payment service/ system introduced by the National Payments Corporation of India (NPCI) to banks and financial institutions that use ‘Aadhaar’ for their KYC (Know-Your-Customer).
With this system, citizens or customer can carry out commercial and non-financial transactions at BC point through their Aadhaar number, and perform several actions like:

● Aadhaar Card Money Withdrawal

● Cash Deposits

● Balance Inquiry

● Mini Statement

This allows customers to gain easy access to ATM facilities while getting the security of a traditional banking or financial institution. AePS services and systems use fingerprint/IRIS scan for biometric verification, ensuring high security for each transaction.

Source: Starofmysore, Vajiram & Ravi, Paytm, Pay1, Smartpaymentbank-Image

Also Read: