Aadhaar card holders all over India are sounding the alarm on social media about a new and alarming scam involving the Aadhaar-enabled Payment System (AePS). In this fraudulent scheme, scammers exploit a vulnerability in the AePS to drain bank accounts to zero, all without the need for OTP authentication. They achieve this by gaining access to the victim’s fingerprint data, knowing their Aadhaar number, and the bank with which they hold an account. Shockingly, victims don’t even receive SMS notifications when funds are siphoned from their accounts.
The locations where Aadhaar numbers are most vulnerable to theft include cyber cafes, photocopy shops, hotels, and more. Scammers then typically track their victims to determine the bank name. The last piece of the AePS puzzle is the fingerprint pattern. Scammers resort to creative methods to obtain fingerprint data from places like land registry offices or other services that use fingerprints for authentication. They then imprint this fingerprint data on artificial silicon thumbs, which are used to withdraw money through AePS.
To protect against this scam, it’s crucial for Aadhaar card holders to lock their biometric data either through the mAadhaar app or the UIDAI website. Since AePS is enabled by default for all Aadhaar card holders, and biometric data is also unlocked by default, users should take immediate action to secure their information.
To disable AePS and lock biometric data on your Aadhaar card, download the mAadhaar app on your smartphone (Android/iOS) and sign up using your Aadhaar-linked mobile number. Verify your Aadhaar details and choose to lock your biometrics using the app. It’s worth noting that you can unlock your biometrics as needed through the app. Additionally, the app provides an option to lock your Aadhaar number, preventing online service sign-ups using your Aadhaar number and OTP.
The Aadhaar-enabled Payment System (AePS), introduced by the National Payments Corporation of India (NPCI) following RBI and UIDAI guidelines, was designed to simplify microATM transactions up to Rs 10,000 per transaction. Users can withdraw up to Rs 50,000 a day using AePS. While this initiative appeared groundbreaking, it’s clear that fingerprint data can be stolen from various sources, and silicon fingers can be used to replicate real fingerprints.