Member of Parliament John Brittas on Wednesday highlighted incidents “where individuals have been robbed of their hard-earned financial resources through Aadhaar Enabled Payment System (AePS) within a matter of minutes” in a letter to Prime Minister Narendra Modi. Dr. Brittas’s office said that AePS, which allows people to withdraw cash from their bank accounts by using their Aadhaar number and a fingerprint, was being “exploited” by attackers with stolen Aadhaar numbers and silicon fingerprints.
“While AePS may not enjoy the same level of popularity as Unified Payments Interface (UPI), it is still pertinent to note that an average cash withdrawal of around 1000 crores is being carried out using this system every day,” the MP’s statement estimated. “The system’s inability to distinguish between a genuine live fingerprint and a synthetic silicon fingerprint represents a significant flaw that is being maliciously exploited.”
The Unique Identification Authority of India (UIDAI), which administers Aadhaar, acknowledged the issue earlier. In February, the UIDAI said it had started gradually requiring authorised Aadhaar verification agencies to use an Artificial Intelligence (AI)-led method to detect the ‘liveness’ of a fingerprint, to reduce incidents of ‘spoofing,’ where a fake fingerprint, such as a silicon one, can be used for authentication. This announcement followed reports of spoofing that led to financial losses for some residents.
A government source who was not authorised to discuss the issue with the media said that the issue was on the banks’ end, as they employ ‘banking correspondents’ to provide residents access to AePS, and that the issue was not architectural in nature. Dr. Brittas asked Mr. Modi to refer the issue to the Ministries of Home Affairs, Finance and Electronics & Information Technology for resolution.