Gaps in AePS abused by cybercriminals
Science & Technology
19th May, 2023
There has been a noticeable rise in fraud related to Aadhaar-enabled Payment Services (AePS).
What is Aadhaar-enabled Payment Services (AePS)?
- Aadhaar-enabled Payment Services (AePS) is a bank-led model that facilitates online financial transactions at Point-of-Sale (PoS) and Micro ATMs.
- It enables secure transactions through the business correspondent of any bank by leveraging Aadhaar authentication.
- AePS eliminates the need for OTPs, bank account details, and other financial information, streamlining the process.
- AePS requires only the bank name, Aadhaar number, and fingerprint captured during Aadhaar enrolment as inputs for various transactions.
- These transactions include cash deposit, cash withdrawal, balance inquiry, mini statement, Aadhaar to Aadhaar fund transfer, authentication, and BHIM Aadhaar pay.
Are AePS transactions enabled by default?
- The default enabling status of AePS transactions is not explicitly mentioned by the Unique Identification Authority of India (UIDAI) or the National Payments Corporation of India (NPCI).
- According to Cashless India, a website managed by MeitY, AePS does not require any activation; however, the user's bank account should be linked to their Aadhaar number.
- Additionally, users who intend to receive benefits or subsidies under schemes governed by section 7 of the Aadhaar Act are required to provide their Aadhaar number to the banking service provider.
- Aadhaar is also the preferred method for KYC (Know Your Customer) in the banking sector, which often leads to the automatic enabling of AePS for most bank account holders.
What are the ways to secure Aadhaar biometric information?
- Aadhaar (Sharing of Information) Regulations, 2016: The UIDAI is proposing an amendment to theregulations, which will require entities in possession of an Aadhaar number to not share details unless the Aadhaar numbers have been redacted or blacked out through appropriate means, both in print and electronic form.
- Authentication:The UIDAI has also implemented a new two-factor authentication mechanism that uses a machine-learning-based security system, combining finger minutiae and finger image capture to check the liveness of a fingerprint.
- Locking Aadhaar:Additionally, users are also advised to ensure that they lock their Aadhaar information to ensure that their biometric information, even if compromised, cannot be used to initiate financial transactions. Aadhaar can be unlocked when the need for biometric authentication arises, such as for property registration and passport renewals, after which it can again be locked.