In recent weeks, Bangalore’s North-East Cyber Economic and Narcotics Crime (CEN) police have been on high alert due to a surge in Aadhaar biometric fraud cases. Two individuals from Bihar were apprehended for exploiting publicly available registration papers containing Aadhaar numbers and thumb impressions from the state government’s Kaveri portal for property registration. The defrauder used the Aadhaar details and thumbprints to do transactions without permission, and the people didn’t know until they got messages from their banks saying money was taken out.
Unlike typical phishing scams, Aadhaar biometric fraud doesn’t involve clicking on suspicious links or sharing One Time Passwords (OTPs). Instead, scammers employ a method using butter paper sheets to duplicate Aadhaar biometric data.
In the arrested cases, the suspects downloaded registration papers with Aadhaar details and thumb impressions from the Kaveri portal. The victims, including a contractor, retiree, and teacher, reported losses ranging from Rs 15,000 to Rs 32,700. In spite of not sharing bank details or clicking on unknown links, they fell victim to this exceptional fraud.
The police commissioner revealed that Bangalore had witnessed 116 similar cases in the last few months. The officer of the law think the defrauder are from another place and are getting information from public websites about land registration.
The fraudsters use butter paper sheets to clone biometrics. They place thumb impressions on registration sheets, cover them with a silicone sheet, and heat them using ultraviolet lamps. This transfers the biometric information to the silicone sheets. Another way is copying thumbprints onto special sheets using heat, and then using really good scanners to make prints on photo films.
Subsequently, the scammers use apps like Spice Money and Ezeepay, providing Aadhaar Enabled Payment System (AEPS) services. They take out money using small ATMs, and it causes the people who got tricked to lose a lot of money.
Tracking AEPS fraud is challenging, and investigations are time-consuming. Victims may receive a reference ID or confirmation messages for AEPS withdrawals, but investigators are often limited to the agent ID. The senior officer suggested locking biometrics on the Unique Identification Authority of India (UIDAI) website to prevent unauthorized use. Additionally, he emphasized the importance of the National Payments Corporation of India’s (NPCI) maximum transaction limit of Rs 10,000 for single AEPS financial transactions to prevent large withdrawals.
The rise in Aadhaar biometric fraud poses a significant challenge for law enforcement. With criminals employing advanced techniques to exploit publicly available data, authorities face difficulties in tracking and apprehending suspects. Enhanced security measures, such as biometric locking and transaction limits, are recommended to curb this growing frighten.