Aadhaar card holders across India are taking to social media to alert citizens about a new type of scam in which your bank account may get drained to zero by scammers by using a loophole in the new Aadhaar-enabled Payment System (AePS). In this scam, there’s no scope for OTP authentication and a scammer can steal money from your bank account by simply getting access to your fingerprint data, knowing your Aadhaar number and the name of the bank with whom you have an account. To make things worse, you won’t even get an SMS notification when money gets debited from your account.
Cyber cafes, photocopy shops, hotels, etc are prime spots where Aadhaar numbers can get stolen and then scammers usually stalk the victims to know the bank name. Now, the last part of the AePS jigsaw is the fingerprint pattern. This is where scammers get creative and try to obtain fingerprint data from land registry offices or other sources where fingerprints are used to authenticate services. This fingerprint data is then imprinted on artificial silicon thumbs which are used to withdraw money using AePS.
To stay safe from this scam, it is important that Aadhaar card holders must lock their biometric data by either using the mAadhaar app or the UIDAI website. As AePS is enabled for all Aadhaar card holders by default and biometric data is also unlocked by default, it is important for users to take note and disable it to stay safe.
To disable AePS and lock biometric data of your Aadhaar card, download the mAadhaar app of your smartphone (Android/iOS) and use your Aadhaar-linked mobile number to signup. Verify your Aadhaar details and opt to lock your biometric using the app. Note that you can unlock biometrics using the app whenever you need to. There’s also an option to lock your Aadhaar number as well on the app. This prevents users from signing up for services online using their Aadhaar number and OTP.
Aadhaar-enabled Payment System (AePS) was recently introduced by the National Payments Corporation of India (NPCI) after following guidelines set by the RBI and UIDAI. This system allows Aadhaar card holders to deposit cash, withdraw cash, know balance, get a mini statement, do Aadhaar to Aadhaar fund transfer, authenticate transactions and pay using BHIM Aadhaar by simply providing 3 things- Bank name, Aadhaar number and biometric authentication. The Aadhaar-enabled Payment System (AePS) initiative was introduced to ease microATM transactions up to Rs 10,000 per transaction. In a day, up to Rs 50,000 can be withdrawn using AePS. While the initiative by NPCI seems groundbreaking, little did anyone guess that fingerprint data can also get stolen from different sources and silicon fingers can be used to replicate real fingerprints.
Follow the simple steps to download the mAadhaar app:
- Open the Google Play Store in your mobile and install mAadhaar app. For iPhones, use the App Store.
- Allow the required permission for the mAadhaar app for download
- Once, the mAadhaar gets installed on your phone, set in a password for the app
Note that the password should comprise of 4 digits (all numerals).
- Open the mAadhaar app, and log in using the user id and password
- Click on the profile
- Tap on the Menu option, placed on the top right corner of the app
- Click on the ‘Biometric Settings’
- Put a tick on the ‘Enable Biometric Lock’ option
- Step 7: Tap on ‘OK’ and an OTP will be sent to the mobile number registered in aadhar
- As soon as the OTP is entered, the biometric details will immediately get locked.
- Open the mAadhaar app and tap on the menu
- From the drop-down, click on the ‘Biometric Settings’
- Step 3: A message reading – “Your biometrics will be temporarily unlocked” will get flashed on your phone screens.
- Tap on ‘Yes’ and Your biometric details will be unlocked for 10 minutes.