Aadhaar card, the one card which is being used by the government to push most of its demonetisation wave in the country is touted to be one of the safest methods for the Indians to keep their biometric data safe. As Aadhaar card uses a lot of biometric data – from fingerprint to your retina scan to create the card and give you your final Aadhaar number, duplication of he card can pose a serious challenge and a threat to individuals. In today’s times, Aadhaar card as a document is mandatory when you try to avail any service in the country. Your bank accounts are linked to Aadhaar card, other payment services like digital wallets are linked to Aadhaar, your employer asks for Aadhaar card and basically any other service you want ias linked to that 12 digit number. All of a person’s private details including his bank account and financial details, links to other documents etc are saved on Aadhaar card.
In such a scenario, it can be extremely daunting to come across news of the vey card assured to keep us and our details safe getting hacked and duplicated. According to UIDAI, this is the first ever case where the biometrics in Aadhaar card have been breached and the data possessed laid bare. The perpetrators of the crime – Axis Bank Ltd, Suvidhaa Infoserve and eMudhra, are elading names in the industry. UIDAI has reportedly filed a criminal offense report in the Cyber Crime Cell of Delhi Police against the three firms. The inquiry proceedings against the three are presently on. What are the threre guilty for? ‘Unauthorised authentication and impersonation by using stored Aadhaar biometrics’, which means, they tried to hack into and access the individual’s data or carry out transactions in the person’s name by using the Aadhaar card biometrics easily available to them.
But how did they lay their hands on this data? Since the launch of Aadhaar, with the passage of time, banks in the country have made it mandatory for individuals to link their Aadhaar card accounts with the bank accounts. Axis bank holds millions of Aadhaar card details under the new mandate. All three firms have now been served a ‘notice for action’ as per the regulations. But how did UIDAI track the misuse in the first place? According to The Logical Indian, UIDAI became suspicious once multiple transactions surfaced using the same fingerprint. While a user can make transactions, the number of transactions in this case was too high and was all related to just these 3 firms – in a limited amount of time. This would not have been possible had the Aadhaar biometrics not been saved and used without authorisation or authentication. The transactions were all performed through different agencies at the same time and were classified as illegal operations. Reliance Jio Prime subscription begins on March 1: How to sign up for unlimited benefits till March 2018
According to the data, just one individual performed 397 biometric transactions between 14 July 2016, and 19 February 2017 of which, 194 were Axis Bank transactions, 112 – eMudhra and 91 were conducted Suvidhaa Infoserve. The complaint against the 3 has been filed on 15th of February 2017 and they had been given time till 27th February to respond to the complaints. Axis Bank has responded to the allegations. According to a spokesperson from Axis Bank, the details were used to carry out a four live Aadhaar-based authentications by a developer from Suvidhaa carried out. These authentications took place when the testing phase was on. “If something goes wrong in the testing phase, it has to be reported to us by Suvidhaa, they are accountable for it,” added the spokesperson. Nokia 3310 expected to release in India in April 2017, priced under Rs 4000
Technically, live authentications can be one only if no errors are found in the testing phase. By conducting the authentications during the testing phase, the firms violated the terms of Aadhaar authentications. UIDAI, however, is not convinced. “Even testing is not permissible under the Aadhaar law and if such an experiment was being conducted, UIDAI should have been informed about it earlier. The authentication operation of the firms concerned has been suspended till the matter is resolved,” the official added. “The testing was done by our in-house team but there has been no financial loss as of now. We will submit our report to UIDAI on Monday,” said Paresh Rajde, chief executive officer of Suvidhaa. It is definitely daunting to see such a breach emerge by one of the leading firms and banking instutions in the country.
Aadhaar is the number promoted by the government as being trustworthy and safe and though being strictly warned by the Supreme Court against the use of Aadhaar as the only document for verification, this simple number is soon taking over the country. While this is worrying, the transparency of UIDAI to admit to such a massive breach and the weaknesses of the system is applause worthy. We only hope that now, the investigations reach their end and there are further safety measures put in place to ensure the safety of Aadhaar and the individuals.