Shripriya (name changed), 40, a resident of Jeppu, received a message on her mobile phone on October 9 that an amount of ₹3,700 was deducted from her savings account. A few minutes later she received another message that ₹1,200 was deducted from her other savings account.
Ms. Shripriya called the helpdesks of the banks concerned, whose staff responded that the amount was deducted using Aadhaar-enabled payment system (AEPS). She asked the two banks to block the two accounts.
The woman said that she went to file a complaint with the CEN (Cyber Economic Narcotic Crime) police station on Tuesday. Ms. Shripriya was told at the station that she was among those from the city, who gave their fingerprints during registration of documents at the city sub-registar’s office, who have lost the amount through AEPS.
“I visited the sub-registar’s office in Mangaluru on September 29 in connection with registration of two properties for which my Aadhaar card details and fingerprints were taken,” she said. “Fortunately I had withdrawn money from the two bank accounts a few days ago and had kept minimum balance in those accounts. So I did not lose a huge amount,” she said.
After registering the complaint, she informed her banks, which assured her of returning the lost amount in 60 days, she said.
Ms. Shripriya is the 15th person of the city to file a complaint on losing money from their bank accounts after submitting their Aadhaar number and fingerprints at the Mangaluru city sub-registrar’s office.
The CEN police station has registered a complaint of a person losing ₹1 lakh. The station received 13 other complaints where the deduction of amount ranged between ₹10,000 and ₹1 lakh.
Some victims complained that they lost money a week after registration of their documents, while others lost it nearly a month after registering at the sub-registrar’s office.
Cyber expert G. Ananth Prabhu told The Hindu that fraudsters manage to get Aadhaar and biometric details given at the time of registration of documents and SIM card activation and use them to withdraw amount using AEPS.
A maximum of ₹10,000 per day can be withdrawn using AEPS. “Unlike UPI that seeks authentication, under AEPS the amount automatically gets deducted following match of Aadhaar and related biometric details,” he said.
The fraudsters are operating from Bihar and other North Indian States. A case of breach of Aadhaar and biometric details following registration of document was also reported in West Bengal, he said.
Police Commissioner Anupam Agrawal said the city police are making efforts to zero in on fraudsters allegedly involved. “The company, which is looking after AEPS, has reported that ₹1 crore was withdrawn in the country in the last two months through fraud using AEPS,” he said. “We have brought complaints filed with police to the notice of the company. We are waiting for their response on leak of Aadhaar and biometric details from the registration department,” he said.
Mr. Prabhu said it’s high time the government brings in two-way authentication in the form of PIN, password, or OTP for AEPS withdrawals.
The government should also introduce the feature of taking the photograph, along with GPS coordinates, of the person who withdraws money using AEPS.
The cyber expert advised people to download mAadhaar or visit myAadhaar website and take action to disable biometric details to prevent unauthorised withdrawal.
“Biometric details can be enabled at the time of registration or other authentication processes and then disabled immediately,” he said.
COMMents
SHARE