Scammers can clone your fingerprint for fraud: What you need to know & how to protect yourself

In the heartlands of rural India, where financial inclusion has found a light in the Aadhaar Enabled Payment System (AePS), a sinister threat has emerged.

Scammers, preying on the unsuspecting, have devised a cunning method to clone fingerprints and exploit the very system designed to empower the underprivileged. This clandestine operation, targeting the economically vulnerable, has raised alarms among local authorities. Now let’s shed some light on what AePs are, how they work, and how scammers have exploited the rise of AePs.

What is AePS?

AePS, or Aadhaar Enabled Payment System, was introduced by the Indian government in 2014 to bring banking services to remote areas lacking traditional banks. It allows people, especially in villages, to perform banking transactions using Aadhaar-based authentication and biometric information like thumb impressions.

How does AePS work?

With AePS, individuals don't need to visit a bank or possess an ATM card for transactions. Instead, they can go to a Customer Service Point (CSP) or a business correspondent. The process involves providing the 12-digit Aadhaar number and bank account details to the CSP. Afterwards, the person's thumb impression is taken on a Point of Sale (PoS) machine for verification. Once verified, they can withdraw or deposit cash.

How scammers are using your fingerprint?

Unfortunately, scammers have found a way to exploit this system. They use deceitful tactics, like promising instant loans or government benefits, to obtain villagers' thumb impressions.

These impressions are then cloned using materials like M-seal (a sealant) or paper. Scammers withdraw money from victims' accounts, leaving them unaware until they visit the bank.

The scammers applied glue on the M-seal where the thumb imprint was placed. The impression then appears on it once the adhesive has dried. This would allow them to use the impression of the glue on the machine to take money out of peoples' bank accounts in this manner.

The fraudsters are utilising fingerprints obtained from land registry documents too. They collaborate with lower-level employees of the Land Records Department to acquire papers associated with land registration, where individuals' thumb impressions and Aadhaar card details are obligatory.

Scams unveiled: Victims speak out

Reports revealed instances like Urmila Kumari, a resident of Nawada district in Bihar, who lost 57,900 rupees to a fingerprint cloning scam.

Kumari successfully traced the recipient, who confessed to the wrongdoing, assuring her of a refund and urging her not to file an FIR. This is not an isolated case; the Bihar police, tired of scams via AePS (Aadhaar Enabled Payment System), established a dedicated team in July 2023.

Despite identifying the receiver, many victims hesitate to file FIRs, complicating law enforcement efforts. The Bihar police formed a special team after recovering 512 cloned thumb impressions, highlighting the extent of this burgeoning scam.

AePS: Enabling financial inclusion or facilitating fraud?

AePS, intended for financial inclusion, has become a double-edged sword. With more than 200.6 million last-mile banking transactions recorded in April 2023, it has inadvertently facilitated a surge in financial fraud. A letter from Rajya Sabha MP John Brittas to Prime Minister Narendra Modi underscores the urgent need to address the growing exploitation of AePS.

"People easily fall victim to the fraud because it is unimaginable that one can be duped via just thumb impressions and Aadhaar details."

SP Sushil Kumar of Bihar's cybercrime section

How to stay informed & safe?

- Avoid unnecessary Aadhaar sharing: Be cautious about sharing Aadhaar details unnecessarily. Use alternative identity proofs where Aadhaar is not mandatory.

- Scrutinise CSP operators: There is a need for proper scrutiny of Customer Service Point (CSP) operators and business correspondents as transactions often occur through them.

- Multi-Factor authentication: Experts recommend implementing multi-factor authentication in AePS, similar to online banking transactions. This adds an extra layer of security.

As the authorities grapple with this issue, individuals must stay vigilant and adopt these precautions to safeguard themselves from falling victim to fingerprint cloning scams through AePS.

As investigations unfold, the police face challenges in identifying culprits due to a lack of supporting documents. Victims often remain unaware of the fraud until they visit banks, emphasising the need for improved awareness and security measures.

Experts suggest limiting Aadhaar sharing, scrutinising CSP operators, and implementing multi-factor authentication in AePS to curb this rising threat.