Aadhaar-enabled Payment System (AePS), About, Issues and Way Forward

Aadhaar-enabled Payment System (AePS): Aadhaar-enabled Payment System (AePS) is a banking-driven framework that enables digital financial transactions at Point-of-Sale (PoS) devices and micro ATMs of any bank through Aadhaar authentication. Aadhaar-enabled Payment System (AePS) is also important for UPSC Prelims Exam 2023 and UPSC Mains Exam (GS Paper 2- Various governance initiatives and associated issues).

Aadhaar-enabled Payment System (AePS) in News

In a Twitter thread, popular YouTuber Pushpendra Singh recounted an incident where his mother’s bank account was emptied using an Aadhaar-linked fingerprint without requiring two-factor authentication. Disturbingly, the bank did not inform his mother about these transactions via any form of notification. Further research on Google reveals that similar occurrences have been reported across various regions in the country. Cybercriminals have resorted to using silicone thumbs to manipulate biometric Point-of-Sale (POS) devices and ATMs, resulting in unauthorized access to users’ bank accounts.

Aadhaar-enabled Payment System (AePS) Definition

According to the National Payments Corporation of India (NPCI), the Aadhaar-enabled Payment System (AePS) is a banking-driven model that facilitates online financial transactions at Point-of-Sale (PoS) devices and micro ATMs of any bank by utilizing Aadhaar authentication. This innovative approach eliminates the requirement for OTPs, bank account information, and other financial details. Fund transfers can be conducted solely using the bank name, Aadhaar number, and the fingerprint recorded during Aadhaar enrolment.

Is AePs enabled by default?

The clarity regarding the default activation status of the Aadhaar-enabled Payment System (AePS) is not explicitly mentioned by either the Unique Identification Authority of India (UIDAI) or the National Payments Corporation of India (NPCI).

• However, Cashless India, a website managed by the Ministry of Electronics and Information Technology (MeitY), states that AePS does not require any separate activation process.
• The only prerequisite is that the user’s bank account must be linked with their Aadhaar number.
• Additionally, the UIDAI states that users who wish to receive benefits or subsidies under schemes governed by section 7 of the Aadhaar Act are obligated to provide their Aadhaar number to the banking service provider.

Data Leaks under Aadhar System

Despite reports of Aadhaar data breaches in 2018, 2019, and 2022, the Unique Identification Authority of India (UIDAI) has consistently refuted any data breaches.

• The UIDAI has assured the public that Aadhaar data, including biometric details, remains fully secure and protected.
• However, it is important to note that the UIDAI’s database is not the sole potential source of data leaks.
• Aadhaar numbers are easily obtainable in the form of photocopies and digital copies, and criminals have exploited Aadhaar-enabled payment systems to compromise user information. In the past, scammers have utilized silicone to deceive devices and initiate unauthorized transactions.

Steps to Secure Aadhaar Biometric Information

The Unique Identification Authority of India (UIDAI) is proposing an amendment to the Aadhaar (Sharing of Information) Regulations, 2016. This amendment would require entities possessing Aadhaar numbers to refrain from sharing details unless the Aadhaar numbers have been appropriately redacted or blacked out, both in print and electronic formats.

• Furthermore, the UIDAI has introduced a new two-factor authentication mechanism that employs a machine-learning-based security system.
• This mechanism combines finger minutiae and finger image capture to verify the authenticity of a fingerprint, ensuring its ‘liveness.’
• Users are also advised to secure their Aadhaar information by utilizing the UIDAI website or mobile app to lock it.
• This precautionary measure ensures that even if their biometric information is compromised, it cannot be used for unauthorized financial transactions.
• The information can be unlocked temporarily for specific biometric authentication requirements, such as property registration or passport renewals, after which it can be locked again.

Reporting Financial Scams using Aadhaar

In the event of any suspicious activity observed in their bank accounts, it is strongly recommended that users promptly lock their Aadhaar biometric information if they have not done so already.

• Additionally, users should immediately notify their banks and the relevant authorities.
• Taking prompt action can facilitate the return of funds transferred through fraudulent means to the affected individuals.
• The Reserve Bank of India (RBI) has issued a circular stating that customers are entitled to zero liability if an unauthorized transaction occurs and they inform the bank within three working days of receiving a communication from the bank regarding such an unauthorized transaction.

Aadhaar-Voter ID Linkage: Key Details and Associated Concerns

Aadhaar-Voter ID Linkage: Key Details and Associated Concerns

Sharing is caring!