The Unique Identification Authority of India (UIDAI) has recently advised people about safe cyber hygiene practices while using the Aadhaar card on a public computer.
In a tweet, UIDAI warned people to avoid downloading e-Aadhaar on a public computer such as internet cafés or kiosks. However, “if you do, delete all downloaded copies of e-Aadhaar,” it said.
Aadhaar is an important document required for most know-your-customer (KYC) verification purposes, such as opening a Demat account or a bank account.
Nilesh Sangoi, chief information officer (CIO) of Fincare Small Finance Bank, said there is no hacking threat on a bank account in case your Aadhaar number, date of birth (DOB), or address is leaked. Sangoi, however, advised people to avoid “banking on public computers at libraries, cyber cafes, hotels, etc.,” and log off immediately after completing the task.
Nonetheless, several banking security protocols are in place to verify a user’s authenticity. For example, your ATM card has a pin, and your net-banking access is protected by OTP and a unique catchphrase that only you would know. Besides, nobody can withdraw cash from your account at a bank branch only by showing an Aadhaar card, since signature and other documents must be produced and matched with records.
Pinakin Dave, country manager, India and SAARC region, OneSpan, a Chicago-based cyber security company, said banking and financial institutions deploy security protocols like certificate pinning for safe banking, regardless of the customer’s internet security.
In its frequently asked questions (FAQ) section, UIDAI asserts that "by merely knowing your ATM card number, no one can withdraw money from the automated teller machine (ATM)." Likewise, knowing your Aadhaar number alone, hackers can't withdraw money or access other services from your bank account.
Although your bank account cannot be hacked by merely knowing your Aadhaar number, it can be misused, and you can become a victim of identity theft, cyber scams, and others.
E-Aadhaar is an electronic copy of your physical Aadhaar card, and it is also a valid proof of KYC for a host of services. So if you are using a cyber cafe to log into the website of UIDAI and download your e-Aadhaar card, you could be exposing yourself to a cyber security risk.
Pinakin Dave of OneSpan, advises people to log out of the system and make sure to delete all the downloaded copies permanently. If you don't do that, "fraudsters will be able to steal your information, including thumbprints, biometric data, and other details." They can also download digital fingerprints using various methods and transfer them to a physical surface.
According to a Delhi-based market research company, LocalCircles, 33 per cent of Indian consumers store their bank account, debit or credit card and ATM passwords, Aadhaar and PAN details on email or computer. It is a terrible cyber hygiene practice and can pose a significant risk if your email or computer is hacked.
In May 2022, the Times of India (TOI) reported that four people in Madhya Pradesh were running an Aadhaar payment scam. They had cloned people's fingerprints using gelatin, a rubber thumb impression printer, a temperature modulator, and chemicals. All the accused were arrested.
In June 2021, a gang in Gurugram copied over 2000 registration documents to know people's Aadhaar numbers, names, and other details to create illegal mobile wallets.
"They carried out transactions through AePS (Aadhaar Enabled Payment System). At one time, they could withdraw Rs 10,000 only from an account. So they carried out multiple transactions in a short time and withdrew large amounts from different accounts. The money was transferred to their bank accounts from these digital wallets," SP Deepak Gehlawat told TOI at that time.
Crimes related to Aadhaar fraud have been reported in several states across India, including Lucknow, Jharkhand, and Tamil Nadu. That's one of the reasons why UIDAI has asked people not to access Aadhaar data on a public computer, added Dave.
