Technology has become an integral part of every aspect of our lives with the technology revolution we’ve witnessed many changes within the last twenty years. With the ever-increasing digitisation in our country, be it mobile & data penetration or digital banking platforms, it’s become very challenging to safeguard one’s identity. In the current scenario of cybersecurity breaches and attacks, authentication of someone’s data before allowing any access is the most vital step.
Biometric recognition refers to the automated recognition of people based on the biometric scan of fingerprints, faces, iris, palm prints, retina, hand geometry, voice, signature, and gait. It’s the most effective method of identifying and authenticating individuals in an extremely reliable and timely manner using unique biological characteristics. It has replaced traditional authentication methods, like personal ID cards, magnetic cards, keys, or passwords, because biometric recognition intrinsically linked to someone and thus can’t be easily compromised through theft, collusion, or loss. Most of the time, access is lost because of social engineering tactics like people falling easily into their traps, usually out of greed or fear
Frauds based on forged biometrics:
Many biometric related frauds have already been reported involving sizeable amounts of stolen biometrics, and fake fingerprints. There are two scenarios of fraud, i.e., (a) for faking attendance and (b) for financial gain.
- Insiders are used by fraudsters to identify potential locations where people will provide their biometrics for non-financial transactions such as property registration.
- Such records include a duplicate of the fingerprint, as well as the person’s Aadhaar card number.
- Fraudsters use simple techniques to create an exact replica of the fingerprint, by the way of (1) using M-seal and Fevicol (2) taking a print, uploading the finger print to www.remove.bg, and then printing on cellophane tape (3)They upload a large number of finger prints obtained from the dark web and replicate them with advanced computer-driven technology.
- After creating a replica of the fingerprint, the fraudster determines whether the Aadhaar card number is linked to any bank account. This is critical for the fraudster to understand before using the card for any financial transaction.
- They aggregate all Aadhaar card numbers linked to bank accounts, and the fraudster is now ready to use the fake biometric alongside the Aadhaar number, either on an AEPS enabled Micro-ATM or a hand-held device that supports Aadhaar-based payment processing.
- If fraudsters use fake biometrics at Micro-ATM, it’s mostly with the knowledge of the banking correspondent (BC). For such a transaction, they cannot use a forged fingerprint but a thumb impression. In this case, money is given by BC to the fraudster upfront upon identification, subject to the provision of the fund.
How to Safeguard yourself from Biometric Frauds:
It’s a tough reality that, unlike a password, you can’t change your fingerprints if they’re stolen. If the biometric data gets leaked, unlike changing your passwords or creating a brand-new account, people won’t be ready to change their fingerprints or their facial structure. The country’s digital infrastructure has grown exponentially in recent years, and a large number of people used biometric identification to access government benefits through the Department of Biotechnology during the pandemic. Although this is often not a technical loophole within the Aadhaar system, such fraud can bring down the customer trust within the whole ecosystem.
- Mobile , E-mail (Registration / Correction) – Aadhar has made it easier to change your details instantly and the process completes with One Time Password for your phone or e-mail as registered on Aadhar. If you lose your phone anywhere or change your mobile number or forgot the password of email, do not forget to update your Aadhaar card immediately as they are prone to social engineering scams.
- Biometrics Locking – Biometrics such as IRIS scans, fingerprints, photographs are linked to the Aadhar card and it’s not easy to fraud in this regard. However there have been cases of Counterfeit Biometric which have been reported. In such cases, Aadhar has now come out with biometric locking option which can be done via . UIDAI or the mAadhaar app.
- Virtual ID – The 16-digit number can be used in place of the Aadhaar number for all eKYC verification purposes, this can be used for all Virtual Transactions. you can download from https://myaadhaar.uidai.gov.in/ (Select the masked VID Option)
- Masked Aadhaar – This number can be shared without the 12 digit number (Only last four digits are visible). The masked Aadhaar option basically allows you to mask your Aadhaar and you can download from https://myaadhaar.uidai.gov.in/ (Select the masked Aadhar Option)
- Check regularly – You may log on UIDAI portal and verify your authentication and periodically check and implement new security introduced by UIDAI to safeguard from fraudsters