Current Affairs

UPSC Objectives and key services extended by the AePS model, existing loopholes in the model and possible remedies - English

Context

5. Several instances of scams have been reported in various parts of the country wherein cybercriminals have used silicone thumbs to replicate Aadhaar-linked fingerprints to drain users’ bank accounts.

Aadhaar-enabled Payment System (AePS)

5. The Aadhaar-enabled Payment System (AePS) is a bank-led model which facilitates online financial transactions at Point-of-Sale (PoS) devices (micro ATMs) of any bank with the help of Aadhaar authentication.
5. The AePS allows an individual to withdraw money in their bank account from anywhere in the country using a local “Business Correspondent (BC)”.
5. A Business Correspondent (BC) acts as an informal bank agent equipped with a biometric Point-of-Sale (PoS) machine which is a type of micro-ATM.
5. According to the National Payments Corporation of India (NPCI), the AePS model helps transfer the funds using only the Bank Name, Aadhaar Number, and Fingerprint captured during Aadhaar enrolment.
5. Thus the AePS model negates the need for OTPs, bank accounts and other financial details.
5. Various banking services offered by AePS, apart from cash withdrawal include cash deposit, balance enquiry, mini statement, Aadhaar to Aadhaar fund transfer, BHIM Aadhaar Pay, authentication, etc.

objectives

5. To empower individuals to use their Aadhaar as an identity to access their bank account and perform basic banking transactions.
5. Furthering Financial Inclusion.
5. In line with the Reserve Bank of India (RBI)’s goal of electronification of retail payments.
5. To facilitate interoperability across banks in a safe and secure manner.
5. Activation or enabling of AePS: Unique Identification Authority of India (UIDAI) and NPCI have not clearly mentioned whether AePS is enabled by default.
5. According to Cashless India, which is a website managed and operated by the Ministry of Electronics and Information Technology (MeitY), AePS service does not require any activation and the only requirement is that the user’s bank account must be linked with their Aadhaar number.
5. As per the UIDAI, individuals who wish to receive any benefit or subsidy under schemes notified under section 7 of the Aadhaar Act, must mandatorily submit their Aadhaar number to the banking service provider.

Loopholes in AePS model

5. Scammers and cybercriminals have made use of the biometric information of the customers linked with Aadhaar to operate biometric POS devices and biometric ATMs.
5. Aadhaar data breaches have been reported multiple times in the past, but the UIDAI has denied any breach of data.
5. The UIDAI has held that the Aadhaar information such as biometric data is fully safe and secure.
5. Apart from the UIDAI’s database, the biometric information linked with Aadhaar can be leaked from other sources where such crucial information is readily available in the form of photocopies, and soft copies.
5. Criminals have also made use of silicone to trick devices into initiating transactions.
5. Corrupt Business Correspondents (BC) have also manipulated users and have been involved in AePS frauds.

Way forward

5. The UIDAI has proposed an amendment to the Aadhaar (Sharing of Information) Regulations, 2016, which mandates entities in possession of an Aadhaar number to not share details unless the Aadhaar numbers have been redacted or blacked out through appropriate means.
5. The UIDAI has come up with a two-factor authentication mechanism developed with the help of a machine-learning-based security system that captures finger minutiae and finger images to analyse the ‘liveness’ of a fingerprint.
5. Further, the users must ensure that they lock their Aadhaar information by visiting the UIDAI website or using the mobile app.
5. Locking of Aadhaar information will prevent the initiated financial transactions even if the biometric information is compromised.
5. Users and customers are also urged to inform the banks and the concerned authorities as soon as possible in case of any suspicious activity in their bank accounts.
5. According to a circular issued by the RBI, a customer is entitled to zero liability if the customer informs the bank within three working days of receiving a communication from the bank regarding such an unauthorised transaction.
5. Thus, timely reporting can help in ensuring that the money transferred using fraudulent means is returned to the victim.

BANK ACHIEVERS Achievers