AADHAAR SCAM

Submitted by:-
ARJUN AUL
12017628
B.COM
Aadhaar (INTRODUCTION)
Aadhaar is a 12-digit unique identity number that can be obtained voluntarily
by residents or passport holders of India, based on
their biometric and demographic data. The data is collected by the Unique
Identification Authority of India (UIDAI), a statutory authority established in
January 2009 by the government of India, under the jurisdiction of the Ministry
of Electronics and Information Technology, following the provisions of
the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and
services) Act, 2016.
Aadhaar is the world's largest biometric ID system. World Bank Chief
Economist Paul Romer described Aadhaar as "the most sophisticated ID
programme in the world". Considered a proof of residence and not a proof of
citizenship, Aadhaar does not itself grant any rights to domicile in India. In June
2017, the Home Ministry clarified that Aadhaar is not a valid identification
document for Indians travelling to Nepal and Bhutan.
Prior to the enactment of the Act, the UIDAI had functioned, since 28 January
2009, as an attached office of the Planning Commission (now NITI Aayog). On
3 March 2016 a money bill was introduced in the Parliament to give legislative
backing to Aadhaar. On 11 March 2016 the Aadhaar (Targeted Delivery of
Financial and other Subsidies, benefits and services) Act, 2016, was passed in
the Lok Sabha.
Despite the validity of Aadhaar being challenged in the court, the central
government has pushed citizens to link their Aadhaar numbers with a host of
services, including mobile sim cards, bank accounts, the Employees' Provident
Fund Organisation, and a large number of welfare schemes including but not
limited to the Mahatma Gandhi National Rural Employment Guarantee Act,
the Public Distribution System, and old age pensions. In 2017 reports suggested
that HIV patients were being forced to discontinue treatment for fear of identity
breach as access to the treatment has become contingent on producing Aadhaar.
 Fraud Management System For UID Aadhaar

OVERVIEW
Nowadays, due to the meteoric increase in the population, it is
necessary to identify each individual uniquely. The ability to identify a
person uniquely, reduces the chances of getting deceived by malicious
residents and increases the chances to avail various social benefits and
security. It is necessary to protect one’s own identity to avert crimes
caused due to identity theft.
To avail any services provided by the government, one should prove
that, they are the genuine individual they claim to be. This can be done
with the help of UID Aadhaar card, which provides the proof regarding
the person’s genuine identity.
There are several advantages of having an Aadhaar card such as,
• Universal address proof: Address proof is required by various
organizations. Aadhar card can be used in such situations.
• Can open a bank account, invest in mutual funds or buy an insurance
policy.
• Receive government benefits directly: with the help of Aadhaar card,
this process is simplified by accessing these benefits directly by linking
Aadhaar card to the bank account.
• Digital locker: Digi-locker system has been initiated by the
government, so that the individual can store their personal documents
 ENROLLMENT FRAUD SCENARIOS

The objective of fraud management system will be to ensure that

fraud enrolment is detected and prevented.
A fraud management solution is required to detect and reduce
enrolment related frauds.
The fraud management solution should be able to detect frauds
such as:

A. Misrepresentation of information:
Illegal immigrants, terrorists who enter into the country will enroll into
the UID Aadhaar by producing fake supportive proof of identity, proof
of residence documents. The enrolment system cannot identify these
intentional misrepresentation of demographic information (unless
there is similar de-duplication of data). These illegal immigrants, by
producing fake original documents at CEC (Citizens Enrolments
Centre) or by bribing the CEC agents or by stealing the credentials of
CEC agents, these malicious residents get enrolled in the program.
This means that, they cannot be identified by bio-metric de-
duplication checks in the enrollment server.

B. Enrolments for non-existent individuals:

The illegal immigrants can collect the dead citizens demographic
details & get enrolled to the UIDAI system, if the dead individual didn’t
get enrolled into the UIDAI system yet. If the dead individual has
already enrolled to the UIDAI system, then enrolment system
biometric de-duplication ABIS module detects and rejects the
application.
C. Enrolments outside the country:
This is strange enrollment scenario where the fraud racket team with
the support of the respective country’s CEC agents, getting their
credentials either by bribing or stealing, carry out mass enrollment
activities outside the country for the illegal immigrants. Such frauds
can be detected by tracking the IP address of the enrollment client.
So, we need to capture IP address of the desktop enrollment client
machine into our proposed data set.

D. Enrolment during unusual hours of the day:

This is additional time stamp parameter which we need to add into
data set. All the CEC’s enrollment activities must be closed after a time
window specified by the government.
 A snippet of the online search for Aadhaar fraud. Credit: The Wire

Even this number is quite likely to be an underestimate as the search was

restricted to only English media outlets. It is important to note that these
cases are not meant to be exhaustive nor representative, but instead, seek to
bring to light an issue that has not received much attention.

A long list of frauds

The search reveals that Aadhaar has been used for a wide range of purposes –
carrying out land transfers, procuring passports, getting loans, casting votes,
obtaining other IDs, siphoning off ration grains, etc. These include cases of
‘identity theft’ – Aadhaar details of persons have been altered, or Aadhaar
details have been forged by changing the photographs and names and taking
scans. The genuine holders of Aadhaar have subsequently found themselves in
a soup when they were told that loans in their name were not honoured or
land transfers in their name were carried out without consent. Such instances
are especially striking given that identity theft is precisely what Aadhaar was
supposed to fix.

While most of the cases involved a single or few persons indulging in petty
frauds, a third of the cases were related to rackets where fake or forged
Aadhaar were being mass-produced. The methods involved in these cases
varied – the two most common were Aadhaar numbers being issued based on
fake or forged documents, and details like name, photographs being forged
using rudimentary editing techniques and printers. There have also been
instances of biometric and/or demographic details (fingerprints, photographs,
names and addresses) being altered at the stage of enrollment. In a few cases,
sophisticated methods were used to exploit loopholes in the enrollment
process to generate fake Aadhaar numbers. The most prominent of these was
the case of a gang in Uttar Pradesh that was caught generating Aadhaar for
fictitious persons by cloning the fingerprints of Aadhaar enrollment
operators.

A man goes through the process of eye scanning for the Unique Identification database system,
also known as Aadhaar, at a registration centre in New Delhi, India, January 17, 2018. Picture
taken January 17, 2018. Credit: Reuters/Saumya Khandelwal – RC1F67907F80

The usual official response has been to discredit such reports by stating that
no authentic Aadhaar numbers were generated in these cases – that they were
simply instances of forgery. Going by the various methods of fraud employed,
this justification is only partly correct. In 45 cases, either valid Aadhaar
numbers were generated (for instance using fake/forged documents) or the
Aadhaar details in the database altered (for instance, using the online detail
updating facility).

Moreover, this UIDAI argument misses a key point: irrespective of the method
involved, Aadhaar seems to have become extremely easy to fake or forge in
paper form and use as ID for a range of services including to obtain SIM cards,
open bank accounts, obtain loans, book hotel rooms, get married in court,
prove identity for air and train travel, etc. That many of these instances did
not involve UIDAI issuing an authentic Aadhaar number does not change the
fact that fake or forged Aadhaar details have been used to carry out fraud.
In addition to the cases of forgery and fakes, 17 cases of Aadhaar-enabled
banking frauds were compiled by Vipul Paikra, an independent researcher
(also available here). In a country with low financial and technological
literacy, it is easy for people to fall prey to various types of frauds, especially
phishing scams.

A member of parliament recently lost Rs 27,000 after revealing an Aadhaar

one-time-password (OTP) to fraudsters over the phone. In another instance,
con-men tricked persons on the pretext of linking their Aadhaar to their PAN
(issued by the income-tax department for tracking financial transactions) into
revealing an OTP which was then used to change the linked-mobile number in
the Aadhaar database. Such instances highlight the need for authorities to
raise awareness about how to use Aadhaar and clarify what information is not
supposed to be shared.

On the latter, unfortunately, the UIDAI has itself spoken with a forked tongue
– they have claimed that Aadhaar numbers are not supposed to be
confidential every time data leaks have been identified, while at the same
time issuing notices urging people to be careful when sharing Aadhaar
numbers.

Neither Aadhaar ‘card’ reliable, nor Aadhaar-based biometric

authentication

SCAM:- 1

As its scale and use has expanded, several aspects of Aadhaar have created
cause for worry. Regular reports of data leaks have raised doubts about the
reliability of the data-security infrastructure. Most recently, a security
researcher identified an online dashboard of the Andhra Pradesh government
that was publicly displaying Aadhaar numbers linked to large amounts of
personal information including addresses and bank details which were
compiled through Aadhaar. Moreover, the fact that the dashboard allowed
households to be precisely geo-located by caste and religion highlights the
grave implications of Aadhaar on privacy.

To add to these serious concerns, the results from the online search suggest
that contrary to its proponents’ claims, Aadhaar has facilitated a range of
frauds. They also highlight the urgent need for closely monitoring the rapidly
expanding use of Aadhaar ‘cards’ and increasing awareness about Aadhaar
usage and vulnerabilities.
Further research is however needed to better understand both, the role of
Aadhaar in curbing fraud, and the extent to which it enables fraud.

SCAM:- 2

In January 2018, eight persons were arrested in Chandigarh for purchasing

expensive mobile phones with fraudulent loans secured using
fake Aadhaar cards. The accused, among whom were former bankers and
employees of a finance company, had placed their own photographs on
others’ Aadhaar cards to secure bank loans, and were booked for cheating,
fraud, forgery and criminal conspiracy under the relevant sections of the Indian
Penal Code.

This is just one among the 73 incidents of misuse of the Unique Identity
Authority of India’s (UIDAI) Aadhaar programme that have been reported in the
English-language media so far this year (up to May 7, 2018). This averages
nearly four incidents each week, as per a new database created by independent
researchers Anmol Somanchi and Vipul Paikra.

Of these, 52 cases involved fake or forged Aadhaar numbers–coming up with

entirely new Aadhaar enrolment based on fake details, or forging existing cards
by replacing certain details like photographs–and 21 involved Aadhaar-related
banking frauds.

In the six years since the launch of the Aadhaar programme in September 2011,
164 cases of forged or fake Aadhaar numbers and Aadhaar-related banking
frauds have been reported in the English-language media, the database noted.
These include 123 cases of fake or forged Aadhaar numbers or cards and 41
cases of Aadhaar-related banking fraud.

“This database does not include the whole gamut of reported incidents of
Aadhaar-related fraud and forgery,”

Lack of clarity

“The ambiguity around Aadhaar has led to an increasing number of cases where
citizens are swindled of their money,” Somanchi said. “India is still grappling with
limited financial, technological literacy–people aren’t sure of what they should or
should not share and the authorities have failed to provide that clarity.”

The government has been speaking “with a forked tongue” in this regard,
Somanchi said, adding, “On one hand they insist the uniqueness of the Aadhaar
number prevents duplicity and is an in-built layer of security–on the other hand
they advise caution on sharing of Aadhaar details. So what should citizens
believe?”
As of April 2018, more than 1.2 billion Indians–99.7% of the population–
had enrolled under the programme. The Aadhaar database, which the
government is keen to integrate with policy, regulation and benefits-transfer
programmes, includes fingerprints, iris scans and demographic details of every
enrolled individual. From July 1, 2018, the system will also
include facial recognition features for identity authentication.

Most frauds happen because people using Aadhaar don't have enough clarity
on how much information to share. Every year, the number of fraudulent credit
card, bank account, loans and other transactions carried out
using Aadhaar keeps rising. Fraudsters also use Aadhaar-mobile phone linking
to create fake identity.

Year-Wise Aadhaar Enrolment And Cases Of Fake Or Fraud Aadhaar

Reported
Citizens Enrolled
Year Reported Incidents Of Aadhaar Misuse
(Cumulative)
2011 100 million
2012 210 million 3
2013 510 million 1
2014 720 million 4
2015 930 million 6
2016 1.11 billion 13
2017 1.18 billion 65
2018* 1.21 billion 73

Source: Somanchi & Paikra's database of media reports on Aadhar-related

forgery, counterfeit and fraud (and UIDAI data for enrolment numbers)Note:
*Data as of May 2018

1/3rd cases involve multiple UID numbers

Among cases of fake or forged Aadhaar numbers or cards, 52 of the 123

reported incidents (42%) involved forgery of only Aadhaar details, according to
the database.

In at least 38 cases (31%), other documents such as permanent account

number–a unique 10-digit alphanumeric identity allotted to taxpayers by the
income tax department–driver’s license and voter identity card were also forged
or faked, the database showed.
In a recent case of forgery reported from Mumbai, 40 bank accounts had been
opened using forged documents including Aadhaar, as noted in the Hindustan
Times report of March 31, 2018, that is included in the database. The accused–
who had acquired eye and finger scanners to produce fake Aadhaar numbers–
would charge Rs 2,000 to make a fake Aadhaar card, Rs 800 to 1,000 for a fake
PAN card, Rs 10,000 for a fake driver’s license and Rs 1,000 for a fake voter
identity card, the report said.

Information on how many documents were forged was unavailable for 33 or 27%
of cases, the database noted.

More than a third (43) of the fake or forged Aadhaar card/number cases involved
forgery of multiple Aadhaar numbers, which researcher Somanchi has described
in the database as an “Aadhaar racket”. These include five cases where
Aadhaar numbers have been counterfeited to misuse the public distribution
system (PDS), under which subsidised foodgrain and non-food items are
provided to underprivileged citizens across the country.

In Bengaluru, for instance, the Karnataka state food and civil supplies
department had discovered large-scale use of fake Aadhaar numbers linked to
bogus below-poverty-line (BPL) ration cards to siphon off subsidised foodgrain
distributed under the state’s Anna Bhagya scheme, according to this Deccan
Chronicle report from October 13, 2016, listed in the database.

Controversies, contestations

However, Aadhaar-related hiccups are far fewer than other problems holding up
beneficiaries’ access to PDS, the State of Aadhaar Report 2017-18 by
philanthropic investment firm Omidyar Network, released on May 17, 2018,
showed.

Between September and December 2017, about 2 million PDS beneficiaries in

rural Andhra Pradesh, Rajasthan and West Bengal, accounting for 0.8%, 2.2%
or 0.8% of all PDS beneficiaries, respectively, were found excluded from the
states’ PDS programmes due to Aadhaar-related factors. However, a much
larger proportion of beneficiaries, 6.5%, were excluded due to non-Aadhaar
factors (such as non-availability of ration), the report said.

From 2014-15 to 2017-18, Aadhaar’s direct benefit transfer system as well as

digitisation and other initiatives had enabled the government to detect and
delete 27.5 million fake and duplicate ration cards, saving Rs 16,792 crore in the
PDS programme, the report added.

Aadhaar rackets aside, 19 cases of illegal migrants faking or forging Aadhaar

identities to reside in India have also been reported, the database noted. In four
cases, Aadhaar numbers were forged to fraudulently obtain bank loans. In two
cases, terrorists had procured fake/forged Aadhaar numbers to legitimise their
stay in the country.

The Aadhaar programme has always been controversial, particularly since the
government’s 2016 move to compulsorily link several government services and
benefits with Aadhaar, as IndiaSpend reported on March 31, 2017. The
Supreme Court has just finished hearing a bunch of petitions challenging the
constitutional validity of Aadhaar–the second-longest oral hearing in the history
of the top court–and is likely to announce a verdict in July or
August, DNA reported on May 11, 2018.

At one of the hearings, Attorney General K. K. Venugopal, appearing for the

state, argued that the programme would prevent bank fraud, illegal financial
transactions, and the misuse of telecommunication networks by terrorists, The
Financial Express had reported on April 5, 2018.

However, the apex court observed that Aadhaar could do little to stop banking
fraud and questioned the government’s move to demand that the entire
population of the country link their mobile phones with Aadhaar “just to catch a
few terrorists”, the The Financial Express report said.

“This is a fundamental misunderstanding of what causes terrorism or banking

frauds,” Somanchi said. “Serving up Aadhaar as a panacea for all problems is
taking it too far. A socio-economic problem such as terrorism can’t be solved
with a technological fix like Aadhaar–assigning sophisticated numbers to
individuals isn’t a crime deterrent.”

Further, there have been cases where individuals have been unable to use
their Aadhaar cards as proof of identity because their biometric data did not
match with the records.

At a recent court hearing, UIDAI admitted that 6% of Aadhaar authentication

requests using fingerprints (927,123 transactions) are known to fail, and 8.5%
(36.9 million transactions) using iris scans, LiveLaw reported on April 3, 2018.

In all, Aadhaar-based biometric authentication for accessing government

services have been recorded as failed 12% of the time, UIDAI told the court,
according to this report in TheQuint on March 29, 2018. It denied, however, that
this meant exclusion from or denial of subsidies or benefits, saying the
authentication requesting agency is supposed to use alternative means of
identification in such cases, the LiveLaw report said.
Combined with the findings of the database, UIDAI’s submissions in court
suggest neither are Aadhaar biometrics reliable, nor are the cards infallible,
Somanchi said.
 Preventive Measures Against Aadhaar Scam
A. LOCK BIOMETRIC DETAILS
v Visit the official website of UIDAI:
o resident.uidai.net.in/biometric-lock.
v Enter your Aadhaar number and the security code.
v Now click ‘Send OTP’ and you will soon receive a code on your registered
mobile number.
v Enter the code and click ‘Verify’.
v On the new page, click ‘Enable Biometric Locking’ and then click ‘Enable’. If
you wish to unlock your biometrics, visit the website mentioned and click
‘Disable Biometric Locking’.

B. Mobile & EMAIL Registration

v The Aadhaar card authentication has made online transactions very easy.
During this process, an OTP is sent to the registered mobile number which
has to be entered to be eligible for the various services. Therefore, it
becomes imperative to link your mobile number and your Aadhaar card.
Once you receive the OTP remember not to ever share it with anyone under
any circumstances. Many cases have been reported where fraudsters have
called up people asking for the OTP received and then used them for hoax
activities. To reduce such practices another feature has been introduced
which is the TOTP (Time-based OTP). By using this feature you can generate
this code in your mobile Aadhaar app for the process of authentication.
v To verify your mobile number registered with the Aadhaar card, you need to
visit the official website of UIDAI. There will be an option of “Verify
Email/Mobile number”. When you click it you will be redirected to a page
where you need to fill in your details including the security code and then
click “Get OTP”. You will soon receive the code which is to be entered in the
OTP field, thereafter click ‘Verify OTP’. If the verification is complete you will
be taken to a page that would say, “Congratulations”.

v In case you lose/stop using the mobile number that is registered with your
Aadhaar, you must update your mobile number at the earliest. If you are
linking your mobile for the first time or have to correct the number that is
registered with the UIDAI, you would have to visit your nearest Aadhaar
centre and fill in the Update/Correction form or download the same from the
 website. The form is to be submitted to the designated official. Once the
verification is done it would take 7-10 days for the updation to be complete.

C. AADHAAR VIRTUAL ID
v The visual ID, which is a temporary code of 16 digits, is a substitute for your
Aadhaar number. The Aadhaar Virtual ID adds an extra layer of security to
your Aadhaar details. It can be used for Aadhaar authentications and also for
your e-KYC at government and private agencies. A virtual ID can be
generated and share it with the agency. Once verified, the new virtual ID can
be generated the next day, making it almost impossible for anyone to find
out your details.