Hyderabad: Technology has become an integral part of every aspect of our lives within the last 20 years. With the ever-increasing digitisation in our country, be it mobile and data penetration or digital banking platforms, it has become very challenging to safeguard one’s identity. In the current scenario of cybersecurity breaches and attacks, authentication of someone’s data before allowing any access is the most vital step.
Biometric recognition refers to automated recognition of people based on biometric scans of fingerprints, face, iris, palm prints, retina, hand geometry, voice, signature and gait. It’s the most effective method of identifying and authenticating individuals in an extremely reliable and timely manner using unique biological characteristics. It has replaced traditional authentication methods such as personal ID cards, magnetic cards, keys or passwords.
Biometric recognition is intrinsically linked to someone and can’t be easily compromised through theft, collusion or loss. Most of the time, access is lost because of social engineering tactics like people falling easily into traps.
Frauds based on forged biometrics
Many biometric frauds have already been reported involving sizeable amounts of stolen biometrics and fake fingerprints. There are two scenarios of fraud: (a) for faking attendance and (b) for financial gain.
* Insiders are used by fraudsters to identify where people provide biometrics for non-financial transactions such as property registration.
* Such records include a duplicate of the fingerprint as well as the person’s Aadhaar card number.
* Fraudsters use simple techniques to create an exact replica of the fingerprint by (1) using M-seal and Fevicol (2) taking a print, uploading the fingerprint to www.remove.bg and printing on cellophane tape (3) They upload a large number of fingerprints obtained from the dark web and replicate them with advanced computer-driven technology.
* After creating a replica of the fingerprint, the fraudster determines whether the Aadhaar card number is linked to bank accounts. This is critical to understand before using the card for financial transactions.
* They aggregate all Aadhaar card numbers linked to bank accounts and the fraudster is now ready to use the fake biometric alongside the Aadhaar number, either on an AEPS-enabled Micro-ATM or a hand-held device that supports Aadhaar-based payment processing.
* If fraudsters use fake biometrics at Micro-ATMs, it’s mostly with the knowledge of the banking correspondent (BC). For such transactions, they cannot use forged fingerprints but thumb impressions. In this case, money is given by the BC to the fraudster upon identification, subject to provision of funds.
How to safeguard from biometric fraud
It’s a tough reality that, unlike a password, you can’t change your fingerprints if they’re stolen. The country’s digital infrastructure has grown exponentially in recent years, and a large number of people used biometric identification to access government benefits during the pandemic. Although this is often not a technical loophole within the Aadhaar system, such fraud can bring down customer trust.
* Mobile, E-mail (registration/correction): Aadhaar has made it easier to change your details instantly and the process completes with a one-time password for your phone or e-mail as registered on Aadhaar. If you lose your phone or change your mobile number or forget the email password, update your Aadhaar card immediately as they are prone to social engineering scams.
* Biometrics Locking: Biometrics such as iris scans, fingerprints and photographs are linked to Aadhaar and are not easy to forge. However, there have been cases of counterfeit biometrics that have been reported. In such cases, Aadhaar has now come out with a biometric locking option which can be done via UIDAI or the mAadhaar app.
* Virtual ID: The 16-digit number can be used in place of the Aadhaar number for all eKYC verification purposes. This can be used for all virtual transactions. You can download from https://myAadhar.uidai.gov.in/ (select the masked VID option)
* Masked Aadhaar: This number can be shared without the 12-digit number (only the last four digits are visible). The masked Aadhaar option basically allows you to mask your Aadhaar and you can download it from https://myAadhar.uidai.gov.in/ (select the masked Aadhaar option)
* Check regularly: Log on to the UIDAI portal and verify your authentication and periodically check and implement new security introduced by UIDAI to safeguard from fraudsters.
Stay tuned to Cyber Talk for more on Internet Ethics and Digital Wellness brought to you by Anil Rachamalla of End Now Foundation, www.endnowfoundation.org