Cybercriminals keep coming up with ‘innovative’ ideas to steal your sensitive information as well as money. The latest ‘hack’ they’ve come up with is – stealing money from people’s bank accounts by cloning fingerprints and withdrawing huge amounts via Aadhaar Enabled Payment System (AEPS).
The inclusion of this new idea in the hacking market was revealed after the Noida police arrested a person skilled in cloning fingerprints and withdrawing money via AEPS.
As per the investigation by the Noida police, cybercriminals were misusing AEPS, which allows customers to make payments using their Aadhaar number and by providing Aadhaar verification at point of Sale (PoS) or micro ATMs.
Triveni Singh, Superintendent of Police, cyber cell, said, “During our investigation, we found that the money was withdrawn using AEPS. We found that victims’ never used their thumb impression to withdraw the money it was a gang of hackers who had cloned the fingerprints and Aadhar numbers of victims to carry out illegal transactions.”
Rohit Tyagi, the main accused, stole Aadhar numbers and fingerprints of people from the registrar office. He had gained the knowledge of hacking and cloning via YouTube and other websites. Tyagi had even purchased equipment for cloning fingerprints from popular online shopping websites. He also had a biometric machine, gelatin, temperature modulator, rubber thumb impression printer, and other chemicals used in cloning. After being successful in withdrawing money from someone else’s account, Tyagi used to buy cryptocurrency to remain untraceable.
This arrest by the Noida Police has given rise to the need of UIDAI and the banking industry to look for more stringent security features for stopping the misuse of fingerprints and Aadhar numbers.
Satyendra Sharma, Senior Manager IT, PNB, said, “AEPS is activated by default if a customers’ bank account is linked with Aadhar. A customer can withdraw Rs 10,000. RBI has not set any limit on transfer between accounts, but banks have provision of transferring Rs 25,000- Rs 50,000 through AEPS.”
A suggestion made by banking experts is to use face recognition and retina scan for making payments as these are tough to replicate.