Digital security

Sophisticated Aadhaar-related bank fraud has left police in Delhi and Noida baffled

The con involves the fraudulent withdrawal of money from bank accounts of victims with the help of a SIM card, Aadhaar and the United Payments Interface.

The police in Delhi and the neighbouring township of Noida are investigating several complaints of fraud in which money was suspected to be siphoned out of bank accounts of victims with the help of a Unified Payment Interface-supported application linked to Aadhaar, the 12-digit biometrically linked unique identification number that the government wants every Indian resident to have.

The fraud seems similar to the debit card scams that were rampant in India not long ago, which were aimed at people who are less digitally savvy and end up giving confidential information away on a phone call. Though the police are investigating a number of these cases, which involve Aadhaar-linked United Payments Interface apps, there is much they still do not understand about the scams.

The United Payments Interface is a system that allows users in India to transact across 30 banks using their smartphones. It was developed by the National Payments Corporation of India, an umbrella organisation of banks.

“Since March, the police in Delhi and Noida have received more than 30 such cases,” said Kislay Chaudhary, cyber security consultant to several government agencies and police departments in India.

How the scam works

According to Chaudhary, the modus operandi in this racket involves a complicated procedure in which a caller, pretending to be a representative of the Unique Identification Authority of India, which manages the Aadhaar database, calls the victim on the pretext of linking their Aadhaar with their Permanent Account Numbers. This is one of the linkages the Union government has been pushing hard for.

Chaudhury said that the caller first asks the victim for their Aadhaar number and then tells them this is a verification call. The caller then asks them to reveal the code sent to their phone from the Unique Identification Authority of India to complete the verification process. When the victim reveals this number, the caller’s job is done.

The code is actually a One-Time Password generated by the Unique Identification Authority of India. It is sent to the registered phone numbers of those enrolled with Aadhaar when a request is made on the website to change the personal details, such as telephone number, of an Aadhaar holder.

“This alteration can be done through the UIDAI [Unique Identity Authority of India] website, which is actually a facility provided for the convenience of people,” said Chaudhary.

He added that the conman then uses the One-Time Password to change the phone number linked to the victim’s Aadhaar number on the website. “The perpetrators are suspected to have replaced the victims’ phone numbers with numbers in their possession,” said Chaudhary.

The conman’s next step is to download a popular United Payment Interface-supported application, which automatically detects Aadhaar numbers linked to the SIM card of the phone in which the banking application is installed. The application automatically searches for bank accounts linked to the Aadhaar number linked to the phone, said Chaudhury. At the end of this operation, the conman has access to the victim’s bank account and can initiate banking transactions.

Though payments made via the Unified Payments Interface require a Personal Identification Number, this security measure proves useless as the conman himself gets to generate the PIN while registering with the Unified Payments Interface-linked application, said Chaudhury.

Investigators puzzled

Bhisham Singh, Deputy Commissioner of Police in Delhi (Crime Branch), said: “The pretext of linking Aadhaar with PAN seems like a new trend among conmen, who keep updating themselves with the times. We have a dedicated department in the cyber cell which looks into all such cases. Investigation into several such cases are underway.” Singh did not disclose any further details.

Superintendent of Police (Noida City) Arun Kumar Singh could not be reached for his response.

But investigators are baffled at the way the scam works. They say these instances of fraud are more sophisticated than those seen previously. In the past, gangs succeeded in getting people to disclose the secret details of their debit cards and used those details to steal their money. The Delhi police first encountered an Aadhaar-related phishing case in May 2015. “By the time an investigation could begin, three more cases were reported between May 2014 and 2017,” said a police official.

Police officials in Delhi who did not wish to be identified said that investigations into the more recent cases of fraud have apparently hit a dead end.

“From preliminary investigations, it has emerged that most of the transactions were executed through phone numbers issued on fake identity documents, and on mobile devices with duplicated IP addresses,” said an official. “So, none of the perpetrators could be traced so far.”

At the same time, there is much that investigators are yet to understand.

For instance, the victims of this scam say when the fraudulent transactions took place they did not receive text messages from their banks, which they usually do whenever they make transactions.

The police official said: “As banks send text messages to customers on the basis of phone numbers saved in their own databases, we do not understand how the conmen ensured that the victims did not receive text messages from their banks when they withdrew money from the victims’ accounts.”

He added: “The full modus operandi can be dissected only when a gang involved in this scam is busted.”

On Wednesday afternoon, senior UIDAI official responded to a query from Scroll.in. “Such incidents have come to our notice,” the official said. “People must know that UIDAI will never make any such phone call to verify Aadhaar details for the purpose of PAN. One must not disclose any verification code [which can actually be an OTP] with such callers.”

This article has been updated to include UIDAI’s response.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Advice from an ex-robber on how to keep your home safe

Tips on a more hands-on approach of keeping your house secure.

Home, a space that is entirely ours, holds together our entire world. Where our children grow-up, parents grow old and we collect a lifetime of memories, home is a feeling as much as it’s a place. So, what do you do when your home is eyed by miscreants who prowl the neighbourhood night and day, plotting to break in? Here are a few pre-emptive measures you can take to make your home safe from burglars:

1. Get inside the mind of a burglar

Before I break the lock of a home, first I bolt the doors of the neighbouring homes. So that, even if someone hears some noise, they can’t come to help.

— Som Pashar, committed nearly 100 robberies.

Burglars study the neighbourhood to keep a check on the ins and outs of residents and target homes that can be easily accessed. Understanding how the mind of a burglar works might give insights that can be used to ward off such danger. For instance, burglars judge a house by its front doors. A house with a sturdy door, secured by an alarm system or an intimidating lock, doesn’t end up on the burglar’s target list. Upgrade the locks on your doors to the latest technology to leave a strong impression.

Here are the videos of 3 reformed robbers talking about their modus operandi and what discouraged them from robbing a house, to give you some ideas on reinforcing your home.

Play
Play
Play

2. Survey your house from inside out to scout out weaknesses

Whether it’s a dodgy back door, a misaligned window in your parent’s room or the easily accessible balcony of your kid’s room, identify signs of weakness in your home and fix them. Any sign of neglect can give burglars the idea that the house can be easily robbed because of lax internal security.

3. Think like Kevin McCallister from Home Alone

You don’t need to plant intricate booby traps like the ones in the Home Alone movies, but try to stay one step ahead of thieves. Keep your car keys on your bed-stand in the night so that you can activate the car alarm in case of unwanted visitors. When out on a vacation, convince the burglars that the house is not empty by using smart light bulbs that can be remotely controlled and switched on at night. Make sure that your newspapers don’t pile up in front of the main-door (a clear indication that the house is empty).

4. Protect your home from the outside

Collaborate with your neighbours to increase the lighting around your house and on the street – a well-lit neighbourhood makes it difficult for burglars to get-away, deterring them from targeting the area. Make sure that the police verification of your hired help is done and that he/she is trustworthy.

While many of us take home security for granted, it’s important to be proactive to eliminate even the slight chance of a robbery. As the above videos show, robbers come up with ingenious ways to break in to homes. So, take their advice and invest in a good set of locks to protect your doors. Godrej Locks offer a range of innovative locks that are un-pickable and un-duplicable. To secure your house, see here.

The article was produced by the Scroll marketing team on behalf of Godrej Locks and not by the Scroll editorial team.