Give me your Thumb || AePS based Financial Frauds || Fintech Series
Indian has top notch leadership in the field of fintech. NEFT, IMPS, UPI, AePS are some of common mode of payment used in day to day life by citizens.
Let understand AePS since there is a lot of fraud going on on this subject.
AePS = Aadhaar Enabled Payment System
Operator / Regulator : National Payments Corporation of India, RBI
Website : https://www.npci.org.in/what-we-do/aeps/product-overview
Parties Involved : Sender Bank, Receiver Bank, NPCI, UIDAI (Aadhaar), Banking Correspondent, Resellers, Agents
Leading AePS Service Providers : Oxigen, Spice Money, SahiPay, RNFI, RapiPay, DigiPay, Mobisafar, Varunan Infotech, V Pay etc.
Operational Flow of AePS
Simplifying the above flow in one line, if you want cash withdrawal from your bank account, go to a store which provides AePS based cash withdrawal, give your thumb & Aadhaar number; your account will be debited and store person will give you cash. Money debited from your bank will be then transferred to store.
Full technical documentation : https://www.npci.org.in/PDF/AePS/AEPS%20-%20Operating-and-Settlement-Guidelines_V2.pdf
Important to note here is role of NPCI & UIDAI who does a complex work of authorisation and inter bank connectivity.
So where is the fraud ?
AePS does not require OTP and is enabled by Default in your account. Lets assume if your finger print goes in the hand of a cyber criminal, he can make a rubber finger print and do an unauthorized account withdrawal. All he needs is your “Thumb”
So now the question is from where do they get your “Thumb” ?
As per public information, your thumb impression is publically available on land registry websites or stamp registration sites. Many a times Grahak Sewa Kendra guys also clone/capture your finger prints when you go to avail Aadhaar based services.
There are thousands of videos teaching how to clone biometrics :
In short,
Harvest Biometrics → Collude with an AePS Store operator (or buy an AePS device yourself) → Press Cloned Biometric on AePS device → Financial Fraud.
In your bank’s statement, it will show as “AePS” if there is a withdrwal.
The Solution:
- Lock your biometrics. Watch Video on the same :
- AePS Liability Guideline : Since such fraud is not your fault; you will be refunded full money. Link to guideline :
Its essential to give a complaint to your Bank.
- Have multiple accounts and keep a watch on credit/debits in account.
- Do complaint on www.cybercrime.gov.in and find out where your Biometrics were recently used & from where it got compromized.
- Ensure your Parent’s Biometrics are Locked.
Digital Banking with Cyber Fraud Risk Testing is essential for citizen safety.
*******
