Aadhar Card Vulnerabilities: Understanding scams and protective measures

By Tanushree Dubey

Published on: October 31, 2023 at 15:56 IST

In today's digital age, the Aadhar card is India's is vital to identity verification, widely used across government and private sector services. However, its extensive personal information repository makes it a prime target for scammers and identity thieves. This comprehensive article explores the common Aadhar card scams, delves into how they happen, and provides comprehensive guidance on prevention.

What is Aadhaar card?

Aadhaar is a 12-digit identifying number issued by the Unique Identification Authority of India (UIDAI) to Indian residents following a verification process. To obtain an Aadhaar number, individuals must provide essential demographic and biometric information, including their name, date of birth or age, gender, address, mobile number, and optional email ID. Biometric data such as fingerprints, iris scans, and a facial photo are also collected.

There are various forms of Aadhaar provided by UIDAI for residents' convenience such as:

• Aadhaar Letter: This is a laminated paper-based document issued to residents after enrolment or updates. It's sent free of charge via regular mail. In case of loss or damage, residents can request a reprint from UIDAI's official website for a fee of Rs 50.

• eAadhaar: eAadhaar is a password-protected electronic copy of Aadhaar digitally signed by UIDAI. The password is typically the first four letters of the name in capital letters and the birth year (YYYY). eAadhaar includes a QR code for offline verification and displays issue and download dates. The "Mask Aadhaar" option allows residents to hide their Aadhaar number, revealing only the last four digits.

• mAadhaar: This is the official mobile application developed by UIDAI. It allows Aadhaar holders to carry their demographic data, including name, date of birth, gender, and address, along with their photo on their smartphones. The app features a QR code for offline verification and is compatible with smartphones running iOS version 10.0 and above or Android version 5.0 and above. Users can add up to three profiles on one device if they share the same registered mobile number in their Aadhaar. The app offers features such as biometric data locking/unlocking, sharing QR code and eKYC data, and updating the Aadhaar profile.

• Aadhaar PVC Card: Introduced in October 2020, the Aadhaar PVC card is a durable and easy-to-carry plastic card. It includes a digitally signed secure QR code with a photograph and demographic details, along with multiple security features. Residents can order this card online using their Aadhaar number, virtual ID, or enrolment ID by paying a fee of Rs 50. After application, the card is delivered to the registered address via postal mail.

How Aadhar and Privacy interconnected

Aadhar, the unique identification system in India, has been a subject of significant debate and controversy regarding privacy issues. The connection between Aadhar and privacy is complex and has been a central focus of numerous legal and ethical discussions. To illustrate this connection, we can look at the landmark case of Justice K.S. Puttaswamy (Retd.) and Anr. v. Union of India, which is commonly referred to as the "Aadhar case."

In 2009, the Government of India introduced the Aadhar project, which aimed to assign a unique 12-digit identification number to every Indian resident. Aadhar numbers were linked to an individual's biometric and demographic information, such as fingerprints and iris scans. The government justified this initiative as a means to improve the delivery of welfare benefits and public services and to prevent fraud and corruption in government programs.

Privacy Concerns:

Privacy advocates and legal scholars raised concerns about the potential invasion of privacy due to the collection and use of sensitive biometric and personal data. They argued that Aadhar, with its extensive data collection and linking capabilities, had the potential to be misused or result in mass surveillance. The petitioners in the Aadhar case contended that the Aadhar project violated the fundamental right to privacy, which was recognized as an intrinsic part of the right to life and personal liberty under Article 21 of the Indian Constitution.

Aadhar Case and the Right to Privacy:

The Aadhar case was heard by a Constitution Bench of the Supreme Court of India in 2017. In a landmark judgment, the court recognized the fundamental right to privacy as a constitutionally protected right.

The court held that the right to privacy was intrinsic to the right to life and personal liberty and could not be violated except in certain specific circumstances, which must meet the test of legality, necessity, and proportionality.

The court also examined the Aadhar project in light of the right to privacy and other constitutional principles. It determined that while the collection of biometric and demographic data was not per se unconstitutional, the manner in which Aadhar was being implemented raised privacy concerns. Therefore, the court established several important guidelines and limitations for the use of Aadhar, such as:

• Requiring the government to establish a robust data protection framework.
• Limiting the use of Aadhar to specific government welfare programs and financial transactions.
• Recognizing the importance of obtaining informed consent from individuals before collecting their biometric data.

The Aadhar case is a prime example of how Aadhar and privacy are connected. It highlights the tension between the government's objectives, such as efficient service delivery and fraud prevention, and the protection of individual privacy rights.

The case resulted in the acknowledgment of the right to privacy as a fundamental right in India and laid down crucial principles for balancing the use of Aadhar with privacy concerns. It underscores the importance of safeguarding personal data in large-scale identification systems like Aadhar and ensuring that privacy is not unduly compromised in the pursuit of government objectives.

Despite the landmark Aadhar case's recognition of privacy rights, ongoing challenges and scams raise concerns. Unauthorized data access, breaches, and fraudulent activities remain prevalent. Biometric vulnerabilities and inadequate oversight contribute to these issues. Balancing security and privacy while promoting public awareness is crucial for addressing Aadhar scams effectively. Continual improvements are needed to safeguard personal data while achieving the system's objectives.

Scams through Aadhar Card

Aadhaar scams are a significant concern in India, given the widespread use of this identity document. These scams come in various forms, targeting individuals with the aim of stealing personal information or causing financial harm. To protect yourself, it's essential to be aware of these scams and take preventive measures.

Here are some common Aadhaar scams to watch out for:

• Phishing Calls and Texts: Scammers use phone calls and text messages to impersonate government officials, bank representatives, or UIDAI personnel. They claim that there are issues with your Aadhaar and request personal information such as your Aadhaar number, bank details, or OTP. The intent is to steal your identity or money.

• Email Scams: Similar to phishing calls, scammers send fake emails that appear to be from official sources, including UIDAI. These emails contain links that lead to counterfeit websites where individuals are tricked into providing their Aadhaar information.

• Fake Aadhaar Websites: Scammers create fake websites that closely resemble the official UIDAI website. They lure individuals into attempting to update or check their Aadhaar information, collecting personal data in the process. This data can be misused for fraudulent activities.

• Aadhaar Enrollment Fee Scams: Fraudsters establish unauthorized Aadhaar enrollment centers and charge unsuspecting individuals for Aadhaar registration or updates. They often pocket the fees and do not provide legitimate services. Genuine Aadhaar enrollment and update services are typically free.

• Aadhaar Card Printing Frauds: Scammers offer to print Aadhaar cards or provide quick Aadhaar-related services for a fee. However, they frequently fail to deliver on their promises or provide fake cards, leaving victims with a loss of money and no legitimate service.

• Aadhaar Linking Frauds: Scammers convince people to link their Aadhaar with various services, such as bank accounts or mobile numbers, and then use this opportunity to extract personal information or request fees for fraudulent linking services. The government has mandated some Aadhaar linkings, but individuals should only use official channels for these purposes.

• Aadhaar Data Theft: Some criminals hack into databases that store Aadhaar data or purchase stolen Aadhaar information from the dark web. This stolen data can be used for identity theft, fraudulent transactions, or other criminal activities.

• Fake Aadhaar Mobile Apps: Scammers develop counterfeit Aadhaar mobile applications that closely resemble the official app but are designed to steal personal information when users download and use them. It's essential to use only official apps for Aadhaar services.

• Job and Scholarship Scams: Scammers promise fake job opportunities, scholarships, or government grants, asking individuals to provide their Aadhaar details for eligibility. These scams can lead to identity theft or financial loss, and individuals should verify the legitimacy of such offers.

• Aadhaar Card Resale: Scammers may obtain legitimate Aadhaar cards through illicit means and sell them to individuals who use them for fraudulent activities. This can include opening bank accounts, obtaining loans, or committing crimes under a false identity.

• Biometric Data Theft: Criminals may attempt to steal an individual's biometric data associated with their Aadhaar, such as fingerprints or iris scans, to misuse this information for illegal purposes. Biometric data is highly sensitive and should be protected at all costs.

• SIM Card Frauds: Scammers use stolen Aadhaar details to obtain SIM cards in the victim's name. They may then engage in illegal activities using these SIM cards, and victims can be held responsible for these actions.

• Loan and Financial Frauds: Some fraudsters use stolen Aadhaar information to secure loans, credit cards, or other financial products in the victim's name. This can lead to financial liability for the victim and damage their credit history.

• Aadhaar-Based Money Transfer Scams: Criminals may claim to help transfer government benefits or funds linked to Aadhaar and request a fee for the service, but they don't provide any legitimate assistance. Government benefits and funds can typically be accessed through official channels.

• Property and Land Frauds: Scammers manipulate property records and land ownership using forged or stolen Aadhaar information to carry out fraudulent land transactions. This can lead to the loss of property or significant financial damage for the victim.

• AEPS Scams: An AEPS (Aadhaar Enabled Payment System) scam involves fraudulent activities where scammers misuse the Aadhaar system to execute unauthorized financial transactions. They may steal or impersonate individuals' biometric data or Aadhaar numbers, leading to unauthorized fund transfers and withdrawals from bank accounts without the account holder's consent.

How to Protect yourself from Aadhar card scams

To protect yourself from Aadhar scams, it is vital to take proactive measures:

• Verification of Requests: Always scrutinize requests for your Aadhar information. If you receive unsolicited emails, phone calls, or text messages asking for your Aadhar number, OTP, or other personal details, exercise caution. Legitimate organizations, including government agencies, banks, and reputable service providers, do not typically request this information over the phone or through email.

• Use Official Channels: For any Aadhar-related tasks, it is advisable to use the official channels provided by the Unique Identification Authority of India (UIDAI). These can include the official UIDAI website (https://uidai.gov.in/) and authorized Aadhar enrollment centers. Avoid unofficial sources or unverified individuals offering Aadhar-related services.

• Secure Your Aadhar Number: Treat your Aadhar card and number as highly confidential information. Do not share your Aadhar number casually, and avoid carrying the physical card in your wallet. Instead, keep it in a secure location in your home where it is less likely to be misplaced or stolen.

• Biometric Data Protection: If you have linked your biometrics (fingerprint and iris scans) with your Aadhar, it is crucial to ensure that your biometric data is secure and inaccessible to unauthorized individuals. Protect your Aadhar-registered devices, such as smartphones or biometric machines, with strong passwords and security measures.

• Beware of Fake Apps: Utilize only the official mAadhar app or other applications endorsed by government authorities for Aadhar-related services. Be extremely cautious when downloading apps from unofficial sources, as counterfeit apps may be designed to capture your personal data.

• Verify Website Security: When accessing websites related to Aadhar, always check for the "https://" in the website URL, which indicates a secure and encrypted connection. Look for the padlock symbol in your web browser's address bar, which further confirms the legitimacy and safety of the site.

• Avoid Paying for Free Services: Official Aadhar services are typically provided for free or with nominal charges for specific services. Be cautious if someone asks you to pay a substantial fee for services that should be available at no cost. Verify the authenticity of the request or service provider.

• Safeguard Your Mobile Number: If your mobile number is linked to your Aadhar, ensure that it is protected. Be selective about sharing your mobile number with individuals or organizations you trust, and consider implementing additional security measures such as two-factor authentication.

• Monitor Your Aadhar Activity: Regularly check your Aadhar activity and update history on the official UIDAI website. This practice helps you identify any unauthorized changes or activities linked to your Aadhar and enables you to take prompt action in case of suspicious activities.

• Report Suspicious Activity: If you suspect any fraudulent activity associated with your Aadhar or have become a victim of a scam, it is essential to report the incident to local law enforcement and the UIDAI. Prompt reporting can prevent further harm and assist in addressing the issue.

• Stay Informed: Stay updated about the legitimate uses of Aadhar and the precautions necessary when sharing your Aadhar-related information. Periodically review the official UIDAI website and guidelines for updates, security recommendations, and other relevant information.

• Exercise Caution with Aadhar Linking: While Aadhar linking is mandatory for certain services, be discerning about where and when you link your Aadhar. Only connect it when explicitly required and to reputable, government-authorized entities.

• Regularly Review Bank and Mobile Statements: Routinely examine your bank and mobile service provider statements for any unauthorized transactions or changes related to your Aadhar. This monitoring can help you detect and respond to any fraudulent activities promptly.

Recent Scams through Aadhar Card

• Aadhar-Related Scam Exposes Data of 815 Million Indians might be on Dark Web

A significant data breach has exposed the personal information of 815 million Indian citizens. This data includes Aadhaar and passport details, names, phone numbers, and addresses, all available for sale on the dark web.

An unknown hacker, going by the alias "pwn0001," shared this vast dataset on BreachForums, offering the entire Aadhaar and Indian passport database for just $80,000 when contacted by cybersecurity firm Resecurity.

Read More