In a disturbing turn of events, individuals who recently applied for property registration have reported significant financial losses. This ordeal has raised concerns over the security of Aadhaar-linked bank accounts and the Aadhaar Enabled Payment System (AePS). Victims allege that after submitting their biometrics and Aadhaar details for property registration, their bank accounts were drained of Rs 10,000 each.
One such couple, Lokesh and his wife from Shaktinagar in Mangaluru, filed a complaint with the city’s cybercrime police, asserting that their Aadhaar-linked bank accounts had been targeted. CREDAI Mangaluru President Vinod Pinto also found himself in a similar predicament, losing Rs 10,000.
Rohith, another victim, shared his experience, saying, “I purchased a new property and applied to register it in my name at the sub-registrar office. When I contacted the bank staff, they said the money was withdrawn using AePS mode of transaction. We immediately blocked our bank accounts and filed a police complaint. We had submitted our fingerprints, Aadhaar number, and bank details only at the sub-registration office for new property registration just 10 days before losing the money.”
Cybersecurity expert Dr. Ananth Prabhu suggested that the fraudsters might have acquired fingerprints from documents at the land registration department, forging them to carry out these unauthorized transactions. Dr. Prabhu emphasized the need for increased security measures, stating, “It is easy for fraudsters to siphon off funds if they have access to Aadhaar details, fingerprints, and bank names. Under AePS mode, Aadhaar numbers are entered in a micro ATM, and biometric details are submitted. I appeal to the government to enable two-factor authentication for the AePS mode – either a password or OTP.”
He further recommended that the finance ministry implement additional safeguards, such as providing high-resolution photos with location data for every user and replacing SMS confirmations with instant IVR calls before transaction confirmation. Dr. Prabhu also suggested offering users the option to lock their biometric features through the Aadhaar portal.
Mangaluru City Police Commissioner Anupam Agarwal confirmed that numerous individuals have reported financial losses, and an ongoing investigation is attempting to trace the source of the data breach. He stated, “It is yet to be confirmed from where the data breach took place.”
Kavitha, Senior Sub-Registrar of Mangaluru, acknowledged the situation, mentioning that although she has not received any formal written complaints, Mangaluru city police visited their office on September 21 to verify the information after initial complaints were filed. She assured that the matter would be thoroughly examined once they receive written complaints from those affected by the financial losses.