Sophisticated Aadhaar-related bank fraud has left police in Delhi and Noida baffled
According to Chaudhary, the modus operandi in this racket involves a complicated procedure in which a caller, pretending to be a representative of the Unique Identification Authority of India, which manages the Aadhaar database, calls the victim on the pretext of linking their Aadhaar with their Permanent Account Numbers. This is one of the linkages the Union government has been pushing hard for.
Chaudhury said that the caller first asks the victim for their Aadhaar number and then tells them this is a verification call. The caller then asks them to reveal the code sent to their phone from the Unique Identification Authority of India to complete the verification process. When the victim reveals this number, the caller’s job is done.
The code is actually a One-Time Password generated by the Unique Identification Authority of India. It is sent to the registered phone numbers of those enrolled with Aadhaar when a request is made on the website to change the personal details, such as telephone number, of an Aadhaar holder.
“This alteration can be done through the UIDAI [Unique Identity Authority of India] website, which is actually a facility provided for the convenience of people,” said Chaudhary.
He added that the conman then uses the One-Time Password to change the phone number linked to the victim’s Aadhaar number on the website. “The perpetrators are suspected to have replaced the victims’ phone numbers with numbers in their possession,” said Chaudhary.
The conman’s next step is to download a popular United Payment Interface-supported application, which automatically detects Aadhaar numbers linked to the SIM card of the phone in which the banking application is installed. The application automatically searches for bank accounts linked to the Aadhaar number linked to the phone, said Chaudhury. At the end of this operation, the conman has access to the victim’s bank account and can initiate banking transactions.
Though payments made via the Unified Payments Interface require a Personal Identification Number, this security measure proves useless as the conman himself gets to generate the PIN while registering with the Unified Payments Interface-linked application, said Chaudhury.