India's biometric identification system is becoming increasingly susceptible to fraud

At the beginning of 2018, the Unique Identification Authority of India (UIDAI) declared that the individual Aadhaar card details of Indians were “fully safe and secure”. The statement was a response to reports that 210 government-run websites had made Aadhaar info and bank details of a number of people public.

To confirm their belief, UIDAI added that the Aadhaar card details of a person couldn’t be misused without their biometric data as transactions could only be processed after biometric authentication.

Five months later, the UIDAI’s statement rings false in more ways than one.

A report in IndiaSpend highlights the fact that the number of Aadhaar-related fraud incidents reported in the English-language media outlets in the year so far (as of 7 May) is 73. This has already surpassed the total of 65 incidents reported in 2017.

This means that there are roughly four incidents of Aadhaar fraud that are reported by English news outlets every week. The number would likely be much higher if Hindi and regional language media outlets were taken into account. Further still we must also account for the fact that a lot of incidents involving fraud go unreported.

A total of 164 cases of fraud have been reported since the scheme’s launch in September 2011 that currently has around 1.2 billion people currently enrolled.

Nature of fraud

The incidents mainly involve the forgery, counterfeiting and outright theft of Aadhaar card information for a variety of reasons - purchasing SIM cards, securing loans, transferring assets, and receiving handouts from the government. Around 52 out of the 73 cases recorded as of May 2018 centre on the use of fake or forged Aadhaar card information or the use of fake details to get an Aadhaar card.

The remainder involve the use of stolen or fake Aadhaar card data in banking transactions. For example, in March, an investigation by the Mumbai police uncovered the opening of around 40 bank accounts with stolen Aadhaar card details. The accounts were opened for the purpose of financing an import-export business.

Lack of awareness

A significant portion of these frauds is due to the lack of awareness people have regarding their privacy and identity rights. Those enrolled on the Aadhaar scheme aren’t completely aware of what they can and can’t share with third parties and government agencies, as well as all the ways their information can be misused. If it can happen to anyone, people usually assume the odds of it happening to them are very low.

Furthermore, the biometric authentication aspect of the programme is itself flawed. As per documents from the Supreme Court, the UIDAI itself admitted that authentication failure rates for transactions through fingerprints and irises were 6% and 8.5%, respectively.

Last month, a 38-day hearing over the privacy and data security issues of the Aadhaar scheme came to an end. While a verdict on the constitutional validity of the scheme is expected within the next few months, the Supreme Court did declare that the scheme needed more effective regulatory oversight.