Can Aadhaar card data be misused to open bank accounts?

Can your Aadhaar Card data be misused by fraudsters to open bank accounts? Don’t worry! Aadhaar Card holders often ask what will happen if some fraudster tries to open a bank account against their names without their knowledge by obtaining a copy of their Aadhaar. People have raised apprehensions about whether they would be harmed or not. The Unique Identification Authority of India (UIDAI), the nodal authority for issuing Aadhaar, claims that Aadhaar Card data is completely safe and secured.

UIDAI has clearly stated that one can not open a bank account merely by presenting or submitting a physical Aadhaar Card or its photocopy. As per Prevention of Money-laundering (Maintenance of Records) Rules, 2005, and Reserve Bank of Indian circulars, a bank will go through a certain process of security checking. The process involves banks to perform verification through either biometric data or OTP authentication. Apart from this, there are another due diligence that need to be done by the bank before the Aadhaar Card can be accepted for banking transactions or KYC, says UIDAI. So as per the rules, no fraudster can open a bank account against your name using your Aadhaar Card details without verification through biometric or OTP.

However, if someone manages to open an account in a bank using your Aadhaar Card details without biometric or OTP authentication and other verification, then the bank will be held responsible for the loss, says UIDAI.

If you are still not sure about the security of your Aadhaar Card, then UIDAI provides another option for the verifiable 12-digit identification number. The Masked Aadhaar card is a viable option if you want to secure your Aadhaar Card details. While downloading Aadhaar Card details, you can opt for a more safer option of Masked Aadhaar card. This Masked Aadhaar Card only shows the last 4 digits of the 12-digit Aadhaar number. So, instead of carrying a phyiscal copy of your Aadhaar Card or a photocopy, it is advisable to have a Masked Aadhaar card, which in case of being misplaced or stolen is less likely to be misused. However, the Masked Aadhaar card does display other key details such as photograph, smart QR Code and demographic info.

Aadhar Data of More Than 2 Crore Punjab Residents Found on Hard Disks



The ongoing investigation by The Special Investigation Team (SIT) on the Aadhaar data theft of around 7.82 crore people residing in Telangana and Andra Pradesh has led to the discovery of a hard disk containing the Aadhaar data of 2 crore Punjab residents, as per The Tribune reporting.

The hard disk containing data has been recovered from a Hyderabad based IT company, It Grids (India) Pvt Ltd and consequently it has been registered for unlawfully possessing the Aadhaar data of 7.8 crore residents and exploiting the same. The company is also known for building the official TDP app, "Seva Mitra".

With the further discovery of 2 crore Aadhaar data records, the breach which initially estimated around 7.8 crores, went up to 9.8 crores. The investigating agency is looking into the obvious question which arises— why would a Hyderabad based IT company want to store Aadhaar data of Punjab residents? Notably, the Unique Identification Authority of India (UIDAI) has already reasserted the secure condition of its data servers. Though UIDAI  stood strong for the security of its servers, Police seemed to have contrasting opinions and filed a case where the theft of Aadhaar data has been proven scientifically.

Defending their stand, “Mere possession and storage of Aadhaar numbers of people, though it maybe an offense under the Aadhaar Act under some circumstances, does not put the Aadhaar holders under any harm in any manner whatsoever. For accessing any Aadhaar-based service, biometrics or one-time password (OTP) is also needed,” the UIDAI said.


Centre to seek counsel on the removal of UID data of children opting-out of Aadhaar



On the subject of the deletion of biometric data of children who decide to withdraw their Aadhaar details on turning 18, the government sought legal counsel.

The amendments made to the Aadhaar Act have been approved by The Union Cabinet. It included the provision which grants children the power to opt-out of Aadhaar on turning 18 years of age.

This bounds the Unique Authority of India to delete all the information along with the biometrics of these people from its servers.

Referencing from the statements given by UIDAI CEO and Revenue Secretary Ajay Bhushan Pandey, “A child when he or she turns the age of 18 can exercise an option to opt out, and in that particular case, their Aadhaar number will be canceled,”

“Regarding the biometric data, that is something we will have to take a legal opinion because if you delete the biometric data, then suppose that person comes again and does enrolment, then how will that operate.”

“Maybe that data could be kept somewhere separate, but how that will function, we will have to take legal opinions,” he further added.

The Aadhaar Act will need a reintroduction in the next session with a new government at the helm as it wasn’t made to pass during the recent Budget session of the Lower house.

However, those who wish to file income tax returns will not derive any benefit from this amendment which gave children attaining the age of 18 the power to quit Aadhaar as now, while filing taxes, it has been made mandatory by the court to have Aadhaar linked with PAN cards.


UIDAI Addresses Security And Privacy Concerns

The issue of protection of citizen data has once again picked up steam in the most recent week after The Tribune revealed that an unknown WhatsApp number was pitching access to the whole Aadhaar database for as low as Rs 500. So in an attempt to address security and privacy concerns around the leakage of Aadhaar numbers and information data, the Unique Identification Authority of India on Wednesday introduced two new measures - virtual ID and limited KYC.

The Aadhaar-card holder can utilize the idea or most likely the 'concept' of the virtual id through its website which can take into consideration different purposes, including SIM verifications, and save them the trouble of sharing the actual12-digit biometric ID.

The Virtual ID would be an arbitrary 16-digit number, complete with biometrics of the user and would give any authorised agency like a mobile company, restricted or limited details like name, address and photograph, which are more than sufficient for any confirmation and verification.
Then again the idea of 'limited KYC' will just give need based or finite details of a user to an authorised agency that is providing a specific administration or service.

From 1 June, 2018 it will be obligatory for all organizations and agencies that attempt verification to acknowledge the Virtual ID from their clients. Agencies that don't relocate to the new framework to offer this additional alternative to their clients by the stipulated due date will confront financial disincentives.

"Aadhaar number holder can use Virtual ID in lieu of Aadhaar number whenever authentication or KYC services are performed. Authentication may be performed using the Virtual ID in a manner similar to using Aadhaar number," a UIDAI circular said.

Clients (users) can go to the UIDAI website to create their virtual ID which will be valid for a definite time frame, or till the user decides to transform it. Since the system generated Virtual ID will be mapped to a person's Aadhaar number itself at the back end, it will get rid of the requirement for the user to share Aadhaar number for validation and decrease the collection of Aadhaar numbers by various organizations.

According to the UIDAI, organizations that attempt validation would not be permitted to generate the Virtual ID on behalf of the Aadhaar holder.The UIDAI is also instructing all agencies utilizing its authentication and eKYC services to ensure Aadhaar holders can give the 16-digit Virtual ID rather than Aadhaar number within their application. 


Needless to say the move mainly focuses to reinforce the protection and security of Aadhaar data and comes in the midst of uplifted concerns around the collection and storage of personal and statistical (demographic) information of individuals.