Biometrics, a new weapon for fraudsters

Posted: Posted Date – 11:18 PM, Mon – 18 Jul 22

Representative image.

Hyderabad: Technology has become an integral part of every aspect of our lives over the past 20 years. With the ever-increasing digitization in our country, be it mobile and data penetration or digital banking platforms, it has become very difficult to protect one’s identity. In today’s scenario of cyber security breaches and attacks, authenticating someone’s data before allowing any access is the most vital step.

Biometric recognition refers to the automated recognition of people based on biometric scans of fingerprints, face, iris, palm prints, retina, hand geometry, voice, signature and gait. It is the most efficient method to identify and authenticate individuals extremely reliably and quickly using unique biological characteristics. It replaced traditional authentication methods such as personal ID cards, magnetic cards, keys or passwords.

Biometric recognition is intrinsically linked to someone and cannot be easily compromised by theft, collusion or loss. Most of the time, access is lost due to social engineering tactics like people easily falling into traps.

Fraud based on fake biometric data

Many biometric frauds have already been reported involving large amounts of stolen biometric data and fake fingerprints. There are two fraud scenarios: (a) to fake attendance and (b) for financial gain.

* Insiders are used by fraudsters to identify where people provide biometrics for non-financial transactions such as property registration.

*These records include a duplicate fingerprint along with the person’s Aadhaar card number.

* Fraudsters use simple techniques to create an exact replica of the fingerprint by (1) using M-seal and Fevicol (2) taking a fingerprint, uploading the fingerprint to www.remove.bg and printing on cellophane tape (3) They download a large number of fingerprints obtained from the dark web and reproduce them with advanced computer technology.

* After creating a replica of the fingerprint, the fraudster determines whether the Aadhaar card number is linked to any bank accounts. This is essential to understand before using the card for financial transactions.

* They aggregate all Aadhaar card numbers linked to bank accounts and the fraudster is now ready to use fake biometrics with the Aadhaar number, either on an AEPS-enabled Micro-ATM or on a handheld device that supports payment processing based on Aadhaar.

* If fraudsters use false biometric data at Micro-ATMs, it is most often with the knowledge of the correspondent bank (BC). For such transactions, they cannot use fake fingerprints but thumbprints. In this case, the money is returned by the CB to the fraudster on identification, subject to the availability of funds.

How to protect yourself from biometric fraud

It’s a harsh reality that, unlike a password, you can’t change your fingerprints if they’re stolen. The country’s digital infrastructure has grown exponentially in recent years and large numbers of people have used biometric identification to access government benefits during the pandemic. Although often not a technical flaw in the Aadhaar system, such fraud can damage customer trust.

* Mobile, Email (registration/correction): Aadhaar has made it easy to change your information instantly and the process ends with a one-time password for your registered phone or email on Aadhaar. If you lose your phone or change your mobile number or forget the email password, update your Aadhaar card immediately as they are prone to social engineering scams.

* Biometric lock: Biometric data such as iris scans, fingerprints and photographs are linked to Aadhaar and are not easy to fake. However, cases of forgery of biometric data have been reported. In such cases, Aadhaar now offers a biometric lock option which can be done through UIDAI or the mAadhaar app.

* Virtual ID: The 16-digit number can be used instead of the Aadhaar number for all eKYC verification purposes. This can be used for all virtual transactions. You can download from https://myAadhar.uidai.gov.in/ (select hidden VID option)

* Masked Aadhaar: This number can be shared without the 12-digit number (only the last four digits are visible). Hidden Aadhaar option basically allows you to hide your Aadhaar and you can download it from https://myAadhar.uidai.gov.in/ (select hidden Aadhaar option)

* Check regularly: Log in to the UIDAI portal and verify your authentication and periodically check and implement the new security introduced by UIDAI to protect you from fraudsters.

Stay tuned to Cyber ​​Talk for more on Internet Ethics and Digital Wellbeing presented by Anil Rachamalla of End Now Foundation, www.endnowfoundation.org

About Roberto Frank

Check Also

Europe increases spending on biometric technology by 20%

There is a pressing need for European companies – indeed, the tone is global – …