- Aadhaar-enabled Payment Services (AePS) is a bank-led model which allows online financial transactions at Point-of-Sale (PoS) and Micro ATMs through the business correspondent of any bank using Aadhaar authentication.
- There is no need for OTPs, bank account details, and other financial details for AePS.
- It allows fund transfers using only the bank name, Aadhaar number, and fingerprint captured during Aadhaar enrolment.
Are AePS transactions enabled by default?
- Neither Unique Identification Authority of India (UIDA)I nor NPCI mentions clearly whether AePS is enabled by default.
- According to UIDAI, users who wish to receive any benefit or subsidy under schemes notified under section 7 of the Aadhaar Act, have to mandatorily submit their Aadhaar number to the banking service provider.
- Aadhaar is also the preferred method of KYC for banking institutions, thus enabling AePS by default for most bank account holders.
How is biometric information leaked?
- While data breaches in Aadhaar have been reported in 2018, 2019, and 2022, according to UIDAI the Aadhaar data, including biometric information, is fully safe and secure.
- However, UIDAI’s database alone is not the only location where data can be leaked.
- Aadhaar numbers are readily available in the form of photocopies, and soft copies, and criminals are using Aadhaar-enabled payment systems to breach user information.
How the Aadhaar biometric information could be secured?
- UIDAI is proposing an amendment to the Aadhaar (Sharing of Information) Regulations, 2016.
- The amendment will require entities in possession of an Aadhaar number to not share details unless the Aadhaar numbers have been blacked out through appropriate means.
- The UIDAI has also implemented a new two-factor authentication mechanism that uses a machine-learning-based security system.
SOURCE: THE HINDU, THE ECONOMIC TIMES, PIB