Monthly plan to access Budget

Journalism of Courage

Aadhaar card frauds in Haryana: criminals use silicone thumbs

The Crime Branch has advised people to deactivate the AEPS facility from their accounts if they are not using them regularly and avoid registering their fingerprints on any website. It has asked government departments to conduct safety audits and plug the loopholes.

The Crime Branch has advised people to deactivate the AEPS facility from their accounts if they are not using them regularly and avoid registering their fingerprints on any website.

The Crime Branch wing of Haryana Police has raised a red flag on the Aadhaar-Enabled Payment System (AEPS) saying that cyber criminals are conducting financial frauds by siphoning off people’s vital data from the system and cloning the fingerprints available on documents on the government website. The cyber cell under the Crime Branch is currently investigating over 400 complaints pertaining to cyber frauds that are related to AEPS.

Crime Branch’s Additional Director General O P Singh has called it an “online fraud with silicon thumb” as criminals are quick in harnessing vulnerabilities. “People need to be careful and law enforcement agencies are nimble to keep up with them. Aadhar-Enabled Payment System fraud is the latest. During the course of investigation, fraudsters were found withdrawing money by forging biometric thumb impressions and abusing AEPS,” Singh told The Indian Express.

The Crime Branch has advised people to deactivate the AEPS facility from their accounts if they are not using them regularly and avoid registering their fingerprints on any website. It has asked the public to immediately report any act or attempt of cybercrime to the number ‘1930’ within one hour of such an activity as it will help police stop the transfer of the defrauded fund to the cybercriminals’ accounts.

The investigators have now asked the government departments of the state and intermediaries to conduct a safety audit and plug the loopholes that lead to the leakage of personal data such as thumb impressions and expose it to abuse by cybercriminals.

Subscriber Only Stories

One such fraud came to light on November 15 when a retired government employee of Palwal lost around Rs 20,000.

Recalling the sequence of events, Hitesh, the son of the victim, said, “My mother is a retired government employee. Every year, like every pensioner, my mother has to go to the Treasury to give proof that she is alive so that the pension continues. In that process, the Treasury authorities took her thumb impression. Within a few hours, we received an OTP regarding a cash transaction. The moment we verified it, Rs 10,000 was debited from her account.” Hitesh grew suspicious and realised that the OTP was valid for five hours, while generally, it is valid only for a couple of minutes. “I immediately raised the issue with the bank authorities. The second transaction of another Rs 10,000 took place while I was in the bank, said Hitesh, who immediately got his mother’s bank account frozen. The bank told him that the money was withdrawn using an ID that was registered in Bihar.

In July, two residents of the Jhajjar district also lost money through the same system. Krishna lost Rs 1.2 lakh, while Ramkishan lost Rs 1.12 lakh with the same modus operandi. In the case of Krishna, the bank returned her Rs. 80,000.


“Cybercriminals have been found cloning thumb impressions from sale deeds available on various websites and siphoning off money from bank accounts linked with Aadhaar number through Point of Sale (PoS) machines. So far, 468 such complaints have been received in Haryana. Criminal cases are being registered on the basis of inquiry. The investigation has led to the arrest of 18 cyber criminals and recovery of Rs 14.64 lakh. Action in other complaints is in progress” said a Crime Branch officer.

The maximum complaints were received in Faridabad (263), followed by Ambala (36), Bhiwani (2), Fatehabad (13), Gurgaon (5), Jhajjar (73), Narnaul (14), Kaithal (1), Mewat (5), Palwal (37), Rohtak (4), Yamunanagar (11), Sonipat (3) and Panipat (1).

Modus Operandi

Explaining the modus operandi, O P Singh said that cybercriminals copy thumb impressions on butter paper from various websites to create duplicate silicon thumbs. “Subsequently, they check whether the Aadhaar number is linked to a bank account. Fraudsters then shortlist the Aadhaar card-linked bank account numbers and create online accounts on any platform by submitting fake documents. Once the online account is created, they log onto any app of the electronic transaction processing platform to initiate transactions using the biometric device and the cloned rubber fingerprint,” Singh said.


Singh said that out of the 468 complaints, 88 have been disposed of while 18 FIRs were registered and the remaining complaints are being inquired into. “There are various government departments that take down the personal details of people and then upload them online. For instance, a large number of cases pertain to the revenue department where sale deeds carrying people’s thumb impressions are uploaded online. Any cyber fraudster can clone such thumb impressions and misuse them,” the officer pointed out.

The Crime Branch has intimated the government about the issues and expects they would be immediately addressed. “Also, if any agency (on behalf of state government departments) is collecting people’s personal details like their fingerprints or thumb impressions must ensure that these details are not made public. They should devise a mechanism to at least hide these personal details, online”, OP Singh told The Indian Express.

First published on: 03-12-2022 at 12:46 IST
Next Story

Airport fashion: Katrina Kaif to Karisma Kapoor, celebs keep it chic and comfy

Next Story