New Delhi: The Unique Identification Authority of India (UIDAI) has temporarily halted all Aadhaar-based transactions by Axis Bank Ltd, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, pending a decision by the authority on a recent instance of misuse of data, a UIDAI official said.
On Monday, the representatives of Axis Bank Ltd, Suvidhaa Infoserve and eMudhra submitted explanations for multiple transactions performed on their platforms using the same fingerprint.
“The report has been submitted to UIDAI by the three agencies; now, the report will be scrutinized and appropriate action will be taken. Till then, the Aadhaar-based transactions for all the three agencies concerned have been temporarily halted,” said the official, who did not wish to be identified.
The UIDAI filed a police complaint on 15 February against the three entities for attempted unauthorized authentication and impersonation by illegally storing Aadhaar biometric data.
The breach was noticed after one individual was found to have performed 397 biometric transactions between 14 July 2016 and 19 February 2017. Of these, 194 transactions were performed through Axis Bank, 112 through eMudhra and 91 through Suvidhaa Infoserve.
“We have replied to all questions from UIDAI and a detailed written submission has been made. We have explained them about the incident which took place in a testing environment and also stated that no financial implications or actual transactions have taken place. Further instructions on the matter are expected by the authorities,” said a spokesperson for Suvidhaa Infoserve.
Under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, intentionally copying Aadhaar data is a criminal offence that may attract a three-year jail term and a fine.
“At this juncture, we can categorically state that there has been no violations/breach at the bank’s end. We have suspended services to Suvidhaa as of now,” said an official spokesperson from Axis bank.
The three agencies have been served a “notice for action” under Aadhaar regulations.
“In case a person misuses biometrics, it is much more easier to trace him using Aadhaar-enabled payments system (AEPS) as compared to other modes of digital transactions such as internet banking and card payments and that itself is the biggest security that Aadhaar can provide.” the official said.
The official claimed till date around 320 million transactions have been carried out through AEPS and not a single complaint of unauthorized withdrawal of money has been reported.
Further, to ensure data protection, UIDAI will look to update all existing biometric devices with software aimed at protecting the security of the transmitted data besides its plan to ensure that new devices are registered with the UIDAI from 1 June.
On 22 February, UIDAI had submitted a proposal to the IT ministry on introducing registration of biometric public devices to ensure the security of transactions and end-to-end traceability of the authentication process.
An email sent to eMudhra remained unanswered.