Amid increasing instances of fraud related to the Aadhaar-enabled payment system (AePS), the Reserve Bank of India (RBI) has proposed to streamline the process of onboarding AePS service providers. The central bank is also planning to introduce additional fraud risk management measures for AePS.
What is Aadhaar-enabled payment system? How AePS works
Aadhaar-enabled payment system is a payment service that allows a customer to use Aadhaar to access his bank account to do basic banking transactions through a business correspondent. Some of the banking services that are available under AePS are — a) cash withdrawal, b) cash deposit, c) balance inquiry, d) getting a mini statement of your bank account, and e) payments using Aadhaar to Aadhaar fund transfer. To avail of the Aadhaar-enabled payment system, a customer should have an account with the bank that allows AePS. The customer should link her bank account with her Aadhaar. Do keep in mind that the AePS transaction will be done using your biometric authentication.
You don’t need an OTP or bank account details to transfer money through AePS. For Aadhaar-enabled transactions, a customer needs to provide an Aadhaar number or virtual ID and biometrics on the Micro ATM managed by the business correspondent to prove identity and get authenticated by the Unique Identification Authority of India (UIDAI).
AePS has emerged as one of the most popular payment systems, especially in rural areas in the last few years. At present, 35 commercial banks, 40 rural banks, and 52 cooperative banks offer an Aadhaar-enabled payment system, according to the National Payments Corporation of India (NPCI) website. Over 37 crore customers have used AePS transactions in 2023. However, the system has been plagued by issues such as lack of infrastructure and security risks.
Aadhaar-enabled payment frauds on the rise
Currently, there is no two-factor authentication on the Aadhaar-enabled payment system. There have been several instances where fraudsters get access to Aadhaar card numbers and cloned fingerprints to fraudulently withdraw cash from bank accounts. In some cases, the biometric information of the users is illegally obtained by scamsters to perpetrate fraud. Senior citizens are often more prone to such fraud as they are not digitally savvy.
How RBI plans to curb Aadhaar-enabled payments frauds
To make Aadhaar-based online transactions more secure, the central bank aims to bring a standardised secure onboarding process for all. “To enhance the security of AePS transactions, it is proposed to streamline the onboarding process, including mandatory due diligence, for AePS touchpoint operators, to be followed by banks. Additional fraud risk management requirements will also be considered. Instructions in this regard shall be issued shortly,” according to the statement on developmental and regulatory policies released by the Reserve Bank of India. “These measures will further strengthen the security of the AePS system and enhance its robustness,” RBI Governor Shaktikanta Das said while announcing the decisions of the Monetary Policy Committee (MPC) on February 8, 2024. RBI deputy governor T Rabi Sankar said in the post-policy press meet, “Since this is being used in rural areas, it is important that the safety of transactions is ensured. With the passage of time, we can use various technologies to do it. All touchpoint operators will go through a standardised, safe, and secure onboarding process. We can also add other factors into it.”
‘Enhanced security, prevent misuse’
How will this measure help the Aadhaar-enabled payment system? Rahul Jain – CFO, of NTT DATA Payment Services India, said, “The proposal to streamline the onboarding process will reinforce the security measures of AePS and additional fraud risk management will prevent any fraudulent activities surrounding this payment system. This innovative approach, once details emerge, is likely to empower users with smoother, more convenient digital payments.”
“Streamlining the onboarding process for AePS touchpoint operators through mandatory due diligence will bolster transaction security and user confidence,” said S L Jain, MD & CEO of Indian Bank.
To prevent the misuse of customer’s credentials by scammers, the NPCI also issued a notification to banks in December 2023. It has asked acquirer banks to allow interoperable AePS cash withdrawal transactions only after Aadhaar-based biometric authentication of business correspondents and agents. Further, acquirer banks must ensure that there is no misuse of BHIM Aadhaar Pay transactions for carrying out cash withdrawals. They also need to monitor daily to identify and halt any potential misuse.