The Next Chapter In Securing Aadhaar Authentication Transactions

As technology advances, malicious threat actors also adapt and refine their tactics, becoming more sophisticated each day. The case is no different with India’s homegrown Aadhaar ecosystem that has completely redefined the concept of “financial inclusivity” with its unparalleled Aadhaar Enabled Payment System (AEPS) that facilitates instant direct beneficiary transfer (DBT). 

In March last year, the Unique Identification Authority of India (UIDAI) had informed the Indian Parliament that it had recorded an unprecedented rise in attempted, unauthorized Aadhaar biometric-based financial transactions.

As per the statics presented by UIDAI, around 13,864 fraudulent transactions amounting to around ₹10 crore were reported between 2019 and 2022.

To thwart such malicious attempts, on 27th Feb 2023 UIDAI rolled out a new Artificial Intelligence (AI) and Machine Learning (ML)-based mechanism for Aadhaar-based fingerprint authentication and faster detection of spoofing attempts.

As per UIDAI, this indigenously developed security mechanism uses a combination of both finger minutia and finger image to check the liveness of the fingerprint captured  by Regulated Entities (RE)s like AUAs and Sub-AUAs, thereby facilitating a dual-level authentication of the captured fingerprint.

To appreciate the importance of this new security mechanism, let’s first understand how fraudsters spoof fingerprint authentications.

Spoofing Mechanism Used By Fraudsters

As a conventional practice the ‘Optical Sensors’ embedded in a majority of biometric devices capture either the finger minutia or the finger image of the presented finger in isolation for processing the transaction.

Realising this limitation, fraudulent operators predominantly relied on using ‘Gummy Finger’ technique to bypass the security of Biometric Devices.

Instances where fraudsters were creating ‘Artificial Fingers’  from a real fingerprint image by using  materials like Free Moulding Plastic and Gelatine Sheets were extensively reported by UIDAI. Such artificial fingers were extensively used to process unauthorized fraudulent transactions.

To plug this loophole UIDAI has now introduced a mechanism to capture a combination of both finger minutia and finger image to check the liveness of the fingerprint captured. This optimization is slated to make Aadhaar authentication transactions even more robust and secure.

As India’s leading Aadhaar-based e-KYC Solutions Company, we have been closely working with UIDAI for testing this new security module and are happy to inform you we have already implemented this for some of our key clients.  

Implementation Modalities

REs need to follow the following steps to implement this new feature:

  • Obtain a new license key from UIDAI to support FIR + FMR Transactions (UIDAI has started to mandate usage of FIR + FMR)
  • Implement the new KEY in the KUA Stack
  • Incorporate the necessary changes in the request sent to RD Service and UIDAI for processing of eKYC, Bio Auth transactions.

Feel free to get in touch with our colleague Amit Joshi on 9820875525 or 7208155528 or email him at amit@eastcs.com if you have any queries, or want to know how ECS can help your organisation to implement this new security feature.  

Credits: Anchor Image: https://www.freepik.com/free-photo/biometric-technology-background-with-fingerprint-scanning-system-virtual-screen-digital-remix_15606690.htm#query=virtual%20fingerprint&position=0&from_view=search&track=ais

Leave a Reply

Your email address will not be published. Required fields are marked *