Easy address change process in Aadhaar major cause of cyber fraud: Police

Police officers engaged in probing cyber-related offences believe that the simple process of upgrading the addresses of individuals in the Aadhaar data has emerged as one of the biggest causes of cyber fraud.

An Aadhaar card holder can get his or her address changed with the Unique Identification Authority of India (UIDAI), which issues Aadhaar cards, in multiple ways.

One of those is to download an address-change certificate from the UIDAI's website and upload it after getting it signed by any of the various public authorities, such as an MP, an MLA, a municipal councillor, a gazetted officer of Group "A" and Group "B" and MBBS doctors, among others.

In several solved cybercrime cases, the investigators have found that fraudsters used fake rubber stamps and forged signatures of pubic authorities to upgrade their personal details in the Aadhaar database.

In some cases, even public authorities put their stamps and signature carelessly, without verifying the credentials of individuals.

"In a cyber fraud case, we found that an MLA had signed the certificate for a change in the address of the accused, on the basis of which he got his address changed in the Aadhaar database. On further investigation, we found that the MLA had authorised his office boy to put stamps and his signature on such certificates," an investigator said.

In March 2022, a probe team from the Cyber Police Station of Central district of the Delhi Police, led by Inspector Khemendra Pal Singh, cracked a case in which six people, including two Nigerian citizens, used to dupe young women by posing as non-resident Indian (NRI) grooms.

During the investigation, the team found that the accused had got their addresses changed in the Aadhaar database with the help of a doctor who had signed on their certificates for upgrading the addresses by charging merely Rs 500.

"Cybercriminals change their addresses, in some cases multiple times, in their Aadhaar database and get multiple accounts opened with different banks to transfer money from the victims' accounts," Prashant Gautam, Deputy Commissioner, Intelligence Fusion and Strategic Operations (IFSO), Delhi Police, said.

"Since police do not have access to the Aadhaar data, we need to approach the Delhi High Court in each case to find out the original details of the accused, which causes a delay and makes our job challenging," the officer added.

Investigators say there seems to be no way of cross-verifying the changed credentials of individuals uploaded on the UIDAI website.

They feel the need to have some mechanism in place where the process of upgrading the address can be made more secure and forged stamps and signatures of public authorities can be avoided.

Gautam said besides address change, which is a bigger cause of concern, cyber cheats are using other innovative ways to manipulate their personal details. In a recent case, the IFSO arrested a mastermind and two accused who used to obtain loans from banks by exploiting the vulnerability of the Aadhaar system.

"During interrogation, the accused claimed that they manipulated the system of updating details in Aadhaar by replacing the fingerprints of the left hand with the fingerprints of the right hand and by putting coloured contact lenses in the eyes to dupe the biometric process of recognising the retina," Gautam said.

A section of cyber experts feels that at present, cyber crime is a very miniscule part of the use of technology in the financial world and making the address-change process cumbersome will cause more hardship to people as compared to its benefits.

"Despite that, it is crucial for policymakers to plug in the shortcomings, without making the process complicated," a cyber expert, who did not wish to be quoted, said.