Search This Blog

Powered by Blogger.

Blog Archive

Labels

Aadhaar Payment is more vulnerable than any digital mode

After the dust settled over Indian government’s demonetization scheme, the discussions on security systems of digital payments started making rounds.

One alternative system of cash that government has launched is Aadhaar-based payments which could potentially allow citizens to pay anytime anywhere with the tap of a finger.

The Aadhaar-based payment system runs on the existing Aadhaar infrastructure through which a person’s biometrics are used to authenticate the user. Once authenticated, the user can transfer funds directly from one bank account to another without going through a mobile wallet or a card.

The payment system requires a smartphone, a working internet connection and a biometric authentication device with the merchant. The customer needn’t have a card or a phone as long as he or she has an Aadhaar-seeded bank account.

This system was developed by National Payments Corporation of India and the chief executive officer of the government policy think tank NITI Aayog, Amitabh Kant, said that all cards and point-of-sale machines will become redundant in the country in the next two-and-a-half years as Aadhaar-based payments become popular.

This system is expected to launch in the next few months which will work through government’s BHIM app.

With this digital payment system, there are fears that integrating biometrics with digital payments could prove to be a security headache. Firstly, Aadhaar is not a fool-proof method of authentication and identification failures are not uncommon. Building a payment system atop the Aadhaar system will simply transfer some of these vulnerabilities.

With the launch of this system, there could be transaction failures due to a biometric mismatch. Additionally, newer security threats may also emerge if the scope of Aadhaar is widened. These include identity theft if a person’s biometrics are compromised from the payment system, phishing attempts, and the difficulty in revoking access once biometric information is compromised.

Sunil Abraham, executive director of Bangalore based research organisation Center for Internet and Society (CIS) said to BloombergQuint that the fingerprint can be duplicated by “the gummy finger method which requires some Fevicol or gum to duplicate someone’s fingerprint which can be enough to transact on someone’s behalf without them being there.”

Other vulnerability concerns include theft of personal information through devices used for Aadhaar identification.

To top all this, India does not have the necessary laws to deal with a decentralised, biometrically-authenticated, mobile payments system. The minimal data security under the Section 43A of the Information and Technology Act also applies to the private sector. There’s no law that applies to the government. So, if your identity is stolen, there is no place to go and report it.

All in all, if a smart card is compromised, it can be re-secured unlike biometrics, which if stolen, remains vulnerable for lifelong.
Share it: