India has spearheaded efforts to make digital financial services accessible to rural and underprivileged communities who lacked access to formal banking previously. A pivotal component in this drive for financial inclusion has been the Aadhaar enabled payment system (AePS). This low-cost innovation has bridged the last mile gap in reaching banking to remote villages cheaply.

What is AePS and How Does it Work?

AePS allows basic banking transactions like cash deposits, withdrawals, balance checks, mini-statements etc. using just your Aadhaar number and fingerprint verification, without requiring debit cards, OTPs etc.

It uses a small biometric micro-ATM device, usually with a neighbourhood shopkeeper serving as a 'business correspondent' for banks. The user provides Aadhaar ID, gets biometrically authenticated by UIDAI, and can access permitted banking services.

Over 35 commercial banks, 40 regional rural banks and 52 cooperative banks offer AePS currently. By enabling low-cost micro-banking access points, it has achieved significant financial inclusion for the marginalized sections.

Emerging Fraud Risks

With the stunning rise of AePS with over 37 crore rural Indians embracing it for cash and remittance transactions, fraud risks have grown.

For starters, it relies solely on fingerprint verification. Without checks like OTPs, fraudsters have found their ways into the system. They illegally obtain Aadhaar numbers of victims and generate dummy fingerprints to pass biometric screens. This allows them to fraudulently drain bank accounts through AePS.

Senior citizens are especially vulnerable to such cheating. Scammers obtain their Aadhaar data and fingerprint impressions through deception and use these to stealthily siphon off funds from accounts.

Regulators Wake Up To Risks

Alarmed at increasing incidents, RBI has announced additional security measures and stricter norms for AePS operators.

• Mandatory Verification Rules for Access Points
  It plans standardized compulsory due diligence requirements for onboarding all AePS micro-ATM point operators and merchants. This ensures only genuine, verified individuals handle the last mile customer interface as opposed to fly-by-night frauds.
• Banks Accountable for Security Policies
  Banks will also need to implement supplemental checks on transaction risks beyond just relying on UIDAI fingerprints now. Additional authentication factors may get incorporated over time once technical feasibility and cost-benefit balance is worked out.
• Monitoring and Fraud Checks by Banks
  Further, acquirer banks and intermediaries have been instructed to monitor AePS activity continuously for suspicious patterns. They must halt suspected fraudulent transactions immediately until investigations or user confirmation.

The Way Forward

India must continue supporting innovations like AePS that expand digital access for rural users cost-effectively. However, an early lesson is that security considerations must keep pace with rollouts at massive scale among inexperienced customers.

The RBI guidelines are timely to plug existing gaps without greatly hampering user convenience. With appropriate checks and balances built into large centralized identity/ payments systems through ongoing diligence, India can perhaps avoid messy data privacy situations by design itself.