The UIDAI has asked banks to provide Aadhaar-based onetime password (OTP) for opening of bank accounts only in the presence of the customer, in a banking outlet, The Hindu reports.
In a letter addressed to commercial banks, UIDAI Chief Executive Officer Dr. Ajay Bhushan Pandey essentially admits that OTP based authentication can and HAS been misused while presenting in the Supreme Court and expounding to the world at large about how “fool proof” the system is.
Some specific examples of misuse mentioned by UIDAI include:
“It has come to the notice of the UIDAI that there has been instances wherein: Aadhaar of person A got seeded with person B’s account to carry out fraudulent transaction,”.
“Stolen Aadhaar copy was used to open a bank account and obtain credit, debit card,”
This is going to result in complications for banks that have started using Aadhaar for offering instant accounts online using Aadhaar authentication. Providing the OTP to validate Aadhaar only in person would mean that the banks can no longer offer online registration of accounts. This raises interesting questions about where the UIDAI has found the misuse it refers to in the letter – have fake Aadhaars been used to mass create bank accounts for money laundering as several experts have warned in the past?
What is worth noting here is that just days after issuing the letter, Mr. Ajay Bhushan Pandey had made a presentation about how secure Aadhaar is, to the Supreme Court. The submission of his Aadhaar authentication logs to the Supreme Court has resulted in new questions being raised about his claims of efficiency with a 19% failure rate overall and even higher for public services not using internal UIDAI AUAs.