I observed during the Aadhar registration process in Bangalore that by default the registrar was encouraging registrants to link their Bank accounts to the Aadhar application. Risk associated with such process has been highlighted by the fraud reported in Midday
According to this report a fraudster operating from China had used the information to open fake accounts in the name of several Aadhar card holders in six different locations and transfer about Rs 1.75 lakhs to those accounts from the account of the victim.
This is an indication that the bank which opened the fake accounts was grossly negligent in opening the accounts using the Aadhar linkage as a KYC process.
Of course the case also involves fraudulent access at the Bank where the account was kept and the failure of the OTP system relied upon by the RBI is also indicated. The fraudster seems to have blocked the SIM card of the bank customer and diverted the SMS messages as well as probably the OTP messages. The mobile company also appears to be at fault in the process.
Though legally the Bank where the account was kept, the Mobile Company and each of the Banks where the fake accounts are opened are all liable for both civil and criminal consequences and liability to compensate the victim, the process of initiating suitable action in this regard and recovering the amount requires efforts. ..More so since Bankers act as rogues and bully the customers into absorbing the liability themselves or persuade them to follow up with the Police.
Naavi has been pursuing several cases of this sort and found that Banks have friends in many places to delay delivery of justice. Hope RBI will wake up to recognize its folly to depend on OTP in the first place and then on the Aadhar in the second place. These strategies have subordinated Bank security to the security of the Mobile and Aadhar systems. Since these are weak at present, Bank systems have also been rendered weak. This is a serious policy lapse. In future cases of such nature, I will not be surprised if RBI is also made a party to the fraud for its own negligence.