Haryana Police on Thursday raised a red flag on the state government’s digitisation of revenue records on the government’s website – jamabandi.nic.in. Citing a recent case, wherein an accused lifted thumb impression from the website, took it on the butter paper and created silicon thumb eventually using it to withdraw money using AEPS enabled POS machine, the state police has now recommended that the pages of revenue records carrying thumb impressions should not be made visible to general public on the website.
In a communication sent by the Faridabad district police, through cyber crime department to the state government, the Deputy Commissioner of Police (Headquarters, Faridabad) mentioned: “It is in reference to a case which has been traced by Faridabad police related to a Aadhaar-Enabled Payment System (AEPS) fraud where the victim’s money was withdrawn by creating a forged biometric thumb impression.”
The fraudsters log on to the Jamabandi website, fill in district and tehsil details and random dates, and then download all sale deeds for that day, the police stated.
“From any of the registered sale deeds, they copy the thumb impression on a butter paper and then create duplicate silicone thumbs. These thumb impressions and other details are then used to withdraw money from Aadhaar-linked accounts using AEPS-enabled PoS machines,” the letter read.
Jamabandi is a document prepared as part of a record-of-right in every revenue estate. It contains entries regarding ownership, cultivation and various rights in land among others.
The Haryana Police communication further said, “Since many frauds are happening in this manner because of easy availability of thumb impressions and other details on sale deeds, it is highly recommended that only the first page of deeds are made visible for the general public.”
The police also recommended an audit of the website to identify and fix other loopholes.
AEPS is an NPCI-led model which allows online interoperable financial inclusion transactions at PoS through the business correspondent of any bank using Aadhaar authentication.
The only inputs required to do a transaction under the AEPS mode are IIN (identification of the customer’s bank), Aadhaar number and fingerprint.