Context: 

Many incidents have been reported in different parts of the country in which bank accounts were drained using an Aadhaar­ linked fingerprint without needing a two­ factor authentication. 

Image Source: Times Now

About AePS:

• The Aadhaar ­enabled Payment System (AePS) is a bank­ led model which allows online financial transactions at Point-­of-­Sale (PoS) devices and micro ATMs of any bank using Aadhaar authentication. 
• The model removes the need for OTPs, bank accounts and other financial details. 
• It allows fund transfers using only the bank name, Aadhaar number, and fingerprint captured during Aadhaar enrolment, according to the National Payments Corporation of India (NPCI).

Is AePs enabled by default?

• Neither the Unique Identification Authority of India (UIDAI) nor NPCI mentions clearly whether AePS is enabled by default. 
• Cashless India, a website managed and run by the MeitY, says the service does not require any activation, with the only requirement being that the user’s bank account should be linked with their Aadhaar number. 
• Users who wish to receive any benefit or subsidy under schemes notified under section 7 of the Aadhaar Act, have to mandatorily submit their Aadhaar number to the banking service provider, according to the UIDAI.

How is biometric information leaked? 

• The UIDAI has denied any breach of data. 
• The UIDAI said that the Aadhaar data, including biometric information, is fully safe and secure. However, UIDAI’s database is not the only source from where data can be leaked. 
• Aadhaar numbers are readily available in the form of photocopies, and soft copies, and criminals are using Aadhaar­ enabled payment systems to breach user information. 
• Scammers have, in the past, made use of silicone to trick devices into initiating transactions.

How to secure Aadhaar biometric information

• The UIDAI has implemented a new two-­factor authentication mechanism that uses a machine ­learning­ based security system, combining finger minutiae and finger image capture to check the ‘liveness’ of a fingerprint. 
• Users need to ensure that they lock their Aadhaar information by visiting the UIDAI website or using the mobile app. This will ensure that their biometric information, even if compromised, cannot be used to initiate financial transactions. 
• It can be unlocked when the need for biometric authentication arises, such as for property registration and passport renewals, after which it can again be locked.                                                                                                                          News Source: The Hindu