The rapid expansion of digital banking has brought a growing cybersecurity threat in the form of AEPS scams, where bank accounts can reportedly be drained without the use of debit cards or OTPs. Experts caution that this is not a system failure but a misuse of Aadhaar-based authentication, which is increasingly being exploited by cybercriminals using advanced digital techniques.
No Card, No OTP, Yet Accounts at Risk
The Aadhaar Enabled Payment System (AEPS), developed by the National Payments Corporation of India (NPCI), was designed to provide simple banking access, especially in rural and remote areas. It allows financial transactions using Aadhaar numbers and biometric authentication such as fingerprints or facial verification. However, what was intended as an accessibility tool is now being misused as a channel for cyber fraud.
Cybersecurity experts explain that fraudsters typically begin by collecting Aadhaar details and personal information through data leaks, phishing websites, or social media exposure. With the help of AI-powered tools, they then create fake digital identities and attempt biometric manipulation or cloning techniques to bypass authentication systems. In some cases, fake agents operating through Common Service Centres (CSCs) carry out unauthorized transactions without the victim’s knowledge.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Aadhaar Biometrics Become Fraud Target
The Indian Cyber Crime Coordination Centre (I4C) has also issued warnings regarding the rising misuse of AI in identity-based frauds. According to the agency, cybercriminals are now using artificial intelligence to generate fake profiles and digital identities, making detection significantly more difficult. This trend is rapidly evolving and poses a serious challenge to banking security frameworks.
The Future Crime Research Foundation has described this emerging threat as “AI-Enabled Identity Cloning,” identifying it as one of the fastest-growing categories of financial cybercrime. The organization warns that such frauds are becoming increasingly sophisticated due to the integration of machine learning, deepfake technologies, and automated identity systems.
AI Identity Cloning Raises the Threat Level
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh has also raised serious concerns over this trend. He stated that modern cybercriminals are no longer relying solely on technical hacking methods but are instead exploiting human trust and procedural loopholes. According to him, the biggest risk in AEPS-based systems lies in biometric data compromise, as once such data is leaked, reversing the damage becomes extremely difficult. He strongly advised users to never share Aadhaar numbers or biometric information with unknown individuals or unauthorized agents.
Experts Urge Users to Lock Biometrics
Experts recommend several preventive measures to reduce risk. Users should lock their Aadhaar biometrics through UIDAI services, ensure SMS banking alerts are activated, and regularly monitor all transaction notifications. It is also advised to avoid sharing photocopies of Aadhaar documents unnecessarily and to verify any request for Aadhaar or biometric usage through official channels only.
Investigative agencies believe that AEPS-related frauds could become even more complex in the future with the growing use of AI and deepfake technologies. Cybercrime units are continuously monitoring suspicious transaction patterns and using digital forensic tools to trace fraudulent networks. Authorities have urged citizens to immediately report any unauthorized or suspicious transactions to prevent further financial loss.
Experts further emphasize that in the digital era, cybersecurity awareness remains the strongest defense. As technology evolves, so do the methods of fraud, making vigilance, verification, and cautious digital behavior essential for safe banking practices.
