New Delhi: The Delhi Police have uncovered significant flaws in the system of the Unique Identification Authority of India (UIDAI) during their investigation of a bank fraud, according to a report by TOI. The police found that the Aadhaar system did not conduct facial biometrics matching when generating an identification for an individual. In a note to the UIDAI, the Delhi police stated that they discovered 12 bank accounts that were opened digitally, verified from the Aadhaar database, under different names but with the same photograph. This suggests that one person could generate multiple Aadhaar cards, with different fingerprints but the same photo.

The police discovered that the fraudsters were using the credentials of authorized agents who had provided them with their silicon fingerprints, printouts of the IRIS scan, and laptops configured to them. Although UIDAI rules state that authorized agents must work only from government offices with their GPS captured by the system, the fraudsters circumvented this by taking the configured laptop to the designated government institution/office every 2-3 days and syncing the machine to bypass the security check.

The Aadhaar system also has a flaw where it is unable to differentiate between silicon fingerprints and live fingerprints. The fraudsters exploited this by logging into the UIDAI system using the silicon fingerprints given to them by the authorized agents.