oppn parties The Face in the Machine - How AI Is Breaking AEPS Security

News Snippets

  • Former Punjab Police DSP Jaspal Singh, facing life imprisonment for the abduction and murder of activist Jaswant Singh Kalra (on whose life the banned movie Sutluj is made), has gone absconding after he was released on bail in May 2023
  • The Supreme Court has ruled that failure to report child abuse is punishable under sections 19 and 21 (read conjointly). It sais a headmistress who failed to report a rape complaint to the police will face prosecution
  • Novo Nordisk has introduced Awiqli, the weekly insulin for Type 1 and Type 2 diabetes patients dependant on daily shots
  • India and Australia boost defence ties and agree to fast-track talks on economic cooperation as PM Modi visits the country to hold bilateral talks with his counterpart Anthony Albanese
  • With monsoon changing gears, the entire country gets coverage and deficit was reduced to just 14%
  • Police searched the homes of the accused in the Ayodhya temple theft case and seized cash and valuables from the homes of three accused
  • Calcutta HC allows Mamata faction of TMC to use party bank accounts, says freeze order 'hurried'
  • 3 former TMC MPs - Sushmita Dev, Sukhendu Sekhar Ray and Prakash Chik Barik join BJP, get the party ticket for Rajya Sabha by-polls from Bengal
  • Government announces customs duty waiver for Li-ion cell and induction coil and electronics parts in order to boost domestic battery manufacture
  • TCS bucks the tech trend: Q1 revenue rises 2.7% and company adds 9000 to workforce amidst layoffs in most other firms
  • Stocks recover somewhat on Thursday: Sensex gains 238 points and Nifty 80 points
  • U-23 Athletics Championships: India win gold in 4X400 mixed relay
  • FIFA World Cup: Mbappe scores once as France beat Morocco 2-0 to enter the semifinals
  • 4th T20 versus England: India continue their woeful display in this tour, score just 158 for 7 with Shreya Iyer top scoring with 80 not out. England win by 9 wickets. With this, India have lost the 5-match series 0-3 with the first match washed out
  • Calcutta HC says that the rate at which SIR appeals are being disposed, it will take 21 years to clear all such appeals
FIFA World Cup: France beat Morocco 2-0 to enter the semifinals /////// India lose the 4th T20 by 9 wickets and the series to England
oppn parties
The Face in the Machine - How AI Is Breaking AEPS Security

By Sunil Garodia
First publised on 2026-05-01 15:28:43

About the Author

Sunil Garodia Editor-in-Chief of indiacommentary.com. Current Affairs analyst and political commentator. Author of Cyber Scams in India, Digital Arrest, The Money Trap and The Human Hack

India's digital payments system rests on a single pillar  - Aadhaar. That pillar is now being stress-tested by artificial intelligence.

In 2025, the Unique Identification Authority of India introduced face authentication into its ecosystem - a system that matches a live camera image with Aadhaar records to verify identity instantly. It was pitched as frictionless and secure.

It is now being weaponised.


The Weak Link: AEPS

The Aadhaar Enabled Payment System allows withdrawals using just three inputs - bank name, Aadhaar number, and biometric authentication.

No OTP. No PIN.

Designed for inclusion, it has quietly become one of the most exploitable financial rails in the country.


From Fingerprints to Faces

Fraudsters were already cloning fingerprints using leaked Aadhaar data to drain accounts. By 2023, AEPS fraud made up 11% of cyber-enabled financial crime in India.

Now, the method has evolved.

Cybercrime agencies warn that attackers are using AI-generated facial identities to bypass authentication. A photograph - pulled from social media, land records, or documents - is enough. AI tools animate it, simulate liveness, and present it at an AEPS terminal. The system verifies. The withdrawal goes through.

No alert. No OTP. No resistance.


The Core Risk

Biometrics are not passwords. They cannot be reset.

Once your facial data is compromised, the breach is permanent. Every image you have shared - publicly or through government records - becomes raw material for identity theft.

The barrier to entry has collapsed. What once required technical sophistication now needs little more than a photo and a free app.


A Systemic Failure

The real vulnerability is not just technology - it is architecture.

Biometric data is scattered across poorly secured state portals, especially land and revenue databases. A fraudster does not need to breach Aadhaar's core systems. One weak government website is enough.

As cybercrime experts have repeatedly warned, the threat lies in data leakage combined with procedural gaps - not just hacking.


What You Must Do

Lock your Aadhaar biometrics immediately through UIDAI or the mAadhaar.

Enable bank alerts. Avoid sharing Aadhaar details. Treat any biometric request with suspicion.

If fraud occurs, act fast: report to your bank and file a complaint at cybercrime.gov.in or call 1930.


The Bigger Question

India's digital identity system has expanded financial access at an unprecedented scale. But scale without security is a liability.

Face authentication is not the problem. Deploying it without robust safeguards is.

Without multi-factor authentication, secure data infrastructure, and real-time fraud detection, AEPS risks becoming a pipeline for silent financial theft.

The criminals have already upgraded. The system has not.