By Sunil Garodia
First publised on 2026-05-01 15:28:43
India's digital payments system rests on a single pillar - Aadhaar. That pillar is now being stress-tested by artificial intelligence.
In 2025, the Unique Identification Authority of India introduced face authentication into its ecosystem - a system that matches a live camera image with Aadhaar records to verify identity instantly. It was pitched as frictionless and secure.
It is now being weaponised.
The Weak Link: AEPS
The Aadhaar Enabled Payment System allows withdrawals using just three inputs - bank name, Aadhaar number, and biometric authentication.
No OTP. No PIN.
Designed for inclusion, it has quietly become one of the most exploitable financial rails in the country.
From Fingerprints to Faces
Fraudsters were already cloning fingerprints using leaked Aadhaar data to drain accounts. By 2023, AEPS fraud made up 11% of cyber-enabled financial crime in India.
Now, the method has evolved.
Cybercrime agencies warn that attackers are using AI-generated facial identities to bypass authentication. A photograph - pulled from social media, land records, or documents - is enough. AI tools animate it, simulate liveness, and present it at an AEPS terminal. The system verifies. The withdrawal goes through.
No alert. No OTP. No resistance.
The Core Risk
Biometrics are not passwords. They cannot be reset.
Once your facial data is compromised, the breach is permanent. Every image you have shared - publicly or through government records - becomes raw material for identity theft.
The barrier to entry has collapsed. What once required technical sophistication now needs little more than a photo and a free app.
A Systemic Failure
The real vulnerability is not just technology - it is architecture.
Biometric data is scattered across poorly secured state portals, especially land and revenue databases. A fraudster does not need to breach Aadhaar's core systems. One weak government website is enough.
As cybercrime experts have repeatedly warned, the threat lies in data leakage combined with procedural gaps - not just hacking.
What You Must Do
Lock your Aadhaar biometrics immediately through UIDAI or the mAadhaar.
Enable bank alerts. Avoid sharing Aadhaar details. Treat any biometric request with suspicion.
If fraud occurs, act fast: report to your bank and file a complaint at cybercrime.gov.in or call 1930.
The Bigger Question
India's digital identity system has expanded financial access at an unprecedented scale. But scale without security is a liability.
Face authentication is not the problem. Deploying it without robust safeguards is.
Without multi-factor authentication, secure data infrastructure, and real-time fraud detection, AEPS risks becoming a pipeline for silent financial theft.
The criminals have already upgraded. The system has not.









