New cards can be activated using fingerprints multiple times

Next time you want to buy a new Subscriber Identity Module (SIM) card for your mobile device, be wary if your retailer tries to take your Aadhaar-linked fingerprints more than once.

The retailer can get a new SIM card activated — without your knowledge — using your thumb impression multiple times. Cases have surfaced of SIM cards thus activated being sold to persons who have then used them to commit crimes.

A SIM card retailer of Yasin Mobiles shop, Mohammed Rahmatullah, in Amberpet of Hyderabad was caught by Department of Telecommunications officials here two days ago on such a charge. “He admitted to have sold over 150 SIM cards fraudulently acquired in this manner. Some of these cards are being used to operate illegal Voice over Internet Protocol (VoIP) phone call rackets at different places in the country,” a senior DoT officer told The Hindu.

VoIP racket

A Hyderabadi woman grew suspicious when she got a phone call from abroad with a local mobile phone number. She complained to a DoT call centre. “Our inquiries confirmed that she got phone call from abroad through someone operating a VoIP racket, who purchased a local SIM card from a retailer. The latter got that SIM card activated by misusing Aadhaar biometrics of an unsuspecting person,” they explained. Further investigations suggested that SIM cards obtained by misusing customers were being used by many illegal phone call operators in other parts like Delhi. “We’re alerting officials concerned and catching them with the help of local police,” the DoT officials said. VoIP call rackets are not only making a huge dent on the exchequer but also raising security concerns. The authorities are worried that these cards may land in the hands of terrorists.

Mobile phone service SIM card sellers have Aadhaar card biometrics readers, and the scanners are connected to a computer to process applications for different service providers. Retailers verify customer’s fingerprints often with customers not being able to see the confirmation of identify on computer screens.

“Customers do not know if biometrics matched in the first attempt. Hence, retailers collect fingerprints multiple times,” the authorities said. When the fingerprints match, automatically all details, including photograph, available in Aadhaar card, are captured in the mobile phone service provider’s Know Your Customer (KYC) form.

Earlier, this was done manually using a photocopy of customer’s identity proof document. The retailers who create multiple SIM using a single identity are reportedly selling them to fraudsters for ₹1,000 to ₹3,000 each.

Since roaming charges were done away with, SIM cards purchased in Hyderabad can be used anywhere. “Our analysis of some SIM cards sold by Rahmathullah suggest that they were being used to operate VoIP call rackets from various places in the country,” the investigators said.

Amberpet police of Hyderabad Commissionerate registered a criminal case against Mohammed Rahamatullah and he was booked under sections 471 (using forged document or electronic record as genuine) and 420 (cheating) of IPC, besides Indian Telegraph Act provisions.

DoT officials are planning to take up a countrywide campaign to caution people against falling prey to the misuse of Aadhaar biometrics by SIM card sellers. Mobile phone service providers have been asked to send individual messages to all their customers about the fraudulent practice.

The campaign would use short video clips, slides and photos. “We are yet to devise a plan on alerting people of rural and remote parts about the scam,” the officials said.