The list of farmers who had supposedly defaulted on loans, and who needed waivers, shows 253 farmers with the same Aadhaar number 100000000000. (Image: Reuters)

Okay, I have decided that my #aadhaar number is 111111111111 same as that of @thesuniljain”, a journalist jokes on Twitter in response to the story on Maharashtra’s farm loan waiver where it was found hundreds of farmers had the same Aadhaar number and, in many cases, even the same bank account number. The list of farmers who had supposedly defaulted on loans, and who needed waivers, shows 253 farmers with the same Aadhaar number 100000000000. More than 50 farmers have the Aadhaar number 111111111111. “Can I hv 222222222222 ?”, another anti-Aadhaar campaigner tweets in reply. “Ok”, comes the reply, “but no exclusive rights. Just 1000 others will share it with you!!!”. It is not just the Twittersphere, reputable newspapers and magazines are also replete with stories/comment suggesting that if this is how badly Aadhaar has been caught out, how much more is hidden under the hood? As if in response comes the story, from Hyderabad, of how some people stole the Aadhaar data—not the biometrics that are encrypted but the names, ages and Aadhaar numbers—of close to 300 people from an e-seva centre, probably the one where they were enrolled for Aadhaar, and used these to create bank accounts.

Once this was done, in collusion with pension officials in the state, Rs 40 lakh of pensions were directly credited into these accounts. Given that many people can get Aadhaar numbers and personal details like names and ages, even addresses of persons registering for Aadhaar, it does look as if the system is ripe for huge fraud. After all, unlike the case of ration shops where a beneficiary has to authenticate his/her presence on a point-of-sale (PoS) machine for each transaction, in the case of a bank account, no such authentication is required—while 80% of all ration cards are already Aadhaar-seeded, around 50% of all ration shops have PoS machines to ensure instant authentication. In other words, apart from PDS rations, is all other government spending susceptible to Aadhaar-enabled fraud?

The answer is an emphatic no. Indeed, it is important to keep in mind this siphoning off of funds has been happening for decades – while the NSS conclusively shows the extent of the theft in the case of PDS rations, there is no similar all-India data on other fraud; it is unlikely, though, that if the fraud took place in PDS rations, it did not extend to other areas. Indeed, in the Maharashtra case, if the supposed defaulting farmers didn’t have Aadhaar numbers, the scam wouldn’t have been caught. The Maharashtra government sent the data to UIDAI to check if the Aadhaar numbers were correct, not just some random numbers, and whether they were those of genuine people—it was then that the fraud was discovered — even if the numbers were not the same, the Aadhaar database would have caught them out.

How will Aadhaar catch such fraud in the future and, the question is, how at-risk is all government money that is transferred using an Aadhaar-linked account? Surprising as it may seem after the Maharashtra and Andhra Pradesh cases, no money is at risk. In June this year, the Prevention of Money-Laundering Act (PMLA) Rules were amended to take care of the fact that, while an Aadhaar authentication is required for each PDS transaction and this is done through a PoS device that sends the biometric to the Aadhaar database for a confirmation of identity, nothing of the sort happens in bank accounts. The PMLA rules have been modified to ensure that no new bank accounts are opened without an e-verification of the Aadhaar number.

So, if person A says her Aadhaar number is 123456789876, a bank employee has to take a fingerprint and send this to the Aadhaar database for an immediate authentication; alternatively, if your bank account number and Aadhaar records are linked with a mobile number, an OTP option can also be considered. Each existing bank account will also have to go through a similar verification process. Once this exercise is done, and Aadhaar numbers linked to bank accounts are e-verified—for safety, the same exercise can be done once a year, for instance—it will not be possible for any bank to put out data showing even two people with the same Aadhaar number. What if a bank says it has done the verification, but actually hasn’t? It can keep transferring government money to fake accounts, right?

Not quite, since banks have to keep records of the digital response from UIDAI that says the account has been verified—the punishment under PMLA is a jail term. And every government department sending out funds will have to check if bank accounts have been verified. And if banks are being asked to do verification of accounts, each government department is issuing instructions to verify each beneficiary using Aadhaar—to use our current example, the pension department in Hyderabad will have to do this. Once both ends are fixed, it is difficult to see how such fraud can be perpetuated. Aadhaar is the good guy here, but h earing our activists, you would think it was the guilty party.