UIDAI's service is akin to bank passbook entries; you can raise a red flag if you suspect misuse; problem: hacker's identity remains hidden

In order to improve the security of Aadhaar, the Unique Identification Authority of India (UIDAI) offers a service that allows a user check the history of Aadhaar authentication. The Aadhaar account holder can check if any anyone tried to authenticate his Aadhaar using biometric, one-time password (OPT) and demographic details.

The service lets you keep a track of authorised and unauthorised verification on your account. “Think of this service like debit and credit entries on your bank passbook that help to keep a tab on the money in your bank. If you see an unauthorised authentication on your Aadhaar account, you can raise a red flag,” says a cyber law expert.

While it helps users to know the history of authentication, UIDAI still needs to make it user-friendly. The service doesn’t mention who tried to authenticate your records. Instead of the name, it gives a code of the institution/service provider that tried to authenticate your account.

To access the record, you need to go the ‘Aadhaar Authentication History’ under the ‘Aadhaar Services’ section at the UIDAI website. Once you enter your Aadhaar number and a security code, you are directed to a page where an individual can select the transactions he needs to view. You can check either biometric, one-time password or demographic authentications individually or select ‘All’ to see them in one page.

The service allows you to check up to 50 transactions that were done over the last six months. The service lets you access the record after you key in the OTP sent on the mobile, which means the individual needs to have his mobile number registered with Aadhaar.

Once you select the details and enter the OTP, you can see the list of authentications done. Each transaction bears the date and time it was executed apart from informing you whether or not it was authorised. It does not necessarily make it clear where the authentication took place. Also, there are no details of the institution that attempted to verify the details. Instead of the name, there’s a ‘Response Code’.

So, how do you know if the authorised transactions were initiated with your consent? One way is to go to your inbox and check if there were corresponding emails from UIDAI for Aadhaar authentication.

If you have registered the email with Aadhaar, you also get an email after each authentication. You can use the ‘response code’ from the history to search through your email inbox to know more about the transactions. The email also mentions the device that was used for authentication, which can further help.

You may also have many entries when you check for demographic authentication. For some users, UIDAI doesn’t send emails for demographic authentications.

If there’s a successful transaction that you don’t recognise, contact UIDAI by calling 1947 or by forwarding the details to help@uidai.gov.in. “When it comes to Aadhaar, there’s are limited grievance redressal mechanism. You can only do it by phone or by sending an email to UIDAI. There’s no other way or next level authority in case your grievance is unresolved,” says an activist who is fighting the case against Aadhaar in the Supreme Court.

To prevent misuse of Aadhaar, the best way is to lock your biometrics. While an individual can do it online at UIDAI website, it’s much easier to do it on the Aadhaar app. An individual can unlock biometric verification whenever.

Source : BS

U.P.C.Tauro, Secretary IPROA

Contact Secretary

Tuesday 23 January 2018