For a negligible fee, Manoj Kumar can assist the residents of Dumri Khas, a village not far from the India-Nepal border, fill out 14 different kinds of government forms, certificates and entitlements, all from his ageing desktop computer and battered printer-scanner installed on a rickety wooden desk in the village haat.
Yet since 8 November this year, shops like Kumar’s have caught the attention of digital privacy experts as the weakest link that could unravel Prime Minister Narendra Modi’s controversial decision to demonetise high denomination currency notes to crack down on unaccounted wealth.
Kumar isn’t a tout, he mans one of the 1,99,325 privately run Common Services Centres (CSCs) set up by the central government to help rural Indians apply online for passports, caste certificates, old age pensions, birth certificates, Aadhaar numbers and bank accounts, without visiting a government office.
“We scan your documents and upload them to the government website,” Kumar said, “Then the department mails you back your card.”
Under the Prime Minister Jan Dhan Yojana, an Aadhaar card is all you need to open a no-frills account. In 2015-2016, CSCs like Kumar’s generated over 6 crore, largely unaudited, Aadhaar numbers, while printing out Aadhaar cards accounted for the largest number of transactions at CSCs, according to the CSC annual report.
In the process, CSCs have unwittingly become repositories for the sensitive private data of millions of Indians, which could be used to open and operate untold numbers of Jan Dhan (no-frills) bank accounts to park and launder money through India’s increasingly porous financial system.
Aadhaar cards apart, CSCs are flush with copies all sorts of documents that would be needed to open a fully operational bank account. When The Quint visited, Kumar’s desk was scattered with an assortment of driver licenses, ration cards, and pension applications.
CSCs are gathering confidential data with the aim of financial inclusion, but they are employed by private companies, and so are not accountable. They have the possibility of playing around with the identities of an entire population by sharing this data to anyone who pays for it.Anupam Saraph, IT Governance Expert, Former Advisor to Government of Goa
Reserve Bank of India circulars, interviews with bank officials, banking correspondents, and news reports indicate that touts have already begun using this information to hijack identities. The absence of adequate protocols has meant that the much-touted biometric security features of the Aadhaar number have been subverted with ease.
A recent report in Deccan Chronicle reveals that brokers in Hyderabad are buying photocopies of identity documents in bulk from CSCs, photocopy shops and establishments that required a copy of a photo id to provide a service. The ids, the newspaper reported, were being used to exchange five hundred and thousand rupee notes for new denominations.
The Jan Dhan Logjam
There are 25.68 crore Jan Dhan bank accounts in India. In the first fortnight after demonetisation was announced, deposits in Jan Dhan accounts increased by a startling Rs 27,198 crore. Banks also opened an additional 16.48 lakh such accounts.
On Wednesday, the RBI tacitly admitted that at least some of the money gushing in through these accounts might be laundered when it issued a circular capping the monthly withdrawals to Rs 10,000 for Jan Dhan accounts with complete Know Your Customer (KYC) documentation, and Rs 5,000 for those with incomplete KYC.
The limits, the RBI said, were introduced, with “a view to protect the innocent farmers and rural account holders of PMJDY from activities of money launderers and legal consequences under the Benami Property Transaction & Money Laundering laws.”
A Fragile and Porous System
In March this year, Finance Minister Arun Jaitley stressed that the introduction of the biometric-linked Aadhaar number would reduce corruption, fraud, and save the government hundreds of crores of rupees.
Yet experts argue that a push for financial inclusion at the cost of diluting regulatory norms could have compromised India’s banking system.
India’s banking system, legal theorist and Aadhaar critic Usha Ramanathan said, has undergone a quiet but significant transformation over the past few years, and the burgeoning balances in Jan Dhan accounts are evidence of its fragility.
Banking is now a thoroughly porous system. From the time you produce an ‘identity' to the time you use the identity to conduct a transaction, there is nothing tangible to fix it on.Usha Ramanathan
The RBI has, historically, been suspicious of accounts like Jan Dhan that use Aadhaar numbers as the sole basis basis for opening bank accounts.
In January 2011, the RBI issued a circular that made anti-money laundering rules applicable to accounts opened using Aadhaar, yet in September that year, the bank reversed its decision “after further consultations with Government.”
In May this year, the RBI reiterated its concerns that Jan Dhan accounts could be used as “money mules”. According to a PTI report, Deputy Governor SS Mundra warned that most banks still relied on “primitive and generally ineffective” exception transaction mechanism to alert them when large sums cycled through these accounts, meaning money could potentially be laundered without raising any alarms.
The Biometric Work-Around
“It is true that each Aadhaar number has a biometric signature, but my bank does not have a biometric reader,” said a branch manager of a rural bank in Uttar Pradesh, explaining that his bank had no way of authenticating Aadhaar numbers presented before him.
“When the Jan Dhan scheme was announced, we asked people to bring a printout of their Aadhaar numbers. If the photo matched, we opened the account,” he said, requesting anonymity to speak freely.
Once the account was opened, the manager continued, there was no biometric requirement to deposit or withdraw money from the bank branch. “All you need to do is fill out a withdrawal slip,” he said.
”Linking Aadhaar to bank accounts is facilitating mechanisms to launder money, to siphon off subsidies. Once you seed your bank account with an Aadhaar number, you can transfer money electronically between accounts,” said Dr Saraph, the IT expert, raising the prospect of hundreds of crores moving seamlessly between thousands of fake accounts.
Much of the conversation about banking security, digital security experts said, rightly focused on the security of the centralised databases maintained by government authorities. Yet, identity theft, demonetisation has revealed, is equally likely at a photocopy shop down the road.