Hyderabad: Cyber fraudsters used documents accessed from the AP registration and stamps department’s official website, IGRS, to fraudulently withdraw a total of Rs 14.64 lakh from 149 customers since May 5.
A gang of seven has been busted. They did the crime by cloning their fingerprints, said the cybercrimes police of Cyberabad here on Thursday. “They obtained the AEPS (Aadhaar Enabled Payment System) licence to access digital payments using the information obtained from IGRS portal,” an official said.
The police seized 2,500 cloned fingerprints, Rs 3.4 lakh in cash, 121 SIM cards, 20 mobiles, 13 debit cards, a PAN card, two Aadhaar cards, four biometric fingerprint scanners, three pen-drives containing downloaded land documents, one laptop and other gadgets from the arrested.
The mastermind, Nallagalla Venkateshwarlu alias Venkatesh, downloaded land registration documents from the official website of registration and stamps department of the AP government. He captured fingerprints and took customer service points using forged documents to withdraw funds from banks using cloned fingerprints, police explained.
He was assisted by Meghavath Shanker Naik and Sheik Khasim, Ratham Srinivas, Darshanam Samelu, Challa Manikanta and Vishwanathula Anil Kumar.
The scam was unearthed following a complaint from an executive of Epoint India, who appointed business correspondent agents for providing mini-bank services to customers of all banks with the AEPS method.
The complainant’s company had supplied the user ID and passwords to the agents to provide the bill payment services and facilitate money withdrawal and transfer through their application.
Venkatesh joined the firm on May 4 and secured an AEPS licence. He started transactions the next day. After a few days, the complainant got a notification that this agent had fraudulently withdrawn amounts from 149 bank customers without their knowledge, by cloning their fingerprints.
Explaining the modus operandi, Cyberabad police commissioner Stephen Raveendra said that the fraudsters had vast experience in the banking, lands and registration fields. By noticing the vulnerabilities in the IGRS Portal of AP, they had downloaded the state’s land registration documents.
“From the website, they collected the name, Aadhaar number and fingerprints of customers, with which they prepared polymer fingerprints using chemicals. After preparing the fingerprints, they registered with AEPS applications and used it to go to the linked bank accounts and find out the balance in them. E-Point India applications were used for withdrawing the amounts using the prepared polymer fingerprints. In this way, they prepared more than 10,000 fake fingerprints,” explained the commissioner.
In an advisory, Cyberabad police commissioner Stephen Raveendra stated:
* IGRS portal may be maintained in a secure way, where it should not allow random persons to view or download land registration documents.
* RBI is requested to issue guidelines to Digital payment Applications (AEPS) mandating proper KYC verification of agents as also multi factor authentication methods.
* Department of Telecom is requested not to allow 2 SIM activations on the same day with different modes of KYC; and citizens are requested to verify the same while taking a SIM card.
* Do not trust any mediators while opening bank accounts. Citizens may directly visit their banks.
…
