A Decade of Digital Evolution
India’s digital landscape has undergone a remarkable transformation over the past decade. With the advent of digital payment channels such as UPI, IMPS, and net banking, the country has achieved unprecedented growth in digital transactions. Despite these advancements, one specific demographic—rural middle-aged to senior citizens—was not fully utilizing this ecosystem. To address this gap and make basic banking services accessible in areas with limited banks and ATMs, the government launched the Aadhaar Enabled Payment System (AePS).
Introduction of AePS
The Aadhaar Enabled Payment System, introduced by the NPCI in 2016, is a digital payment method based on the Unique Identification Number (UIN) linked to the Aadhaar card. It allows Aadhaar cardholders to conduct financial transactions via Aadhaar-based authentication without needing to visit a bank. Instead, these transactions are facilitated by business correspondents (Bank Mitras) using micro-ATMs. AePS empowers all sections of society by making financial and banking services accessible to everyone through Aadhaar. It supports seamless fund transfers, cash deposits, withdrawals, balance inquiries, and more. Additionally, AePS facilitates the disbursement of government welfare schemes such as NREGA, social security pensions, and old age/handicapped pensions.
Exponential Growth
Since its launch, AePS has seen a significant boost in utilization. In 2019, the revenue from AePS transactions was around INR 5 billion. Within five years, this figure skyrocketed to INR 51 billion in 2024, a tenfold increase. By 2025, it is projected to reach INR 67 billion. In 2023 alone, over 370 million customers conducted transactions through AePS, highlighting its widespread adoption and success.
Rising fraud concerns
However, the rapid growth of AePS has also attracted fraudsters, targeting the predominantly rural, middle-aged, and senior population. Over the past 2–3 years, numerous reports of AePS-related fraud have surfaced. For instance, in Hyderabad, a gang of cybercriminals was arrested for fraudulently withdrawing ₹14.64 lakh from 149 customers. Such incidents underscore the growing risk of cyber-financial scams associated with AePS. According to the Indian Cyber Crime Coordination Centre (I4C), AePS frauds accounted for 11% of cyber financial scams originating in India in 2023.
Addressing Fraud: RBI and NPCI Initiatives
In response to the increasing fraud cases, the RBI has instructed banks to streamline the onboarding process for AePS touchpoint operators, including mandatory due diligence. Additional fraud risk management requirements are also being considered. The NPCI has released circulars addressing customer withdrawal limits, account statements, and Business Correspondent (BC) onboarding procedures.
Strengthening onboarding processes
AePS providers must rigorously scrutinize the onboarding processes for business correspondent agents. This involves conducting comprehensive background checks to verify the authenticity and credibility of potential agents. Additionally, a risk-based categorization system should be implemented, where agents are classified based on an assessment of their history, including any previous instances of fraudulent activities or non-compliance. By adopting a detailed and systematic approach to onboarding, AePS providers can ensure that only trustworthy and low-risk agents are integrated into the system.
Moreover, continuous monitoring and periodic reassessment of BC agents are crucial to maintaining high standards of integrity and security. Regular training and awareness programs should be conducted to keep agents updated on the latest security protocols and fraud prevention techniques. By strengthening these onboarding and monitoring processes, AePS providers can significantly reduce the risk of fraud and enhance the overall security and reliability of the payment system. This proactive approach not only safeguards the interests of users but also fortifies the reputation and operational efficiency of the AePS ecosystem.
Common fraud scenarios
One prevalent fraud scenario involves unauthorized cash withdrawals, where users receive no indication of the transaction. Fraudsters often impersonate fingerprints or deceive customers about the success of transactions. In some instances, BC agents have been known to use silica gel to replicate fingerprints, further complicating the detection of fraudulent activities. These sophisticated methods of fraud underscore the necessity for AePS providers to enhance their security measures and address these specific threats comprehensively. To combat these issues effectively, AePS providers need to strengthen their ecosystem and focus on specific patterns to identify and mitigate fraudulent activities.
Key Areas of Focus
- Transaction Limits and Patterns: Identifies suspiciously large transactions and unusual frequency within short time frames.
- Location and Time-Based Monitoring: Flags transactions from atypical locations or during unusual hours indicative of potential fraud.
- Recent Activity and Entity Monitoring: Detects suspicious transactions immediately or from blacklisted entities.
- User and Merchant Behaviour Patterns: Monitors IP address changes and recognizes trusted user behaviour through consistent transaction monitoring.
- Decline Patterns and Chargebacks: Identifies potential fraud through transaction declines and high merchant chargeback ratios.
Preparing for Future Challenges
Currently, the primary issue revolves around cash withdrawals. However, with the increasing volume of fund transfers, there is a potential risk of anti-money laundering activities. As AePS providers continue to expand their services, they need to be adequately equipped to handle these emerging challenges. This involves not only detecting and preventing fraudulent activities but also complying with stringent regulatory requirements to ensure the integrity of the financial system.
Conclusion
The AePS industry is booming, and as it grows, fraudsters will seek new ways to exploit the system. To sustain growth and protect users, financial institutions must enhance fraud and risk management systems by investing in advanced technologies like artificial intelligence and machine learning for real-time monitoring and anomaly detection. Continuous education and training for users and service providers on potential risks and best practices are also crucial.
By implementing robust security measures, the AePS ecosystem can mitigate fraud risks and continue to flourish, driving financial inclusion and transforming India’s digital payment landscape. Collaboration with regulatory bodies is essential to stay ahead of emerging threats and ensure a secure, seamless payment experience. With a concerted effort towards enhancing security and compliance, the AePS industry can thrive, paving the way for a more inclusive and digitally empowered India.