Skip to main content
Scam Alerts Critical

AePS Fingerprint Cloning Scams: Lock Your Aadhaar Biometrics

The AePS fingerprint cloning scam involves criminals stealing thumbprint images from public property registries, creating silicone physical clones, and using them on fake mini-ATMs to withdraw money directly from victim bank accounts.
By Founder & Tech Writer, GetInfoToYou Updated 7 min read Fact-checked: Sudarshan Babar Reviewed 09 May 2026
Close up of a silicone cloned fingerprint used in AePS bank scams in India
📚

Educational Purpose: This article is published to help readers identify and protect themselves from online scams. We do not promote or endorse any fraudulent activity. If you have been a victim, call 1930 or report at cybercrime.gov.in.

Key Takeaways

  • Scammers use stolen property registration documents to create physical silicone clones of your fingerprints.
  • Criminals use these fake fingerprints on AePS machines to bypass OTPs and drain bank accounts silently.
  • You will not receive an OTP warning for these transactions, only a direct debit SMS from your bank.
  • The most effective protection is locking your biometric data via the myAadhaar portal or mAadhaar app.
  • Victims should immediately call the 1930 helpline and file a report at cybercrime.gov.in.

Imagine waking up to an SMS stating INR 10,000 is debited from your bank account. You check your phone. You did not share an OTP. You did not click a shady link. You did not lose your debit card. Your money is just gone. This is the reality of AePS Fingerprint Cloning Scams, a fraud method that is currently robbing everyday Indian banking customers blind.

This scam bypasses the standard digital safety advice. We spent years learning to never share our OTPs or UPI PINs. Now, criminals are skipping the digital route entirely. They are building physical copies of your fingerprints to trick the Aadhaar Enabled Payment System. It is a severe security loophole that has forced authorities across the country to issue urgent warnings.

What is the Aadhaar enabled payment system (AePS)?

Before explaining the scam, we need to look at the system it exploits. The Aadhaar Enabled Payment System is a bank-led model that allows online financial transactions at Micro-ATMs through the business correspondent of any bank. It was designed with a good goal. People in rural India who do not have smartphones or cannot read debit card numbers can walk up to a local banking agent, provide their Aadhaar number, scan their thumb, and withdraw cash.

This system is incredibly useful for delivering government subsidies and pensions. Millions of Indians rely on it every day. But the simplicity that makes it accessible also makes it vulnerable. The only two things required to authenticate a transaction are your 12-digit Aadhaar number and your physical fingerprint.

How the AePS fingerprint cloning scam works

Scammers do not need to hack into the central Aadhaar database to steal your biometrics. The central servers are highly secure. Criminals found an easier target in local government offices and leaked paper documents. Here is the exact process they use to siphon funds:

  1. Data theft from public records: When you register a property at a local tehsil office, you often provide thumb impressions on physical documents. Many of these local registry offices have poorly secured digital archives. Scammers bribe insiders or hack into regional databases to steal high-resolution images of property deeds and marriage certificates. They easily find the Aadhaar numbers printed right next to the fingerprint images.
  2. The physical cloning process: Once the criminals have a clear image of your fingerprint, they use cheap materials to make a fake thumb. They print the fingerprint image onto a special film and expose it to a polymer gel. Some use simple butter paper, liquid silicone, and hot glue guns to create a 3D mold. This results in a synthetic fingerprint that perfectly mimics the ridges of your thumb.
  3. Becoming a fake banking agent: To process an AePS transaction, the scammer needs a Point of Sale (PoS) biometric machine. They use fake credentials to register as business correspondents for rural banks. This gives them the authorized hardware needed to access the banking network.
  4. Draining the bank account: The scammer enters your Aadhaar number into their machine and presses the silicone clone of your fingerprint onto the scanner. The machine registers a match. The network processes the request, and the money leaves your bank account. Criminals usually keep these transactions just under INR 10,000 to avoid triggering high-value fraud alerts. They repeat this daily until the account is empty.

Real examples of biometric fraud in India

In recent months, cases have spiked dramatically. Scamsters have been caught actively cloning fingerprints from tehsil records in states like Rajasthan and Haryana. Police recently arrested a software engineer running a massive operation cloning both fingerprints and iris scans. These gangs operate as organized syndicates. They target areas where digital literacy is low and exploit the trust people place in government systems.

The scale of the problem forced the Reserve Bank of India (RBI) to intervene. The RBI issued strict directives for banks facilitating these payments. They mandated that banks implement better fraud risk management systems. Despite these rules, the burden of immediate protection still falls entirely on you.

Warning signs that your account is compromised

The most dangerous aspect of this fraud is the silence. Because these transactions rely on physical biometrics, the system assumes you are standing at the machine. The bank does not send an OTP to verify the withdrawal.

  • You receive an unexpected SMS from your bank showing a debit you did not authorize.
  • The transaction description mentions "AePS", "UIDAI", or a strange rural bank correspondent name.
  • You notice a series of repeated withdrawals of exactly INR 5,000 or INR 10,000 over several days.
  • You recently submitted your Aadhaar card and thumbprints for local property registrations and suddenly see strange bank activity.

How to lock your Aadhaar biometrics (Step by Step)

You must take immediate control of your Aadhaar security. The absolute best defense against this scam is locking your biometric data. When your biometrics are locked, the UIDAI system instantly rejects any fingerprint or iris scan attempt, even if the scammer has a perfect silicone clone. Locking your data is free, reversible, and highly recommended by CERT-In.

Using the official UIDAI website

  1. Open your web browser and navigate to the official UIDAI myAadhaar portal.
  2. Log in using your 12-digit Aadhaar number and the OTP sent to your registered mobile number.
  3. Click on the section labeled Lock/Unlock Biometrics.
  4. The system will show you the current status of your biometrics. Click next.
  5. Tick the consent box, request a final OTP, and confirm. Your biometrics are now locked.

Using the mAadhaar mobile app

  1. Download the official mAadhaar app from the Google Play Store or Apple App Store.
  2. Set up your profile by entering your Aadhaar details and verifying with an OTP.
  3. Tap the biometric lock icon visible on the main dashboard.
  4. Enter your app PIN to apply the lock instantly.

If you need to use your fingerprint for a legitimate purpose, simply repeat the process and choose the unlock option. The system allows you to unlock your data temporarily for 10 minutes, after which it locks itself automatically.

Using the offline SMS method

If you do not have a smartphone, send an SMS from your registered mobile number to 1947. First, send "GETOTP" followed by the last four digits of your Aadhaar number. Once you receive the OTP, send a second message to 1947 in this format: "LOCKUID" followed by the last four digits of your Aadhaar and the six-digit OTP. This secures your data without needing an internet connection.

What to do if your money is already stolen

If you find unauthorized withdrawals in your bank statement, you need to act fast. Do not wait for the bank to call you. The longer you delay, the harder it is for authorities to track the funds.

Call the national cybercrime helpline at 1930 immediately. This number is operational across India. The operators can sometimes freeze the fraudulent transaction if you report it quickly enough.

Next, visit the official national cybercrime reporting portal at cybercrime.gov.in and file a detailed complaint. You need your bank statement, the exact time of the fraudulent transactions, and your Aadhaar details. Keep the reference number provided by the portal safe.

Finally, go to your bank branch. Submit a written complaint disputing the transactions and provide your cybercrime complaint reference number. According to RBI guidelines, if you report unauthorized electronic transactions within three days, your liability is zero. The bank is legally responsible for restoring your funds.

Take action today

The UIDAI is upgrading its systems with artificial intelligence tools designed to detect cloned fingerprints by checking for blood flow and sweat pores. However, upgrading millions of rural machines will take time. Until these hardware upgrades reach every corner of the country, your best defense is your own vigilance.

Take five minutes today to lock your data. Talk to your parents and elderly relatives. Many senior citizens are targeted because they rely heavily on biometric authentication for their monthly pensions. Help them secure their accounts using the app. You can read more about keeping your finances safe in our general security guides or learn how to safely use digital payment tools. If you have been targeted by phone fraud, check our recent warnings on telecom scams. A few simple clicks on your phone will save your life savings from a cheap silicone clone.

Frequently Asked Questions

Yes. The Aadhaar Enabled Payment System (AePS) allows transactions using only your 12-digit Aadhaar number and a physical biometric match. Scammers create silicone clones of your fingerprint to bypass the need for an OTP or PIN.
You can lock your biometrics by logging into the official UIDAI myAadhaar portal or using the mAadhaar mobile app. Once locked, any authentication attempt using your fingerprint or iris will be automatically rejected by the system.
You must immediately call the national cybercrime helpline at 1930 to report the fraud. Following the call, file a detailed written complaint on the official government portal at cybercrime.gov.in and notify your bank branch.

Sources & References

  1. When thumbprints aren’t safe: Scamsters clone fingerprints from tehsil records to siphon bank funds
  2. Major Aadhaar Updation Fraud Busted: Software Engineer Held for Cloning Fingerprints and Iris Scans
  3. Aadhaar biometric fraud: How to safeguard your data and prevent misuse
#Aadhaar fraud #AePS scam #bank fraud #cybercrime india #fingerprint cloning #UIDAI
S
Sudarshan Babar
Founder & Tech Writer, GetInfoToYou
Sudarshan Babar is a technology writer focused on making AI, cybersecurity, and digital government services accessible to Indian readers. He covers UPI scams, Aadhaar security, and emerging tech tools…

Related Articles