While many officials say the availability of the Aadhaar number itself is not a breach, payment industry security experts disagree.According to Nitin Bhatnagar, associate VP (business) at SISA, a payment security specialist, said the exposing of an Aadhaar number amounts to a breach. A fraudster with the Aadhaar details of a customer can obtain a cloned SIM card and use it for fraudulent transactions.The CIS report highlights how these public databases are exposing citizens to risk. "When Nandan Nilekani claims repeatedly that the Aadhaar data is secure, his focus is largely on the enrolment data collected by UIDAI, or authentication logs maintained by it. "There is no mandate for Aadhaar enabled payments to be part of PCI DSS scope but we have seen voluntary adoption of the PCI DSS standard for AEPS by security-conscious organisations," Bhatnagar said. Based on these risks, SISA recently released a tool called Tipper to facilitate the discovery of Aadhaar numbers and help organisations mask them through a centralised console.

Source: Times of India May 02, 2017 20:42 UTC