In order to make Aadhaar accessible to often undocumented poorer citizens, obtaining an Aadhaar card does not require significant documentation, with multiple options available. In theory, the use of biometric facilities should reduce or eliminate duplication. So, in theory, while it may be possible to obtain the card under a false name, it is less likely that a person would be able to obtain another Aadhaar card under a different (or real) name.
The Aadhaar card itself is not a secure document (being printed on paper) and according to the agency should not be treated as an identity card though it is often treated as such. However, with currently no practical way to validate the card (e.g. by police at airport entry locations) it is of questionable utility as an identity card. “There are five main components in an Aadhaar app transaction – the customer, the vendor, the app, the back-end validation software, and the Aadhaar system itself.
There are also two main external concerns – the security of the data at rest on the phone and the security of the data in transit. At all seven points, the customer’s data is vulnerable to attack … The app and validation software are insecure, the Aadhaar system itself is insecure, the network infrastructure is insecure, and the laws are inadequate,” claims Bhairav Acharya, Program Fellow, New America
ertain mobile apps claim to verify an Aadhaar card using a QR code scanner. However, the QR code is not a secure representation of an Aadhaar card either and can be copied and edited. The only way to validate an Aadhaar card is to perform an online validation, which will confirm that the card number is valid, confirm the postal code and gender of the holder (but not their name or photo). In theory, this means that is possible to create a false Aadhaar card using the number of a genuine holder from the same postal code with the same gender, with the card subject to a number of cases of counterfeiting.