Aaadhar makes sense in some respects if its used only as a identification mechanism.
1. It should not a banking instrument on its own and sticks to being just an Id.
2 The entire system is made secure
Aadhar system allows both transactions (deposit and withdrawal) from a bank account that is linked to Aadhar. That means aadhar is a bottleneck for your bank security. Even if you are confident that your bank is secure, Aadhar can become a backdoor to get access to your bank account if a person could get into the aadhar systems even they don't have access to the
When govt hired security experts (and self proclaimed hackers) claim that systems are unbreakable, then there is something very seriously wrong with how the security is being approached. This has been the case for both Aadhar and UPI. It is common sense in system security world that everything is breakable. Such misguided arrogance is how breaches are allowed to happen. The copious use of MD5 hashing (in e-sign and other documentations that I could see on the net) is another proving point. No system that needs to be secure should be relying on MD5. Heck they should not be relying on SHA1.
The only form of security that the Aadhar system seems have is threats of legal action for aadhar abuse and that would be after the entire house burns which is a piss poor replacement for a secure system.
We already have cases of aadhar data abuse by corporate entities like Airtel. Airtel for instance has been caught opening Airtel bank accounts using the aadhar authentication done for linking aadhar to mobile number. They had also changed the default bank account to their Airtel bank account which means that any subsidy deposits would also go to airtel accounts.
Airtel was exposed, but what if it were Reliance which has political clout with present govt. What if they start a reliance bank and transfer money from your aadhar linked bank to the reliance bank account when do aadhar authentication for some reason?
