The Aadhaar database has introduced new security features like a virtual ID (VID) and UID tokens to make use of Aadhaar safer in the light of stories about Aadhaar information being leaked or of user agencies like telcos downloading Aadhaar numbers of people who go to get phone connections and misusing them later. The virtual ID is similar to that offered by UPI for payments where instead of your phone number you can mask this with another ID. In this case, users can go to the UIDAI database and generate a virtual VID as often as they want. So when you buy a mobile connection, give the VID instead of your Aadhaar number. When the telco sends this VID along with your biometric to UIDAI, the latter will mask your Aadhaar number and even other information while confirming your identity to the telco.
The move to enhance security is an ongoing process for all systems like banks and credit cards. While all biometrics are stored only on UIDAI’s servers in a heavily encrypted form, UIDAI installed GPS on its biometric-capture devices so it knew where the data was being captured. It then ruled that biometric authentication requests would only be entertained if they came from devices that were registered with UIDAI. To ensure people didn’t open bank accounts with stolen Aadhaar numbers — the Jharkhand government put out 1 million Aadhaar numbers by mistake last year, with names and addresses as well — the PMLA rules were changed to ensure all bank accounts would be authenticated with biometrics.