NetraPay: A Secure Aadhaar-Based Iris and PIN Enabled Digital Payment System

NetraPay: A Secure Aadhaar-Based Iris and PIN Enabled Digital Payment System

Er.Aniket Dattatray Shelke

B.Tech Student 2nd year, Department of Electronics and Telecommunication Engineering.

Department Of Technology, Shivaji University,Kolhapur, Maharashtra, India

AbstractWith the rapid growth of digital transactions, the threat of cyber fraud, identity theft, and unauthorized access has significantly increased. Conventional authentication methods such as OTPs, passwords, and fingerprint scans are becoming increasingly vulnerable to spoofing, SIM-swapping, and phishing attacks. The recent nationwide UPI outage in April 2025, which disrupted millions of digital payments, further highlights the need for a secure and resilient alternative. To address these challenges, this paper proposes NetraPay an Aadhaar-based digital payment system that utilizes iris recognition combined with a user-defined PIN for two-factor biometric authentication. NetraPay leverages UIDAIs biometric infrastructure to ensure tamper-proof user identity verification. The system is developed on a microcontroller platform integrated with an iris scanner, keypad, and secure communication protocols. It supports multiple bank accounts linked via Aadhaar and facilitates encrypted, PIN-verified transactions across various platforms including ATMs, retail stores, government schemes, rural kiosks, and public transport systems.

This paper presents the system architecture, hardware-software integration, transaction workflow, and practical applications. NetraPays design is inclusive and scalable, offering a fraud- resistant alternative to UPI-based systems particularly in network-outage scenarios or for populations without smartphone access. With its ability to support seamless payments in public buses through iris-based authentication, NetraPay represents a major step toward secure, accessible, and infrastructure- independent digital payments in India.

Keywords Aadhaar, Iris Authentication, Digital Payments, UIDAI, Biometric Security, NetraPay, Two-Factor Authentication, Secure Transactions .

1. INTRODUCTION

   In recent years, India has witnessed an unprecedented rise in digital transactions, driven by initiatives like Digital India, the widespread adoption of UPI (Unified Payments Interface), and the integration of Aadhaar for identity verification. These advancements have revolutionized the convenience and accessibility of financial systems, enabling millions of Indians to engage in digital financial services. However, alongside this rapid growth in digital payments, there has been an alarming increase in cyber fraud, identity theft, and unauthorized financial access. The proliferation of cyberattacks, phishing, SIM-swapping, and identity theft has exposed the vulnerabilities of traditional security mechanisms, particularly in systems that rely heavily on One-Time Passwords (OTPs), SIM-based authentication, or simple PINs. These methods,

   while effective to an extent, are increasingly being exploited by fraudsters, leading to significant financial losses.

   One of the most pressing concerns in the Indian financial ecosystem is ATM fraud. With the widespread usage of Automated Teller Machines (ATMs) for banking and financial transactions, fraudsters have found multiple avenues to exploit security gaps. ATM skimming, card trapping, and PIN interception are common forms of fraud that leave users vulnerable to unauthorized transactions. Fraudulent devices, such as skimmers placed over card slots, capture users card details, while hidden cameras and fake keypads are used to capture PINs. Moreover, SIM swapping attacks allow fraudsters to gain access to OTPs, further complicating the security landscape of ATM transactions.

   Traditional forms of authentication, such as PINs and fingerprint-based biometrics, have their own set of vulnerabilities. PINs, once stolen, can be easily exploited, and fingerprints, though unique, are immutable and cannot be changed if compromised. This lack of flexibility in the authentication process creates significant risks, especially when the stolen credentials are used for illicit purposes like ATM fraud. The current reliance on OTP-based authentication is also highly susceptible to various phishing attacks and SIM swapping incidents, which have become more prevalent in recent years.

   Furthermore, the lack of secure authentication methods in rural areas and public service platforms has made a large section of the population vulnerable to financial exploitation. These gaps in security have led to a digital divide, where millions of Indians remain at risk of fraud due to inadequate safeguards in place, particularly in the face of rapidly advancing cybercrime tactics. This situation is exacerbated by the fact that many rural populations do not have access to smartphones or reliable internet connections, making them more susceptible to exploitation through digital payment systems.

   In response to these critical issues, NetraPay proposes a comprehensive solution to secure digital transactions by combining Aadhaar-based iris recognition with PIN verification. The use of the human iris as a biometric identifier offers an immutable and highly accurate form of authentication. Unlike fingerprints, which may degrade or be altered due to manual labor or injury, the iris remains consistent throughout a persons life, making it an ideal candidate for identity verification in secure systems. By linking iris recognition with Aadhaar UIDAI verification and a

   user-defined PIN, NetraPay creates a robust two-factor authentication (2FA) system that offers enhanced security while drastically reducing the risk of impersonation and unauthorized access to financial accounts.

   The NetraPay system is designed to be inclusive, affordable, and scalable. It integrates a microcontroller-based hardware platform with an iris scanner and a keypad, providing an easy- to-use interface for users to authenticate transactions securely. Additionally, secure API calls to UIDAI servers (simulated for the prototype) ensure that users' identities are verified in real- time, with encrypted data transmission and session management that protect sensitive transaction details from cyber threats. The systems ability to operate on a microcontroller-based platform makes it an affordable solution that can be deployed widely, even in areas with limited technological infrastructure.

   The introduction of such a biometric-enabled payment system will have a transformative impact on Indias digital payment infrastructure. It will provide a secure, scalable, and cost- effective solution to combat ATM fraud and cybersecurity threats that currently plague the nations digital payment systems. By leveraging Aadhaar and iris biometrics, NetraPay enhances the security of transactions, making them immune to the common vulnerabilities of OTP-based authentication and PIN theft. Furthermore, NetraPay is designed to be accessible, making it an ideal solution for rural populations who lack mobile literacy or access to smartphones, and who are particularly vulnerable to digital fraud.

   Beyond addressing the issue of ATM fraud, NetraPay aligns with the Indian governments vision of financial inclusion and Aadhaar-linked digital services. It offers a secure and accessible alternative to existing payment systems, ensuring that all citizens, regardless of their location or technical ability, can participate in the growing digital economy. By focusing on both security and inclusivity, NetraPay has the potential to revolutionize the way digital payments are conducted in Inda, offering a secure, seamless, and fraud- resistant platform for financial transactions.

   This paper explores the conceptualization, design, hardware- software integration, working flow, and potential use cases of NetraPay. The proposed system represents a forward-thinking solution to one of the most pressing challenges in the digital financial ecosystemfraud prevention. Through its emphasis on identity integrity, security, and accessibility, NetraPay provides a reliable and future-proof framework for secure digital transactions that can be scaled to meet the demands of Indias diverse population.

2. EXISTING SYSTEM VS PROPOSED SYSTEM

   Feature	Existing System	NetraPay
   Authentication Method	OTP,Passwords, UPI PIN	Iris+Aadhaar PIN
   Device Required	Smartphone,SIM	Biometric Device Only
   Vulnerability	SIM swap, OTP theft	Minimal due to iris-based login
   Account Linking	Single account via app	Multiple bank accounts via Aadhar
   Accessibility	Urban-focused	Urban + Rular

   1. Authentication Method

      • Existing Systems: Use relatively weaker forms of authentication such as OTPs sent via SMS, passwords, or UPI PINs. These can be phished, guessed, or stolen.

      • NetraPay: Uses a two-factor authentication mechanism combining iris recognition and a secure Aadhaar-linked PIN, making it much harder to bypass or forge.

   2. Device Required

      • Existing Systems: Depend on smartphones and SIM cards for OTPs and UPI apps.

      • NetraPay: Operates on a dedicated biometric device (e.g., embedded system with iris scanner), removing dependency on smartphones or SIMs.

   3. Vulnerability

      • Existing Systems: Vulnerable to SIM card swaps, OTP interception, and device theft.

      • NetraPay: Highly secure because biometric (iris) data is unique and cannot be replicated easily. This minimizes vulnerability to cyberattacks or unauthorized access.

   4. Account Linking

      • Existing Systems: Usually link one bank account to one app (e.g., PhonePe or Google Pay).

      • NetraPay: Can link multiple bank accounts via Aadhaar, giving users flexibility to choose the desired account during each transaction.

   5. Accessibility

      • Existing Systems: Primarily designed for urban users who have smartphones and internet access.

      • NetraPay: Designed to be inclusive, supporting both urban and rural users, even in low-connectivity areas, through a standalone biometric-based solution.

3. METHODOLOGY

   The NetraPay system is designed as a secure, biometric- enabled payment authentication solution that leverages iris recognition and PIN verification to combat fraud, especially in ATM and digital financial transactions. The implementation methodology includes both hardware integration and software development, working in tandem to create a robust, real-time authentication system.

   1. Hardware Components

      The hardware setup consists of cost-effective yet efficient modules integrated to perform secure identity verification and transaction authorization:

      Iris Scanner Module

      The core component for biometric identification, the iris scanner captures high-resolution images of the users iris and converts them into a digital template. The uniqueness and immutability of the human iris make it an ideal biometric for secure and accurate user authentication.

      Microcontroller(Arduino/ESP32):

      Acts as the processing unit of the system. It handles sensor data acquisition, PIN input processing, encryption routines, and manages communication with backend services. The ESP32 variant offers integrated Wi-Fi capabilities, making it suitable for connected applications.

      Keypad Module:

      Used for the input of the secondary authentication factor the PIN. This module provides a secure means of input for the user-defined personal identification number.

      Connectivity Module (Wi-Fi/Ethernet):

      Enables the system to communicate with UIDAI servers (simulated during testing). The choice of connectivity depends on the deployment environment Wi-Fi for wireless setups and Ethernet for more stable, wired installations.

   2. Software Architecture

      The software layer is responsible for orchestrating the logical flow of operations from user data capture to identity verification and encrypted session handling.

      Embedded C Programming:

      Used for firmware development on the microcontroller platform. It includes the logic for controlling the iris scanner, capturing keypad input, managing communication protocols, and processing user data.

      UIDAI API Integration (Simulated for Testing): To demonstrate Aadhaar-based verification, a simulated API setup replicates the functionality of UIDAI services. During actual deployment, this would be replaced with secure API calls to the UIDAI database for iris-based identity authentication.

      Encrypted Session Handling:

      Security is a critical component of the NetraPay system. Data exchanged between the device and verification servers is encrypted using secure hashing and session management techniques. This ensures that biometric templates, PINs, and transaction metadata are not exposed to external threats during transmission.

4. ARCHITECTURE DIAGRAM:

   • Working Flow:

   1. Iris is scanned via the module.

   2. The microcontroller fetches Aadhaar-linked identity and forwards it to UIDAI servers for verification.

   3. User selects linked bank account (if multiple).

   4. PIN entry is validated locally and encrypted before forwarding.

   5. Upon successful verification, transaction is processed and confirmation is displayed.

5. APPLICATIONS & USE CASES

   The NetraPay system has broad applicability across multiple domains by combining secure Aadhaar-linked iris recognition with a user-defined PIN. It serves as a robust, fraud-resistant alternative to traditional OTP or card-based authentication methods. Its versatile use makes it suitable for both high-tech urban environments and low-connectivity rural setups.

   1. Retail Stores and Shopping Malls

      NetraPay enables contactless biometric payments at retail outlets, allowing customers to make purchases using just an iris scan and PIN, eliminating the need for wallets, cards, or mobile apps. This speeds up transactions, reduces human error, and increases customer trust in payment security.

   2. ATMs and Banking Terminals

      ATM-related frauds like card skimming, PIN theft, and SIM- based OTP interception are major issues in India. NetraPay replaces card and OTP-based withdrawals with biometric

      ATM access, where users authenticate via their iris and Aadhaar-linked PIN. This two-factor model greatly enhances ATM security.

   3. Government Welfare and Subsidy Schemes

      NetraPay can be integrated into systems distributing Direct Benefit Transfers (DT), ensuring only the rightful Aadhaar- linked beneficiaries receive government subsidies or payments. This eliminates identity fraud, middlemen exploitation, and duplicate entries in social welfare schemes such as PDS, pensions, LPG subsidies, and MNREGA payments.

   4. Online Platforms and E-Commerce

      For digital platforms, NetraPay offers biometric login and payment options that replace traditional password and OTP- based systems. This increases transaction security in e- commerce, online banking, and fintech apps, while also reducing reliance on mobile networks or SIM-based authentication.

   5. Rural Banking and Financial Inclusion

      NetraPays standalone biometric devices can be deployed in rural areas lacking smartphones or internet. Local banking agents or village kiosks can use these terminals to provide secure access to financial services like balance inquiries, withdrawals, fund transfers, and government payouts, thus promoting inclusive banking.

   6. Maharashtra Government Bus Transportation (MSRTC) NetraPay can be integrated into Maharashtra State Road Transport Corporation (MSRTC) buses and terminals for biometric-based ticketing. Instead of paper tickets or mobile apps, passengers can verify their identity using iris and PIN authentication linked to Aadhaar. This system can:

      • Prevent ticket fraud and duplicate reservations

      • Ensure that subsidies for senior citizens or special categories reach genuine passengers

      • Enable cashless travel using Aadhaar-linked accounts

      • Track travel history for analytics and planning

      Such integration aligns with the states smart transport goals, improves transparency, and boosts passenger convenience.

   7. Healthcare and Insurance

      Hospitals and health insurance providers can use NetraPay for biometric patient identification, enabling secure claim processing, record retrieval, and policy verification. This ensures that only the authenticated Aadhaar-holder receives benefits, minimizing health insurance fraud.

   8. Educational Institutions and Scholarship Distribution NetraPay can be used in universities for exam hall authentication, scholarship payouts, and attendance verification. Aadhaar-PIN login helps prevent impersonation and ensures direct fund transfers to the rightful students bank account.

6. FUTURE SCOPE

   While the NetraPay system already addresses key concerns related to identity verification, ATM fraud, and financial inclusion, its future potential lies in expanding its technological reach, fraud detection capabilities, and system integration across national and global platforms. The following future developments can further enhance NetraPay's impact:

   1. AI-Powered Fraud Detection and Behavior Monitoring One of the most critical areas for enhancement is real-time fraud detection. By integrating Artificial Intelligence (AI) and Machine Learning (ML) algorithms, NetraPay can learn from transactional patterns and flag anomaliessuch as sudden changes in location, repeated failed authentication attempts, or suspicious timing of transactions. These intelligent systems can:

      • Identify potential impersonation or spoofing attempts

      • Alert users and administrators to suspicious activity

      • Temporarily block transactions pending secondary verification

      This would act as a dynamic fraud prevention layer, evolving with new types of cyber threats.

   2. Blockchain Integration for Immutable Transaction Logs Future iterations of NetraPay can leverage blockchain technology to store tamper-proof records of all transactions and identity verifications. Blockchain would:

      • Ensure full transparency and accountability

      • Enable independent auditing of welfare schemes and ATM logs

      • Prevent modification of transaction histories or system- level fraud

      This would be especially useful in public distribution systems and subsidy monitoring, where fund leakage is a recurring concern.

   3. Facial Recognition as a Backup Biometric

      While iris recognition is highly accurate, integrating facial recognition as an alternative or backup biometric will:

      • Improve usability in cases of eye injury or scanner malfunction

      • Enhance accessibility for people with eye-related disabilities

      • Offer multi-modal biometric authentication for even stronger security

      Facial recognition could also work in low-light or mobile environments where fixed iris scanners are not feasible.

   4. GPS and Location-Aware Authentication

      Combining biometric authentication with GPS-based location tagging would add an additional security layer, especially for:

      • ATM transactions

      • Subsidy withdrawals in fixed areas (e.g., ration shops)

      • Government transport verification (e.g., MSRTC bus routes)

      If a transaction is attempted in an unusual location, the system can trigger a location-based fraud alert or require additional verification.

   5. Integration with International Biometric Databases

      For scalability and cross-border digital identity verification, NetraPay could integrate with global Aadhaar-like frameworks or international biometric databases. This could enable:

      • Secure remittances and identity verification for NRIs

      • Biometric travel passes or ticketing for international transport

      • A universal ID system compliant with global security standards

   6. Tamper Detection in Hardware Devices

      In addition to software improvements, future versions of NetraPay can include physical tamper-detection mechanisms in its hardware components. Any unauthorized opening or manipulation of the device (e.g., iris scanner, keypad, or microcontroller) can:

      • Trigger an automatic system lockdown

      • Send alerts to nearby security personnel or administrators

      • Record and transmit tampering attempts to a central monitoring server

      This will help protect on-site installations (e.g., in ATMs or rural kiosks) from physical fraud attempts.

   7. Voice Assistance and Multilingual UI

      To support low-literacy populations, especially in rural India, NetraPay can implement:

      • Voice-based instructions in regional languages

      • Text-to-speech guidance for PIN entry and transaction results

      • A multilingual UI for easy navigation, ensuring inclusivity and minimizing user error

7. CONCLUSION

   The emergence of digital financial systems has revolutionized the way transactions are carried out, but it has also introduced new challenges in terms of user authentication, fraud prevention, and financial inclusivity. NetraPay addresses these challenges by offering a secure, Aadhaar-integrated digital payment solution that leverages iris recognition technology along with a user-defined PIN system. This dual-factor biometric approach not only enhances the security of digital transactions but also simplifies the user experience by removing dependency on physical ards or mobile OTPs.

   By integrating UIDAIs robust verification framework with embedded systems like microcontrollers and iris scanners, NetraPay establishes a strong and reliable payment authentication ecosystem. Its potential applications in ATMs, retail shops, online purchases, and government subsidy disbursements demonstrate the wide-scale impact it can have on Indias financial landscapeespecially in rural or low- literacy populations where traditional banking access remains limited.

   Furthermore, NetraPay ensures user accountability and reduces risks of identity theft and financial fraud by relying on unique physiological traits. Its future scalability includes incorporation of AI for fraud detection, integration with GPS

   for location-based verification, and possible adaptation to other biometric methods like facial recognition.

   In conclusion, NetraPay stands as a forward-looking innovation that bridges the gap between secure digital payment systems and inclusive financial access. With support from regulatory bodies and technology stakeholders, it has the potential to become a cornerstone of Indias digital economy, offering a reliable, accessible, and fraud-resistant payment infrastructure for all citizens.

8. REFERENCES

1. UIDAI Official Website https://uidai.gov.in

2. RBI Guidelines on Biometric Authentication https://www.rbi.org.in

3. IRJET Author Guidelines https://www.irjet.net

4. Arduino and Biometric Security https://www.arduino.cc

5. Biometric Payment Trends https://biometricupdate.com

6. Aadhaar Act 2016 https://legislative.gov.in

BIOGRAPHIES

Aniket Dattatray Shelke is currently pursuing a Bachelor of Technology (B.Tech) in Electronics and Telecommunication Engineering at the Department of Technology, Shivaji University, Kolhapur. He has a deep interest in biometric security systems, digital payments, and embedded technology. His passion for innovative solutions that address real-world problems led to the development of NetraPay, a secure Aadhaar-based iris and PIN-enabled payment system.