CoWin Portal Fraudulent Use of Mobile Number

 

CoWin Portal User Issues (<a href='https://www.freepik.com/vectors/doctor'>Doctor vector created by freepik - www.freepik.com</a>)

CoWin Portal User Issues

CoWin Portal Fraudulent Use of Mobile Number

CoWin portal used by millions of Indians is a simple and easy to use platform. However, this simplicity comes with own set of problems. However, my experience is slightly different. In this post I have penned my experience when an unknown person fraudulently used my mobile number to register on CoWin portal.

On 07 Apr 21, I was surprised to read an email received from CoWin portal. The email said that Yashwanta Haridash Patil has been successfully vaccinated.

Firstly, I thought it is just a wrong delivery of SMS. But when I logged into CoWin portal I was shocked to see that some Mr Yashwanta Haridash Patil has not only created a profile using my mobile number but also scheduled an appointment and get himself vaccinated with first dose.

CoWin SMS Dated 07 April 2021

CoWin SMS Dated 07 April 2021

CoWin Registration Issue Tweet

Upon receiving SMS from CoWin mentioning successful vaccination of unknown person I immediately reached out to my mobile operator Vodafone - Idea and also Ministry of Health and Family Welfare. I even tagged Dr. Hash Vardhan anticipating that some attention would be paid to this issue.

Unknown Person COVID Vaccination Certificate

Even though don't know this person and I have nothing to do with him. His vaccination details and certificate is accessible to me.
Unknown Person COVID Vaccination Certificate

Unknown Person COVID Vaccination Certificate

Registration Details of Unknown Person

Mr Patil has used my Vodafone - Idea number ending 3008 to register on CoWin portal. I have thoroughly checked all SMS received on this number there is no registration OTP. So, to which mobile number this OTP was delivered. If, the OTP was not delivered to me then it must have been delivered to Patil's number but technically that is not possible. In all posibilited Patil registered on this platform without any OTP
Unknown Person COVID Portal Registration Details

Unknown Person COVID Portal Registration Details



CoWin Issue and Vodafone - Idea Response

The response from Vodafone was not welcoming at all. They immediately refused to accept that there is any thing wrong with my SIM or if my SIM is cloned. In fact they assumed that Mr. Patil is my relative and I have added him to the portal using my mobile number. 

Vodafone has failed to answer the following queries 

  1. When I receive all SMS from CoWin portal then why didn't I receive the first SMS that delivered the registration OTP. This also means that the first SMS was delivered to some other number which happens to be Mr Patils number or he bypassed this process all together.
  2. Mr Patil is based in Nagpur or he took the first dose in Nagpur he has also used his Aadhar card for registration. My sim is being used in a location that is 800 Kms away from Nagpur. How can one SMS be delivered in Nagpur and there after all subsequent SMS are being delivered in a location 800 Kms away.
After numerous tele conversations with their customer care and repeated email exchanges Vodafone - Idea could even respond to my queries. 

Finally I stopped communicating with them.

CoWin Helpline Issues

I even followed it up with CoWin helpline but surprisingly I did not even get through. CoWin portal does not have a dedicated email id for support where a user can reach out with all the supporting facts. Because CoWin portal does not have a support process I even tagged my tweets to Aarogya Setu twitter handle hoping to receive attention on this issue. But here again I did not receive any response.


COVID Vaccination Details

In my tweet to Ministry of Health and Family Welfare i also raised some other pertinent points.

  1. How did this person create an account without entering the registration OTP?
  2. This person has also used is Aadhar card as identification document while registration that means he has spend some time on the portal and not created a profile by mistake.
  3. His certificate is available for download but his appointment details are not available. This indicates that he must have walked into any health center for vaccination with out any appointment. 
  4. But after receiving the first dose one has to specify the mobile number again. Once again this person indicated my mobile number. This means that he was fully aware which number he used to register and at the last step he used the same number to complete the vaccination process.
  5. Even if everything has happened by mistake then I should have the rights to delete this persons data from my login. Because he is someone whom i do not know and is not related to me in anyway.
  6. Mr Patil has unauthorizedly used my mobile number to get vaccinated and there should not be link between his name and my personal data.

CoWin Portal Sign Up Using Mobile Number

Signing up to CoWin portal is very simple but looks like it is not flawless. If sign up is not possible without entry of OTP then how did this person receive the first OTP essentially required for sign up.

How did this gentleman complete the registration process is beyond my understanding. Because, apart from the first SMS thereafter I have received all SMS from this portal. Very surprising isn't it?

Conclusion

Now, all above 18+ years of age can get vaccinated. Due to this such fraudulent use of CoWin portal may become more rampant. Since this platform allows spurious use of someone else's mobile number to register, schedule and get vaccinated, this process should be made more robust. 

I hope those who have designed this platform make note of this issue and take remedial actions immediately. Else, we will be in another mess of data breach. and fraud.

Further, CoWin portal should have a feedback or contact email id where in users can submit their issues. 

I do not think that implementing any of the above changes should be a herculean task for Government of India, Ministry of Health and Family Welfare.


No comments