A cab driver from Mumbai and a Delhi couple allegedly orchestrated a widespread tax-linked financial fraud which is still being unravelled by multiple agencies — from the I-T department and GST authorities to the Intelligence Bureau and local police — in different states.

From a rundown office in West Delhi, the trio — Deepak Murjani, an ex-employee with a Delhi-based FMCG company, his wife Vinita, and an out-of-work Mumbai cabbie Yasin Sheikh —stole PAN data, forged Aadhaar identification, and then linked phone numbers, to create GST registrations for shell firms, exploiting a chink in the GST system. This loophole, which a few tax authorities had some understanding about, allows GST registrations to go through even if only first names on PAN and Aadhaar are identical and full names aren’t.

The Noida police found that the trio had PAN data for over 6 lakh people, and had already created over 3,000 fake GST registrations. So far, the police have made 18 arrests. Given the rising instances of such frauds, the GST Council in its meeting on Tuesday discussed steps to curb frauds including measures to tighten registrations, more use of third-party data for risk management and controlling flow of fake input tax credit down the supply chain.

The shell firms and fake GST registrations created by the trio are now suspected to have been sold in almost 20 states, and allegedly used to claim input tax credit on GST. “The GST authorities along with local police are trying to gather the full scale of input credit scam,” said a police officer. Input tax credit is a refund paid by the government for tax already paid on the value added along the production/ services chain.

Also Read | Unemployed Bulandshahr man gets GST notice for ‘2.5-crore turnover’ companies

The fraud was first identified in May this year after an individual complained with the Noida police about identity theft and fake GST registrations in his name. Investigation into the case has now spread wide with intelligence and law enforcement agencies looking into the national security angle as well, and at least two Union ministries (Finance and Home Affairs) reviewing the linkage of mobile to Aadhaar number, and its misuse for registration of fake companies using forged documents.

When contacted about the misuse of Aadhaar, UIDAI, the authority for Aadhaar, told The Indian Express there has been no breach in its database. “UIDAI has robust security for Aadhaar data held by it and there has been no breach of its Aadhaar database. As a public authority, UIDAI extends necessary cooperation in a lawful manner to ongoing investigations by relevant authorities and law enforcement agencies. To enable Aadhaar-using entities to protect themselves against fraud, UIDAI offers biometric authentication services to requesting entities, through which they may establish the identity of any individual purporting to be an Aadhaar holder,” the authority said, responding to a query.

Queries sent to the Ministry of Finance, Ministry of Home Affairs, Central Board of Direct Taxes and Central Board of Indirect Taxes and Customs (CBIC) went unanswered.

The modus operandi

Advertisement

In the Noida case, the trio allegedly procured a database of PAN numbers from local search portals. “They had a PAN database and then would make supporting fake documents like electricity bills and rent agreements to show ownership of the place at a specific address. For some, they would change the photo in PAN and take the same photo and change it in the fake Aadhaar document. The registrations would take place on the basis of fudged data as only first names were matched,” Shakti Mohan Avasthy, Additional DCP, Noida told The Indian Express.

The GST registrations were taking place by making use of a systemic flaw — matching of first names in PAN with Aadhaar, just on a first-name basis. “This was the most surprising element as this bit of name matching being done only on a first name basis or near approximation basis (at the time of GST registration) was known only to a few among the tax authorities,” a revenue department official said. The fake registration data is now being probed by income tax authorities for any possible evasion on the direct taxes front, the official said.

That the fraud had multi-state dimensions became evident when the database of the seized fake registrations procured from the accused in the Noida case and shared with other GST authorities, became the lead source of information for a fraud case unearthed in Gurugram. For subsequent investigations in Gurugram and Delhi, intelligence agencies and police are also probing SIM operators who issued the mobile numbers for such fake registrations.

Advertisement

“There are SIM cards, so agencies have tried to find out where the SIM cards have been issued from. Mobile numbers have been changed in Aadhaar, which are now being seen as one of the biggest risks. It is a learning experience for authorities since Aadhaar-based OTP is being used for various measures such as, the income tax verification, e-sign, EPFO etc. There have been cases when courier agents have come claiming to deliver a package and asked for OTP, but instead that OTP is for mobile number change in Aadhaar. Many have not even come to know that their number linked to Aadhaar has been changed,” a government official involved in the probe said.

In earlier such frauds, fake registrations were restricted to regions where the frauds originated. But, in the Noida case, registrations were traced to over 20 states, including Telangana, Bihar and Assam, the official said.

The numbers so far

The Noida fraud and loss of revenue due to false input tax credit claims is part of a larger tax evasion racket against which field tax officials launched a drive two months ago. In this drive, over 70,000 suspected firms were identified for physical verification by the field officials of GST.

“Of this, we have been able to verify the 60,000 of them and about 17,000 were found to be bogus against which action has been taken. Roughly around Rs 17,000 crore of tax is suspected to have been evaded by these firms,” Revenue Secretary Sanjay Malhotra said.

The highest rate of such fraud cases has been in north India spread across Delhi, Haryana, Uttar Pradesh and Rajasthan. In Delhi, Pitampura and Rohini have turned out to be active hubs for such fake registrations. Other states have also seen similar such cases including Gujarat, West Bengal, Assam, Telangana, Tamil Nadu and Maharashtra.

Advertisement

The zonal units of Directorate General of GST Intelligence (DGGI) have recently unearthed several fraud cases with the most recent one involving tax fraud of Rs 175 crore in Chennai. Last month, the Gurugram zonal unit had busted an input tax credit racket involving 461 shell companies.

Remedial measures

GST authorities plan to introduce biometric authentication and geo-tagging for both existing and new registrants for risky entities. A pilot on biometric authentication and geo-tagging is underway in a couple of states/UTs including Gujarat and Puducherry. Behaviour of new entrants is being monitored closely, with special focus on their income tax footprint and any history of past tax payments.

CBIC Chairman Vivek Johri after the Council meeting said some legal changes have been proposed to take care of bogus billing and fake invoicing. “…one is to tighten the registration process further so that we can eliminate the possibility of bogus firms being registered under GST. One of the requirements that has now been stipulated is that valid bank account details of the person who is seeking registration needs to be provided. In case they are not provided, the registration can be automatically revoked or suspended. Even if Aadhaar has been authenticated, physical verification can be resorted to in case there are reasons to believe that the unit is suspicious…also, when we are doing physical verification, the presence of the applicant will not be mandatory,” he said.