STOCK MARKET BSE NSE

Hackers, fraudulent customers steal Rs 7.38 crore from payment gateway firm Razorpay

Razorpay conducted an internal investigation and found 831 transactions against 16 unique merchants of Razorpay, from March 6 to May 13 this year.

Published: 20th May 2022 07:12 PM  |   Last Updated: 21st May 2022 12:32 AM   |  A+A-

online fraud, cybercrime

Image used for representational purpose only. (File Photo)

By PTI

BENGALURU: Hackers and fraudulent customers have stolen Rs 7.38 crore by tampering and manipulating the authorisation process of Razorpay Software to authenticate 831 failed transactions, according to a police complaint lodged by the payment gateway company.

In his complaint to the South East Cyber Crime Cell lodged on May 16, Razorpay's Head of Legal Disputes and Law Enforcement Abhishek Abhinav Anand said the company was unable to reconcile receipt of Rs 7.38 crore against 831 transactions.

On contacting its 'authorisation and authentication partner' Fiserv, a fintech and payments company, it was communicated to Razorpay that these transactions had failed and were not authorised or authenticated, the complainant said.

Following the communication from Fiserv, Razorpay conducted an internal investigation and found out 831 transactions against 16 unique merchants of Razorpay, from March 6 to May 13 this year "to a tune of Rs 7,38,36,192", the complainant said.

"These 831 transactions were marked as failed or unsuccessful by Fiserv, owing to authentication and authorization failure. However, it is found out that certain unknown hackers and fraudulent customers have tampered, altered and manipulated the 'authorization and authentication process'," Anand said in his complaint.

"Due to this, false altered communications as 'approved' were sent to Razorpay system against the 831 transactions, resulting in losses to a tune of Rs 7,38,36,192 to Razorpay," Anand further said.

On receiving the false altered communications, Razorpay further sent confirmation to their merchants for fulfillment of order and made settlements to its merchant, he stated.

In this connection, Anand furnished the details of the fraudulent transactions along with date time and IP address, along with other relevant details to the police for inquiry.

The police said they are investigating the matter.

Meanwhile, the Razorpay said its payment gateway is at par with the industry standards on data security.

"During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites which were using an older version of Razorpay's integration, due to gaps in their payment verification process," the company spokesperson said in a statement.

"The company has conducted an audit of the platform to ensure no other systems, no merchant data and funds and neither their end-consumers were affected by this incident," the statement read.

He said the company is ISO 27k, PCI-DSS and SOC 2 compliant, which applies end-to-end transaction data security features, combined with strong authentication and authorisation protocols to protect businesses from potential threats.

"Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process," the statement further said.



Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp