HYDERABAD: Airtel users beware! According to a security researcher, when one makes an online payment through the Airtel website, the details of their credit or debit card can be at the risk of a leak, leading to a possible unwarranted transaction. The company is currently working on deploying a fix for the same.
Security researcher Rajshekhar Rajaharia discovered that the issue happens when an Airtel user saves their debit/credit card details for quick payment, and in the future, chooses to forego their number. When Airtel reassigns the same number to another user, the new user can view your card details while making an e-transaction. Rajaharia, who posted a series of videos on his Twitter page, said, “Anyone can use your credit or debit card to make payments, and that too without an OTP or two-factor authentication.” Rajaharia stumbled upon the issue when he found that his own number belonged to a person named Harminder earlier, and that Harminder’s debit/credit card details were already saved in the Airtel recharging website.
“I had never added the card details in the payment option of my Airtel account. When I expanded the details of the card, I saw that it was saved in the name of one Harminder,” he said. The app Truecaller further supported his claims when he searched for his number. The app confirmed that his number belonged to the same Harminder before. But just having the card details is not enough to make any online transaction. One needs to go through verification processes. However in this case, Airtel’s quick pay mechanism has allowed the users to bypass this ‘inconvenience’.
The researcher later took down his videos saying, “Airtel responded. Temporarily taking down the video related to critical vulnerability in payment system of Airtel. They are working on deploying a fix for the issues.”