STOCK MARKET BSE NSE

Online transactions through Airtel website might put your data at risk

Security researcher Rajshekhar Rajaharia discovered that the issue happens when an Airtel user saves their debit/credit card details for quick payment, and in the future, chooses to forego their numbe

Published: 23rd April 2019 08:01 AM  |   Last Updated: 23rd April 2019 08:01 AM   |  A+A-

Bharti Airtel

For representational purposes (File | Reuters)

Express News Service

HYDERABAD: Airtel users beware! According to a security researcher, when one makes an online payment through the Airtel website, the details of their credit or debit card can be at the risk of a leak, leading to a possible unwarranted transaction. The company is currently working on deploying a fix for the same.

Security researcher Rajshekhar Rajaharia discovered that the issue happens when an Airtel user saves their debit/credit card details for quick payment, and in the future, chooses to forego their number. When Airtel reassigns the same number to another user, the new user can view your card details while making an e-transaction. Rajaharia, who posted a series of videos on his Twitter page, said, “Anyone can use your credit or debit card to make payments, and that too without an OTP or two-factor authentication.” Rajaharia stumbled upon the issue when he found that his own number belonged to a person named Harminder earlier, and that Harminder’s debit/credit card details were already saved in the Airtel recharging website.

“I had never added the card details in the payment option of my Airtel account. When I expanded the details of the card, I saw that it was saved in the name of one Harminder,” he said. The app  Truecaller further supported his claims when he searched for his number. The app confirmed that his number belonged to the same Harminder before. But just having the card details is not enough to make any online transaction. One needs to go through verification processes. However in this case, Airtel’s quick pay mechanism has allowed the users to bypass this ‘inconvenience’.

The researcher later took down his videos saying, “Airtel responded. Temporarily taking down the video related to critical vulnerability in payment system of Airtel. They are working on deploying a fix for the issues.”



Comments(1)

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

  • Sudhir Venkatesh

    Fake news
    2 years ago reply
flipboard facebook twitter whatsapp