Razorpay Payment Gateway hack: 831 failed transactions and hackers blew 7.38 crores

Razorpay Payment Gateway hack

Razorpay Gateway Online fraud: Abhinav Anand, Legal Head of online payment gateway company Razorpay said, ‘The company has suffered a huge loss due to the theft of Rs 7.38 crore through 831 failed transactions.’ Razorpay Payment Gateway Hack, A sensational case of theft of Rs 7.38 crore from customers has come to light by hacking the software of payment gateway company Razorpay. According to company officials, the hackers carried out this fraud through 831 failed transactions. The company said that this incident was carried out between March 6 to May 13 this year.

Tampering with the authorization process

In the complaint filed by Razorpay with the police, it has been said that this injury has been caused to its customers by tampering and manipulating the authorization process of Razorpay software to authenticate 831 failed transactions of the payment gateway. The in-charge of the Legal Disputes Department of Razorpay has told in the complaint given to the Cyber ​​Crime Cell of the police that his company could not reconcile these 831 transactions of 7.38 crores and did not even get their receipt.

Razorpay Payment Gateway hack, revealed like this

At the same time, the complainant company Razorpay said that on contacting ‘Authorization and Authentication Partner’ Fiserv in this matter, they were told that all these transactions had failed and were not authorized in any way. After getting information from Fiserv, Razorpay conducted an internal investigation into the matter and the police was informed after confirming the fraud with the company from March 6 to May 13 this year.

Big blow to the company

The company’s legal officer Abhishek Abhinav Anand also said, ‘In our investigation it has been found that due to the way unknown hackers tampered with the authorization process, all these 831 transactions have been registered as ‘approved’ cell against fake communication Razorpay. were sent to the system and in this way the company lost more than 7 crore 38 lakhs.

Hackers and fraudulent customers have stolen ₹ 7.38 crore by tampering and manipulating the authorisation process of Razorpay Software to authenticate 831 failed transactions, according to a police complaint lodged by the payment gateway company.

In his complaint to the South East Cyber Crime Cell lodged on May 16, Razorpay’s Head of Legal Disputes and Legislation Enforcement Abhishek Abhinav Anand said the corporate was unable to reconcile receipt of ₹ 7.38 crore towards 831 transactions.

On contacting its ‘authorisation and authentication companion’ Fiserv, a fintech and payments company, it was communicated to Razorpay that these transactions had failed and weren’t authorised or authenticated, the complainant stated.

Following the communication from Fiserv, Razorpay carried out an inside investigation and discovered 831 transactions towards 16 distinctive retailers of Razorpay, from March 6 to Could 13 this 12 months “to a tune of ₹ 7,38,36,192”, the complainant said.

“These 831 transactions have been marked as failed or unsuccessful by Fiserv, owing to authentication and authorization failure. However, it’s found out that certain unknown hackers and fraudulent prospects have tampered, altered and manipulated the ‘authorization and authentication process’…,” Mr Anand said in his complaint.

Razorpay Payment Gateway hack, “Attributable to this, false altered communications as ‘authorised’ have been despatched to Razorpay system towards the 831 transactions, leading to losses to a tune of ₹ 7,38,36,192 to Razorpay,” Mr Anand additional mentioned.

On receiving the false altered communications, Razorpay additional sent affirmation to their merchants for success of order and made settlements to its merchant, he stated.

On this connection, Anand furnished the details of the fraudulent transactions together with date time and IP address, together with other relevant details to the police for inquiry.

The police mentioned they’re investigating the matter

In the meantime, the Razorpay mentioned its payment gateway is at par with the business standards on data security.

“Throughout a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on just a few merchant websites which have been utilizing an older model of Razorpay’s integration, as a result of gaps of their cost verification course of,” the corporate spokesperson mentioned in an announcement.

“The corporate has carried out an audit of the platform to make sure no different programs, no merchant data and funds and neither their end-consumers have been affected by this incident,” the assertion learn.

He mentioned the corporate is ISO 27k, PCI-DSS and SOC 2 compliant, which applies end-to-end transaction data security features, combined with strong authentication and authorisation protocols to protect businesses from potential threats.

“Razorpay has proactively taken steps to mitigate the issue permanently and eradicate future occurrences. The corporate has already recovered a part of the amount and is proactively working with the relevant authorities for the rest of the process,” the assertion additional mentioned.

Paytm Payment Gateway – 0% Fee on UPI and Rupay card

Massive Rise In Cyber Crimes Between 2018 and 2021

Between 2018 and 2021, there was an over five-fold jump in the number of cybercrime and fraud incidents recorded by the government, as informed by the ministry of electronics and information technology (Meity) to a parliamentary panel.

Basically, the number of incidents rose from 208,456 in 2018 to 1,402,809 in 2021, as per the Data available with the Indian Computer Emergency Response Team (Cert-In). 

Indian Computer Emergency Response Team is the government agency for computer security. 

So far, 212,485 such cases have been recorded in the first two months of 2022.

How To Fight Cyber Crimes?

The Union home ministry has trained more than 7,500 police officials to combat some of these problems along with  improving awareness of safe cyber practices. The ministry has informed the panel that the country’s response to such rising cybersecurity incidents has improved, as per an unnamed study.

Further adding, “India was ranked among the top 10 countries out of 193 countries in cyber security posture for the year 2020. India jumped from the 47th position in 2018 to 10th position in 2020.”

Apart from this, Meity has rolled out additional factor authentication for government employees to protect their official accounts.

Ola-Uber has to improve their services amid rising complaints otherwise, strict action can be taken by Government!