Hackers steal Rs 7.3 cr in 831 transactions over three months at Razorpay


Online payment gateway Razorpay said hackers stole Rs 7.3 crore from funds over a three-month period and 831 transactions.

The fraud came to the company’s attention during an audit it performed for its transaction. A Razorpay spokesperson said in a statement: “During a routine checkout process, one or more unauthorized actors with malicious intent used the browser to tamper with authorization data on a few merchant sites that were using an older version of the Razorpay integration, due to deficiencies in their payment verification process.No end consumers, merchant data or merchant funds were affected by this incident.

According to media reports, the hacker manipulated the gateway’s authorization process to authenticate 831 transactions. “Razorpay has taken proactive steps to permanently mitigate the issue and eliminate future occurrences. The company has already recovered a portion of the amount and is proactively working with the relevant authorities for the remainder of the process,” the carrier said. word of Razorpay.

Hackers attacking banks and financial institutions for data breach and data theft is a well-known trend, but the Razorpay incident might be the first among payment gateway players.

The only other hacking incident where money was stolen from a bank was in 2016 when Union Bank of India lost $171 million to hackers. The hackers had used SWIFT to swindle money.

Some of the other well-known breaches include Mobikwik in 2021, when the data of over 3 million users was hacked. But data breach or hacking of systems to obtain customer data like KYC or passwords is very common. Hacking to steal money directly from financial institutions is still very rare.

Cybercrime and cyberattacks have increased exponentially since 2020. According to the Ministry of Electronics and Information Technology (Meity), between 2018 and 2021, the number of cybercrime and fraud incidents increased fivefold.

As far as the financial sector is concerned, threat levels have increased significantly. For example, the total number of online banking malware detected by Trend Micro in India is 4497, in the first half of 2021.

According to Kaspersky’s Threat Predictions for 2022, “We are likely to see the growth of attacks against payment systems and more advanced mobile threats.”

The pandemic has boosted mobile banking, which has also become more mature. Kaspersky experts expect more mobile banking Trojans for the Android platform, especially RATs capable of bypassing the security means adopted by banks (such as OTP and MFA). Local and regional Android implant projects will move around the world, exporting attacks to Western Europe and other countries around the world.

Dear reader,

Business Standard has always endeavored to provide up-to-date information and commentary on developments that matter to you and that have wider political and economic implications for the country and the world. Your constant encouragement and feedback on how to improve our offering has only strengthened our resolve and commitment to these ideals. Even in these challenging times stemming from Covid-19, we remain committed to keeping you informed and updated with credible news, authoritative opinions and incisive commentary on relevant topical issues.
However, we have a request.

As we battle the economic impact of the pandemic, we need your support even more so that we can continue to bring you more great content. Our subscription model has received an encouraging response from many of you who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of bringing you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practice the journalism we are committed to.

Support quality journalism and subscribe to Business Standard.

digital editor


Comments are closed.