Hackers, fraudulent customers steal Rs 7.38 crore from payment gateway firm Razorpay


PTI, May 21, 2022, 9:57 AM IST

Bengaluru: Hackers and fraudulent customers have stolen Rs 7.38 crore by tampering and manipulating the authorization process of Razorpay Software to authenticate 831 failed transactions, according to a police complaint lodged by the payment gateway company.

In his complaint to the South East Cyber Crime Cell lodged on May 16, Razorpay’s Head of Legal Disputes and Law Enforcement Abhishek Abhinav Anand said the company was unable to reconcile receipt of Rs 7.38 crore against 831 transactions.

On contacting its ‘authorization and authentication partner’ Fiserv, a fintech and payments company, it was communicated to Razorpay that these transactions had failed and were not authorized or authenticated, the complainant said.

Following the communication from Fiserv, Razorpay conducted an internal investigation and found out 831 transactions against 16 unique merchants of Razorpay, from March 6 to May 13 this year ”to a tune of Rs 7,38,36,192”, the complainant said.

”These 831 transactions were marked as failed or unsuccessful by Fiserv, owing to authentication and authorization failure. However, it is found out that certain unknown hackers and fraudulent customers have tampered, altered, and manipulated the ‘authorization and authentication process’…,” Anand said in his complaint.

”Due to this, false altered communications as ‘approved’ were sent to Razorpay system against the 831 transactions, resulting in losses to a tune of Rs 7,38,36,192 to Razorpay,” Anand further said.

On receiving the false altered communications, Razorpay further sent a confirmation to their merchants for the fulfillment of the order and made settlements to its merchant, he stated.

In this connection, Anand furnished the details of the fraudulent transactions along with the date, time, IP address, and other relevant details to the police for inquiry.

The police said they are investigating the matter.

Meanwhile, Razorpay said its payment gateway is at par with the industry standards on data security.

”During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process,” the company spokesperson said in a statement.

”The company has conducted an audit of the platform to ensure no other systems, no merchant data and funds and neither their end-consumers were affected by this incident,” the statement read.

He said the company is ISO 27k, PCI-DSS, and SOC 2 compliant, which applies end-to-end transaction data security features, combined with strong authentication and authorization protocols to protect businesses from potential threats.

”Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process,” the statement further said.

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Maharashtra polls: BJP rebel withdraws nomination from Udgir in support of NCP candidate

No one should be displaced over Waqf land issue in Kerala’s Munambam, says CPI

Non-performance of batters is worrying, we will strive to do something special in Australia: Rohit

K-Rail can be implemented if technical issues in design addressed, says Centre

Naxalism will be wiped out from country by March 2026: Home Minister Amit Shah

How biscuits played an unconventional yet key role in anti-terror operation in Srinagar

Koderma stone industry to be revived with Rs 500 cr special package: Shah

Related Articles More

BJP MLA Yatnal calls for indefinite protest against illegal waqf property entries

Udupi: DC clears confusion over ‘Sultanpur’ mention in Dishank App

Accident claims life of biker near Thekkatte

Subrahmanya: Youth assaulted for texting female student

Kadaba: ‘Notion that only English-medium education leads to success is misleading’

MUST WATCH

Gho Pooja in Deepavali Festival

Melukote Deepavali

Ganapathi Co-operative Society Ltd

Udayavani Chinnara Banna 2024

Annapoorna Aahar | Food Places In Mysore


Latest Additions

Maharashtra polls: BJP rebel withdraws nomination from Udgir in support of NCP candidate

Tom Holland says he Googles partner Zendaya ‘to see if everything’s good’

No one should be displaced over Waqf land issue in Kerala’s Munambam, says CPI

India and China made ‘some progress’ in disengagement, says EAM S Jaishankar

Non-performance of batters is worrying, we will strive to do something special in Australia: Rohit

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.