An engineering graduate who managed to buy high-end products worth over Rs. 18 lakh from a well-known shopping website by not paying more than Rs. 20 has intrigued cyber sleuths in the city.
Terming the fraud sheer computer brilliance, the cyber crime team of the Central Crime Branch is now studying the modus operandi employed by the youth to crack similar cases in the future.
The 21-year-old, native of Delhi who completed computer engineering from an institute in Chennai in 2012, carried out the fraud for nearly six months by intercepting the payment gateway of the shopping portal.
Elaborating on the fraud, a city-based online risk and fraud expert said the youngster had developed a structured query language (SQL) injection software to carry out the fraud.
The SQL software changed the code on the portal at two levels — once, when the transaction was in process, and next, after the payment was made.
“The code basically removed some digits from the actual price and after payment, presented the original price on the merchant website. So, he would pay just Re. 1 or a few paise for the product but the site would show the exact figure had been remitted,” the expert said.
Since, the transaction is credit-based, the products are shipped as soon as the transaction is completed but the payment would be credited to the seller’s account only after a few days.
“The owners of some e-commerce websites do not check the money credited to their accounts regularly. It was only after a tally of individual transactions over months showed payments as little as Re. 1 and Rs. 2, the site managers realised they had been duped,” said an officer who investigated the case.
Representatives of the shopping portal approached the city police after they realised many of their products, including mobile phones, laptops, clothes and other accessories, had been bought for a song.
The cyber crime team managed to track the youth with the credit card details he had provided for the online transactions. He was arrested and produced in court. His family allegedly paid Rs. 18 lakh to the shopping portal to settle dues.
Investigators are now studying the case to learn more about the software that enabled wrong payments to be made without detection.
According to the police, the youth is well-versed with hacking and had tried his luck on a handful of shopping websites but was not successful.
According to the online security expert, such fraud is possible only on e-commerce sites that have weak security systems in place and lack regular monitoring of payments.
